AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/04/2023

Motel One Discloses Ransomware Attack Impacting Customer Data

Budget hotel chain Motel One Group on Monday confirmed that some customer information and credit card data was stolen in a recent ransomware attack. The hackers gained access to the hotel operator’s internal systems and attempted to deploy file-encrypting ransomware, but were only partially successful, the company claims. “Thanks to extensive measures, the impact was kept to a relative minimum. The business operation of one of Europe’s largest hotel groups was never at risk,” Motel One Group says in its incident notification.


EvilProxy uses indeed.com open redirect for Microsoft 365 phishing

A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. The threat actor is using the EvilProxy phishing service that can collect session cookies, which can be used to bypass multi-factor authentication (MFA) mechanisms. Researchers at Menlo Security report that the targets of this phishing campaign are executives and high-ranking employees from various industries, including electronic manufacturing, banking and finance, real estate, insurance, and property management.


Hackers seen exploiting bugs in browsers and popular file transfer tool

A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by hackers, according to both government officials and cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 — a vulnerability affecting Google’s Chrome browser, Mozilla’s Firefox and more. Google researchers first published information about the bug last week and said it was being exploited by unnamed commercial spyware vendors. Google said it was keeping information about the bug restricted so that users had a chance to install a fix.


Gen Z twice as likely to think cybersecurity isn’t worth the effort

In a study that echoes the findings we reported earlier today on employee security habits, research from the National Cybersecurity Alliance (NCA) and CybSafe finds that Gen Z is twice as likely as older generations to think cybersecurity isn’t worth the effort. The poll of over 6,000 individuals across the US, UK, Canada, Germany, France and New Zealand, examined key cybersecurity behaviours, attitudes and trends ahead of October’s Cybersecurity Awareness Month. Despite their understanding of online risks and security measures, and even with the highest access to cyber training (56 percent of Gen Z and 50 percent of Millennials), younger generations are more likely to fall victim to cybercrime.


Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials

Threat actors are using messages sent from Dropbox to steal Microsoft user credentials in a fast-growing business email compromise (BEC) campaign. The effort evades natural language processing (NLP)-based security scans, and demonstrates the rapid evolution of these types of attacks. Researchers at Check Point Harmony observed more than 5,000 of the attacks — in which fake login pages lead victims to a credential-harvesting site — in the first two weeks of September alone, they revealed in a recent blog post. They informed Dropbox of the campaign’s existence on Sept. 18.


Police Issue “Quishing” Email Warning

Police in Northern Ireland have warned organizations in the province to be on their guard after issuing a new Crime Prevention Notice on “quishing,” or phishing via QR code. Originally published by the Police Service of Northern Ireland (PSNI) Cyber Crime Centre, the notice urges all local businesses to ensure staff cybersecurity awareness training is updated so employees can spot the threat. QR phishing, or quishing, has a similar end goal to regular scam emails, which are designed to trick the victim into handing over their credentials/personal information or unwittingly installing malware.

Related Posts