AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/02/2023

Phishing, Smishing Surge Targets US Postal Service

Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns. The surge in these attacks has prompted DomainTools researchers to delve into their origins and implications, with findings described in an advisory published on Thursday. One smishing message raised suspicions due to its peculiar language, suggesting the involvement of a non-native English speaker or reliance on translation services.


State Department emails compromised in Microsoft breach

Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters. Most of the 10 State Department email accounts impacted by the Microsoft breach belonged to individuals working on East Asia and the Pacific, particularly on Indo-Pacific diplomacy initiatives, said the staffer, who refused to be named.


Millions of Exim mail servers exposed to zero-day RCE attacks

A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. Found by an anonymous security researcher and disclosed through Trend Micro’s Zero Day Initiative (ZDI), the security bug (CVE-2023-42115) is due to an Out-of-bounds Write weakness found in the SMTP service. While this type of issue can lead to software crashes or corruption of data following successful exploitation, it can also be abused by attackers for code or command execution on vulnerable servers.


A Closer Look at the Snatch Data Ransom Group

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name. According to a September 20, 2023 joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure Security Administration (CISA), Snatch was originally named Team Truniger, based on the nickname of the group’s founder and organizer — Truniger.


Kia and Hyundai Blame TikTok and Instagram For Their Cars Getting Stolen

Kia and Hyundai say it is not their fault that their cars are being stolen in an unprecedented theft surge made possible by the vehicles lacking a basic anti-theft technology virtually every other car has, according to a recent court filing. Instead, the companies point the finger at social media companies, such as TikTok and Instagram, where instructions on how to steal the cars have been widely shared and thieves show off their stolen cars.


Cloudflare DDoS protections ironically bypassed using Cloudflare

Cloudflare’s Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. This bypass could put Cloudflare’s customers under a heavy burden, rendering the protection systems of the internet firm less effective. To make matters worse, the only requirement for the attack is for the hackers to create a free Cloudflare account, which is used as part of the attack.


Amazon sends Mastercard, Google Play gift card order emails by mistake

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. The emails were sent out last night, with customers reporting receiving three separate emails from Amazon Prime for each alleged gift card purchase. However, no purchases are found in their Amazon Prime accounts. “I just randomly received 3 gift card emails in a row (within a minute) from amazon ([store-news@amazon.com](mailto:store-news@amazon.com)) and I am really confused by this,” reads a Reddit post where many Amazon customers reported receiving the emails.

Related Posts