AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/17/2021

Anonymous leaks gigabytes of data from alt-right web host Epik

Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.” Anonymous says the data set is “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.” If this information is correct, Epik’s customers’ data and identities could now fall into the hands of activists, researchers, and just about anyone curious enough to take a peek.


New cryptocurrency malware goes to great lengths to target WordPress servers

A new strain of cryptomining malware has been spotted in cyberattacks against WordPress installations. Cybersecurity researchers at Akamai say the malware, dubbed Capoae, is written in the Go programming language, which has become popular with threat actors due to its ability to write easily reusable cross-platform code that runs across Windows 10, Linux, macOS and Android. Veteran vulnerability researcher Larry Cashdollar has shared details about Capoae, which is particularly interesting since it makes use of multiple vulnerabilities to gain a foothold in WordPress installations, and repurpose them discreetly to mine cryptocurrencies using the popular XMRig mining software. “Crypto Mining campaigns are continuing to evolve. The Capoae campaign’s use of multiple vulnerabilities and tactics highlights just how intent these operators are on getting a foothold on as many machines as possible,” notes Cashdollar.


Malware samples found trying to hack Windows from its Linux subsystem

Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples that were configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment. Researchers claim the samples are the first of their kind, albeit security experts have theorized as far back as 2017 that such attacks would be possible at one point. “Thus far, we have identified a limited number of samples with only one publicly routable IP address, indicating that this activity is quite limited in scope or potentially still in development,” the company said in research published today and shared with The Record. “Based on Black Lotus Labs visibility on the one routable IP address, this activity appeared to be narrow in scope with targets in Ecuador and France interacting with the malicious IP (185.63.90[.]137) on ephemeral ports between 39000 – 48000 in late June and early July,” the team added. Researchers believe the malware developer had tested the malware from behind a VPN or proxy node, citing the small number of connections made to that IP address, which hadn’t previously seen regular traffic flow.


FTC says health apps must notify consumers about data breaches — or face fines

The U.S. Federal Trade Commission (FTC) has warned apps and devices that collect personal health information must notify consumers if their data is breached or shared with third parties without their permission. In a 3-2 vote on Wednesday, the FTC agreed on a new policy statement to clarify a decade-old 2009 Health Breach Notification Rule, which requires companies handling health records to notify consumers if their data is accessed without permission, such as the result of a breach. This has now been extended to apply to health apps and devices — specifically calling out apps that track fertility data, fitness and blood glucose — which “too often fail to invest in adequate privacy and data security,” according to FTC chair Lina Khan. “Digital apps are routinely caught playing fast and loose with user data, leaving users’ sensitive health information susceptible to hacks and breaches,” said Khan in a statement, pointing to a study published this year in the British Medical Journal that found health apps suffer from “serious problems” ranging from the insecure transmission of user data to the unauthorized sharing of data with advertisers.


How to Keep Your Car’s Key Fob From Being Hacked

Someone recently broke into my car two nights in a row. The first time I figured it was a slip up on my end, and that I forgot to lock it after I got home. So I made a point of locking it and arming the alarm the next night, and yet someone was able to break in again. Luckily, nothing was stolen since there’s not much in the car, but of course it was still unsettling. No windows were smashed, either, so how the hell did someone manage to unlock the car without the keys? I figure since the car is new (we’ve only had it since April), it’s unlikely someone had a matching key. Then a quick glance through the neighborhood Facebook groups and Nextdoor feeds revealed I’m not alone; similar break-ins are happening all over town, and many suggest the culprit is hacking key fobs. So I did some checking and quickly discovered key fob hacking is totally a thing. There are many techniques, but the most common is called “signal boosting.”


AMC theaters will accept cryptocurrencies beyond Bitcoin

You won’t have to stick to Bitcoin if you’re determined to pay for your movie ticket with cryptocurrency. AMC chief Adam Aron has revealed his theater chain will also accept Ethereum, Litecoin and Bitcoin Cash when crypto payments are available. He didn’t have a narrower timeframe for digital currency payments beyond “year-end 2021.” Aron made the decision to accept cryptocurrency after the combination of the meme stock frenzy from earlier in 2021 as well as a turn on the board of a blockchain contractor. As you might guess, the CEO is betting tech fans will translate their enthusiasm for AMC stock to business at theaters. The prospect of using cryptocurrency is improving when companies like PayPal make it relatively easy to hold and use virtual money. The expanded options won’t change some of the practical challenges, however. Transaction fees can still be high, and numerous crypto formats tend to be volatile. The issue isn’t so much the risk to AMC as the potentially low demand — even committed crypto fans might find it too expensive.

Related Posts