AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/15/2025

UK floats ransomware payout ban for public sector

A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill. The consultation will consider views on extending the ransom payment ban from central government departments to all public services including hospitals, schools, local authorities, and state-operated transport networks. Announced today, the 12-week consultation will run from January 14 to April 8 and explore three proposals, the first of which is the total payment ban for the public sector and critical national infrastructure (CNI) organizations.

 

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. This security flaw (tracked as CVE-2024-55591) impacts FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12. Successful exploitation allows remote attackers to gain super-admin privileges by making malicious requests to the Node.js websocket module. Fortinet says attackers exploiting the zero-day in the wild are creating randomly generated admin or local users on compromised devices and are adding them to existing SSL VPN user groups or to new ones they also add.

 

CISA tells agencies to patch BeyondTrust bug now

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two recently-discovered BeyondTrust bugs to its Known Exploited Vulnerabilities (KEV) catalog. The move means CISA has seen evidence of the bugs being exploited in the wild, and has thus given federal agencies a deadline to patch the software or stop using it entirely. In late December 2024, BeyondTrust confirmed suffering a cyberattack after spotting and uncovering some of its Remote Support SaaS instances were compromised. Subsequent investigation uncovered these two flaws, which the company later patched.

 

US removes malware allegedly planted on computers by Chinese-backed hackers

The U.S. Justice Department said on Tuesday that it has deleted malware planted on more than 4,200 computers by a group of criminal hackers who were backed by the People’s Republic of China. The malware, known as “PlugX,” affected thousands of computers around the globe and was used to infect and steal information, the department said. Investigators said the malware was installed via infected USB devices by a band of hackers who are known by the names “Mustang Panda” and “Twill Typhoon.” In court records filed in the U.S. District Court for the Eastern District of Pennsylvania, prosecutors allege that the Chinese government paid the Mustang Panda group to develop PlugX. Cybersecurity company Sekoia identified the command and control infrastructure used by the hackers to control this variant of PlugX in September 2023 and subsequently worked with French law enforcement to take over the infrastructure by July 2024, French authorities said, opens new tab at the time.

 

Lawsuit: Allstate used GasBuddy and other apps to quietly track driving behavior

Texas has sued insurance provider Allstate, alleging that the firm and its data broker subsidiary used data from apps like GasBuddy, Routely, and Life360 to quietly track drivers and adjust or cancel their policies. Allstate and Arity, a “mobility data and analytics” firm founded by Allstate in 2016, collected “trillions of miles worth of location data” from more than 45 million people, then used that data to adjust rates, according to Texas’ lawsuit. This violates Texas’ Data Privacy and Security Act, which requires “clear notice and informed consent” on how collected data can be used. A statement from Texas Attorney General Ken Paxton said the suit is the first-ever state action targeting comprehensive data privacy violations.

Related Posts