AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/06/2023

Hundreds of malicious Python packages found stealing sensitive data

A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. The campaign has been monitored since early April by analysts at Checkmarx’s Supply Chain Security team, who discovered 272 packages with code for stealing sensitive data from targeted systems. The attack has evolved significantly since it was first identified, with the package authors implementing increasingly more sophisticated obfuscation layers and detection evading techniques.

 

BYOD should stand for bring your own disaster, according to Microsoft ransomware data

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Organizations that welcome a “bring your own device” (BYOD) policy are opening up their networks to serious attacks due to personal devices brought in from home typically lacking adequate security measures. That’s according to data from Microsoft’s latest Digital Defender Report 2023, which also highlights a sharp increase in global attacks to the tune of more than 200 percent.

 

Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit

A critical privilege-escalation vulnerability in Atlassian Confluence Server and Confluence Data Center has been disclosed, with evidence of exploitation in the wild as a zero-day bug. The flaw (CVE-2023-22515) affects on-premises instances of the platforms, in versions 8.0.0 and after. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances,” according to Atlassian’s advisory on CVE-2023-22515, released late on Oct. 4.

 

‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines

This week, the Red Cross issued ethical guidelines for civilian hackers involved in armed conflicts, sparking ridicule from hacktivists in Ukraine and Russia. On Wednesday, the pro-Ukrainian hacker group Hdr0 defaced the website of the Russian branch of the Red Cross, replacing the content of the main page with its own message. The message had been taken down at the time of publication, but the hackers archived and shared it.

 

NSA and CISA reveal top 10 cybersecurity misconfigurations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. Today’s advisory also details what tactics, techniques, and procedures (TTPs) threat actors use to successfully exploit these misconfigurations with various goals, including gaining access to, moving laterally, and targeting sensitive information or systems. The information included in the report was collected by the two agencies’ Red and Blue teams during assessments and during incident response activities.

 

Hundreds of US schools hit by potentially organized swatting hoaxes, report says

Within the past year, there have been approximately five times more school shooting hoaxes called in to police than actual school shootings reported in 2023. Where data from Everytown showed “at least 103 incidents of gunfire on school grounds” in 2023, The Washington Post recently uncovered what seems to be a coordinated campaign of active shooter hoaxes causing “swattings”—where police respond with extreme force to fake crimes—at more than 500 schools nationwide over the past year. In just one day in February, “more than 30 schools were targeted,” The Post reported.

 

GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures. It was first enabled for GitHub tokens. The cloud-based code hosting and version control service said it intends to support more tokens in the future. To toggle the setting, enterprise or organization owners and repository administrators can head to Settings > Code security and analysis > Secret scanning and check the option “Automatically verify if a secret is valid by sending it to the relevant partner.”

Related Posts