AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/05/2023

Say (an encrypted) hello to a more private internet 

As web users, what we say and do online is subject to pervasive surveillance. Although we typically associate online tracking with ad networks and other third-party sites, our online communications travel across commercial telecommunication networks, allowing these privileged entities to siphon the names of the websites we visit and monetize our browsing history for their own gain. Enter Encrypted Client Hello (ECH) – by encrypting that first “hello” between your device and a website’s server, sensitive information, like the name of the website you’re visiting, is protected against interception from unauthorized parties. ECH is now rolling out to Firefox users worldwide, allowing for a more secure and private browsing experience. 


Rules of engagement issued to hacktivists after chaos 

The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts. The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion. The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians. But some cyber-gangs have told BBC News they plan to ignore them. 

Apple emergency update fixes new zero-day used to hack iPhones 

Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said in an advisory issued on Wednesday. The zero-day (CVE-2023-42824) is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads. 


Scammers hijack YouTube channels to promote Elon Musk-themed crypto schemes 

Cybercriminals are taking over high-profile YouTube accounts to promote crypto scams, researchers have found. Suspicious live streams on YouTube, often featuring Elon Musk and his electric car company Tesla, rebroadcast legitimate content while including malicious QR codes or links in the video or comments section, directing users to cryptocurrency scam websites. Cybersecurity firm Bitdefender, which investigated the campaign, called the technique “stream-jacking.” According to the researchers, the scammers used phishing kits to automate the attacks. The identity of the person behind the kit remains unknown. 


Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts 

The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years. A security researcher noticed Lorenz’s dark web victim blog was leaking backend code, pulled the data from the site, and uploaded to it a public GitHub repository. The data includes names, email addresses, and the subject line entered into the ransomware group’s limited online form to request information from Lorenz. 


LLMs lower the barrier for entry into cybercrime 

Cybercriminals employ evolving attack methodologies designed to breach traditional perimeter security, including secure email gateways, according to Egress. “Without a doubt chatbots or large language models (LLM) lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone,” said Jack Chapman, VP of Threat Intelligence, Egress. 


Related Posts