AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/17/2024

Cloud Vendor Returns Stolen Hospital Data 

A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group – North Star Health Alliance – had filed a lawsuit against LockBit in November as a legal maneuver to force the storage firm to return the patient data the cybercriminals had exfiltrated from the hospitals and stashed on the Massachusetts vendor’s servers. 


New Chrome Incognito tab discloses Google’s data tracking 

Google Chrome’s Incognito tab received a slight update Monday, stating more clearly to users that websites can still track their Incognito browsing activity. The update was added to Google Chrome’s Canary build Monday night, MSPowerUser first reported. Chrome Canary is a version of Chrome for developers that includes experimental releases and is updated nearly every night, potentially previewing future permanent features. Following the version 122.0.6251.0 update to Chrome Canary, the first two sentences of the Incognito tab’s disclaimer read: “Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google.” 


GitHub rotates keys to mitigate impact of credential-exposing flaw 

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe reflection vulnerability (tracked as CVE-2024-0200) can allow attackers to gain remote code execution on unpatched servers. It was also patched on Tuesday in GitHub Enterprise Server (GHES) versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3, with the company urging all customers to install the security update as soon as possible. 


In PSYOPS capitalism, humans constantly bombarded by cognitive injection attacks 

The paperclip apocalypse has already been set in motion, but instead of paperclips, AI overlords are replacing the world’s listicles and clickbait. Cognitive warfare is now a standard part of marketing, sales, management, politics, and even culture at large as we move from an era of surveillance capitalism into a PSYOPS capitalism, American author and artist Trevor Paglen warns. When you look at the history, you find that some UFOs were actually real in the sense that they were fabricated by government Psychological operations (PSYOPS) to deflect attention or alter reasoning. The history of previous mind-control experiments set the future of AI and generative media, Paglen shared in his talk on the stage of Chaos Communication Congress (CCC), Europe’s biggest hacker gathering. 


New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone 

Cybersecurity researchers have identified a “lightweight method” called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator. Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named “Shutdown.log,” a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics. “Compared to more time-consuming acquisition methods like forensic device imaging or a full iOS backup, retrieving the Shutdown.log file is rather straightforward,” security researcher Maher Yamout said. “The log file is stored in a sysdiagnose (sysdiag) archive.” 


FBI warns against cloud credential-stealing Androxgh0st botnet 

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) have published an urgent advisory about the Androxgh0st botnet, which is being used to steal cloud credentials from major platforms, including AWS, SendGrid, and Microsoft Office 365. Initially identified by Lacework Labs in 2022, Androxgh0st is a Python-scripted malware designed to infiltrate and exploit vulnerabilities in various web frameworks and servers, primarily targeting .env files that store sensitive cloud credentials. 

Related Posts