AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/29/2023

Divided oversight panel recommends new limits for Section 702 searches 

A key government oversight board is divided along partisan lines about placing new restrictions on a controversial foreign surveillance tool before it lapses at the end of the calendar year. The recommendations from the Privacy and Civil Liberties Oversight Board (PCLOB) could pose a new headache for the Biden administration, which desperately wants to renew the authority known as Section 702 of the Foreign Intelligence Surveillance Act. It allows U.S. intelligence agencies to conduct warrantless surveillance of the electronic communications of non-American citizens outside the country. However, it also incidentally gathers the personal data of an unknown number of Americans. 


FBI Warns Organizations of Dual Ransomware, Wiper Attacks 

The FBI is warning organizations of new trends in ransomware attacks, where victims are targeted by multiple file-encrypting malware families or with wipers. As part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one another. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the agency notes. The FBI says it observed different ransomware combinations being deployed in these attacks, leading to a mixture of data encryption, exfiltration, and financial losses associated with ransom payments. 


Lazarus hackers breach aerospace firm with new LightlessCan malware 

The North Korean ‘Lazarus’ hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown ‘LightlessCan’ backdoor. The hackers utilized their ongoing “Operation Dreamjob” campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file. The employee did so on a company’s computer, allowing the North Korean hackers to breach the corporate network to conduct cyber espionage. 


‘Wrong number’ text scams and how to protect against them 

People accidentally text the wrong number all the time, and we’re sure you too have received texts that were meant for somebody else at least once in your lifetime. Unfortunately, wrong-number texts are no longer just innocent mistakes. Scammers now intentionally send wrong-number texts to catch you off guard and exploit your friendliness, sympathy and kindness for financial gain. These texts though are not so obvious from the beginning, with no red flags such as suspicious links or mentions of you winning a prize. 


Government-sponsored Chinese hackers are “hiding” inside Cisco routers 

State-sponsored hackers compromising big-brand routers and other network equipment is nothing new, at this point. If a joint cyber-security advisory from the US and Japan is raising awareness against Chinese cyber-criminals, however, things could get pretty interesting. A well-known group of Chinese cyber-criminals known as “BlackTech” is actively targeting Cisco routers for sensitive data exfiltration. US intelligence agency NSA, FBI, and Cybersecurity and Infrastructure Security Agency (CISA), have released a joint advisory together with Japan’s police and cyber-security authorities detailing BlackTech’s activities and providing recommendations for mitigating the attacks. 

Related Posts