AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/02/2024

If you’re holding important data, Iran is probably trying spearphish it

US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments. A security advisory published late on Friday says that high-value individuals are being targeted with social engineering attempts to harvest credentials for their personal accounts. If successful, the attackers rummage around whatever service they’ve gained access to in search of data which the Islamic Revolutionary Guard Corps (IRGC) can use in follow-on information operations.

 

Red team hacker on how she ‘breaks into buildings and pretends to be the bad guy’

A hacker walked into a “very big city” building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network. Turns out she didn’t need to do any breaking in at all. She rode the elevator up to the reception floor without needing a security badge, found the office suite door propped open, walked past a security guard sitting at a desk and straight into a conference room.

 

Rackspace internal monitoring web servers hit by zero-day

Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment. That intrusion forced the cloud-hosting outfit to temporarily take its monitoring dashboard offline for customers. Reading between the lines, it appears Rackspace was hosting a ScienceLogic-powered monitoring dashboard for its customers on its own internal web servers, those servers included a program that was bundled with ScienceLogic’s software, and that program was exploited, using a zero-day vulnerability, by miscreants to gain access to those web servers. From there, the intruders were able to get hold of some monitoring-related customer information before being caught.

 

Hacker charged for breaching 5 companies for insider trading

The U.S. Securities and Exchange Commission (SEC) charged Robert B. Westbrook, a U.K. citizen, with hacking into the computer systems of five U.S. public companies to access confidential earnings information and conduct insider trading. Westbrook then used this nonpublic information to make trades ahead of 14 earnings announcements between January 2019 and August 2020, earning approximately $3,750,000 in illicit profits. This activity is known as “insider trading,” where an unauthorized individual makes investments based on confidential information not available to the general public.

 

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

 

Crucial Texas hospital system turning ambulances away after ransomware attack

One of the largest hospitals in West Texas has been forced to divert ambulances after a ransomware attack shut down many of its systems last Thursday.  The University Medical Center Health System in Lubbock confirmed on Friday that IT outages are being caused by a ransomware incident. The hospital system said it is “temporarily diverting incoming emergency and non-emergency patients via ambulance to nearby health facilities until access to our systems is restored.”  “Third-parties that have helped other hospitals address similar issues have been engaged to assist in our response and investigation,” the hospital said.

 

Snap employees were well aware of the app’s child safety issues, newly unsealed complaint says

“By November 2022, Snap employees were discussing 10,000 user reports of sextortion each month, while acknowledging that these reports ‘likely represent a small fraction of this abuse’ given the shame and other barriers to reporting,” says a newly unsealed version of the lawsuit filed by New Mexico’s attorney general against Snap. This less-redacted version of the filing we first saw a month ago adds fresh details about what Snap employees allegedly knew about the scope of the sextortion issue it’s accused of facilitating on its platform.

Related Posts