AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/14/2025

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant’s own server-side encryption with customer provided keys (SSE-C) to lock up victims’ data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it. Halcyon threat hunters say they first spotted this criminal gang in December, and in recent weeks observed two such ransomware attacks against their customers, both of whom were AWS native software developers. Codefinger breaks into victim orgs’ cloud storage buckets using publicly exposed or compromised AWS keys with write and read permissions to execute “s3:GetObject” and “s3:PutObject” requests.

 

Biden proposes new export controls on GPUs targeting China

The Biden administration has unveiled its “AI diffusion rule,” which aims to restrict the export of GPUs that are most coveted for AI applications. Although it does not mention the nation by name, it’s broadly viewed as a means to prevent China from outpacing the US in AI development. The rule proposes three licensing tiers. The first tier is unrestricted and includes the domestic market as well as 18 strategic allies. The majority of countries fall into a second tier, which will have caps on how much compute power they can import via top GPUs from the US. The third tier includes China, Russia, Iran and North Korea, and effectively bars US companies from selling their most powerful GPUs there.

 

Apple users facing new security risks after critical USB component hacked

The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer for iPhones, Macs, and other devices, can be hacked to allow malicious actors to run unauthorized activities. Exploiting this vulnerability to do actual damage is a bit of a stretch, though. At the recent 38th Chaos Communication Congress took place in Hamburg, Germany, white hat hacker Thomas Roth demonstrated hacking this critical component. He reverse-engineered the ACE3 controller, exposing the internal firmware and communication protocols. He then reprogrammed the controller, which gave him the ability to bypass security checks, inject malicious commands, and run other unauthorized actions.

 

Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers are targeting people interested in pirated and cracked software downloads by abusing YouTube and Google search results. Researchers from Trend Micro uncovered the activity on the video-sharing platform, on which threat actors are posing as “guides” offering legitimate software installation tutorials to lure viewers into reading the video descriptions or comments, where they then include links to fake software downloads that lead to malware, they revealed in a recent blog post.

 

Phishing texts trick Apple iMessage users into disabling protection

Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing) attacks against mobile numbers. To protect users from such attacks, Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number.

Related Posts