AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/19/2022

Trojanized versions of PuTTY utility being used to spread backdoor

Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. The file was transmitted by a group Mandiant tracks as UNC4034. “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus,” company researchers wrote. “The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources.”

 

GPS jammers are being used to hijack trucks and down drones: How to stop them

Satellite navigation and tracking via GPS has become a critical link in the world’s rapidly growing logistics and freight carrying ecosystem. Companies use GPS to track trucks and keep them on time and their cargo secure.  Little wonder, then, that criminals are turning to cheap GPS jamming devices to ransack the cargo on roads and at sea, a problem that’s getting worse but may be ameliorated with a new generation of safety technology designed to overcome threats from jamming. In case you aren’t a master criminal or a secret agent, here’s some background. The core problem for any system using GPS is that the signals are extremely weak, an inevitable byproduct of the vast distances those signals need to travel.

 

Malvertising on Microsoft Edge’s News Feed pushes tech support scams

While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular interest to fraudsters. We have tracked and observed a malvertising campaign on the Microsoft Edge News Feed used to redirect victims to tech support scam pages. The scheme is simple and relies on threat actors inserting their advertisements on the Edge home page and trying to lure users with shocking or bizarre stories.

 

LastPass says hackers had internal access for four days

LastPass says the attacker behind the August security breach had internal access to the company’s systems for four days until they were detected and evicted. In an update to the security incident notification published last month, Lastpass’ CEO Karim Toubba also said that the company’s investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults. “Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” Toubba said.

 

Early Grand Theft Auto 6 footage reportedly leaks after major Rockstar hack

Rockstar Games appears to be the victim of a massive security breach, as a hacker reportedly stole at least 90 video clips from the company showing off an early build of Grand Theft Auto 6. The clips appear to have surfaced online late on Saturday night on GTAForums, a message board dedicated to the Grand Theft Auto series. A user named “teapotuberhacker” posted a folder containing 90 video clips, noting that the link contained “GTA 5 and 6 source code and assets, GTA 6 testing build.” The hacker notes that they may “leak more data soon,” indicating that this could just be the beginning of a much longer leak.

 

Chrome and Microsoft Edge’s enhanced spellcheckers can leak your passwords and personal data

In a blog post, the team of security researchers explains: “Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure”. There is the additional warning: If you click on ‘show password’, the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.

Related Posts