AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/29/2022

Stealthy hackers target military and weapons contractors in recent attack

Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The highly targeted attacks begin with a phishing email sent to employees, leading to a multi-stage infection involving many persistence and detection avoidance systems. The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell stagers.


Auth0 warns that some source code repos may have been stolen

Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a “security event” involving some of its code repositories. Auth0’s authentication platform is used to authenticate over 42 million logins each day by more than 2,000 enterprise customers from 30 countries, including the likes of AMD, Siemens, Pfizer, Mazda, and Subaru. As the company revealed in a blog post on Monday, multiple code repository archives from 2020 and earlier (pre-dating Okta’s February 2022 acquisition) were obtained by unknown means from its environment.


Never-before-seen malware has infected hundreds of Linux and Windows devices

Researchers have revealed a never-before-seen piece of cross-platform malware that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers. Black Lotus Labs, the research arm of security firm Lumen, is calling the malware Chaos, a word that repeatedly appears in function names, certificates, and file names it uses. Chaos emerged no later than April 16, when the first cluster of control servers went live in the wild. From June through mid-July, researchers found hundreds of unique IP addresses representing compromised Chaos devices. Staging servers used to infect new devices have mushroomed in recent months, growing from 39 in May to 93 in August. As of Tuesday, the number reached 111.


Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. “Key activities are data leaking and selling, including officials’ phone numbers and emails, and maps of sensitive locations,” Israeli cybersecurity firm Check Point said in a new report. The company said it has also witnessed sharing of proxies and open VPN servers to get around censorship and reports on the internet status in the country, with one group helping the anti-government demonstrators access social media sites.


Amazon dominates the $113 billion smart home market — here’s how it uses the data it collects

Since Amazon introduced the Echo smart speaker in 2014, it’s remained the biggest and fastest-growing player in the smart home market. Its most recent expansion includes four new Echo devices, a new Fire TV, two new Ring cameras with features like radar-triggered motion detection, and the Halo Rise contactless bedside sleep tracker that can sense your breathing and movement to determine sleep stages. The new devices were all introduced Wednesday at Amazon’s annual smart home event. Last month, Amazon made moves to enter a new segment of the smart home, with a $1.7 billion offer to buy iRobot, the maker of the smart Roomba vacuum. Now, the Federal Trade Commission is requesting more information from both iRobot and Amazon before deciding whether to approve the deal.

Related Posts