AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/13/2025

Cannabis company Stiiizy says hackers accessed customers’ ID documents

Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyberattack. In a data breach notice filed with California’s attorney general this week, Stiiizy said it was notified by its point-of-sale processing vendor that an “organized cybercrime group” had compromised the data from some of its retail locations.

 

Docker Desktop blocked on Macs due to false malware alert

Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. The first reports of the malware alerts surfaced on January 7, 2025, when macOS users received an unexpected ‘Malware Blocked’ message preventing them from opening the Docker containers management app. “Malware Blocked. “com.docker.vmnetd” was not opened because it contains malware. This action did not harm your Mac,” reads the alert on Macs.

 

Coming cyber executive order includes a push to mobile drivers licenses

A cybersecurity executive order expected in the final days of the Biden administration includes instructions for government agencies to ramp up their use of digital identity documents like mobile drivers licenses to verify the identities of people applying for public benefit programs, according to a draft obtained by Nextgov/FCW.  Deputy National Security Director for Cybersecurity and Emerging Technology Anne Neuberger told reporters yesterday that that administration has been working on “executive action” for seven months with the goal of “putting the next administration on the best possible foundation” in terms of cybersecurity.

 

New macOS malware uses Apple’s own code to quietly steal credentials and personal data — how to stay safe

While Apple’s Macs aren’t targeted by hackers as often as Windows PCs, they’re far from impenetrable. Security researchers at Check Point Research recently pushed out an alert warning 100 million Apple users that a new variant of the infamous Banshee malware has been detected, capable of stealing browser credentials, cryptocurrency wallets, and other personal data. Check Point first uncovered the Banshee macOS Stealer, a malware-as-a-service targeting macOS users, in mid-2024, and has been monitoring this latest strain since September. 

 

Recruitment Phishing Scam Imitates CrowdStrike Hiring Process

On January 7, 2025, CrowdStrike identified a phishing campaign exploiting its recruitment branding to deliver malware disguised as an “employee CRM application.” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig. The phishing email lures victims by claiming to be part of a recruitment process (Figure 1). It links to a malicious website offering download options for both Windows and macOS (Figure 2). However, regardless of the option selected, a Windows executable written in Rust is downloaded. This executable functions as a downloader for XMRig.

 

Bringing Shadow Admins Out of the Shadows

In today’s rapidly evolving IT landscape most organizations rely heavily on IT systems to streamline operations and stay competitive. While some of these systems are managed and secured by IT and security departments, increasingly many are not because they are not officially sanctioned. They are often referred to as shadow IT, shadow clouds, shadow VPNs and shadow password managers. To this “shadow” list should be added shadow admins. These are individuals who have administrative or privileged roles within specific IT systems—and they haven’t been formally authorized for this privilege. In this blog post we’ll cover why shadow admins are so risky and what you can do about them. 

Related Posts