AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/10/2023

Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks

Hamas launched an unprecedented attack on Israel out of Gaza, firing thousands of rockets and sending its fighters to the southern part of the country. In response, Israel declared war on Hamas and started to retaliate. Hundreds have been killed and thousands have been wounded on both sides as a result of the conflict escalation.  In addition to the state-sponsored actors that have likely ramped up their cyber efforts behind the scenes, known hacktivist groups supporting both sides have intensified their cyberattacks.


Thousands of Android devices come with unkillable backdoor preinstalled

When you buy a TV streaming box, there are certain things you wouldn’t expect it to do. It shouldn’t secretly be laced with malware or start communicating with servers in China when it’s powered up. It definitely should not be acting as a node in an organized crime scheme making millions of dollars through fraud. However, that’s been the reality for thousands of unknowing people who own cheap Android TV devices. In January, security researcher Daniel Milisic discovered that a cheap Android TV streaming box called the T95 was infected with malware right out of the box, with multiple other researchers confirming the findings. But it was just the tip of the iceberg. This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.


DoJ: Ex-soldier tried to pass secrets to China after seeking a ‘subreddit about spy stuff’

A former US Army Sergeant with Top Secret US military clearance created a Word document entitled “Important Information to Share with Chinese Government,” according to an FBI agent’s sworn declaration. Joseph Daniel Schmidt, aged 29, was arrested on Friday in San Francisco after disembarking a flight from Hong Kong, officials said. He was to appear in a US District Court for the Northern District of California on Friday afternoon and would be brought to the Western District of Washington for further court proceedings, the Department of Justice said in a statement. The DoJ said the man’s last duty post was in western Washington, at Joint Base Lewis-McChord – a major Army installation – and he was charged with two federal felonies: attempting to deliver national defense information, and retention of national defense information.


Net neutrality’s court fate depends on whether broadband is “telecommunications”

With the Federal Communications Commission preparing to reimpose net neutrality rules and common-carrier regulation on Internet service providers, the broadband industry is almost certain to sue the FCC once the decision is made. The Democratic-majority FCC is expected to define broadband as a telecommunications service, which means it would face common-carrier regulations under Title II of the Communications Act. Industry trade groups that represent Internet service providers will likely argue, as they have unsuccessfully argued before, that the FCC does not have authority to classify broadband as a telecommunications service.


Should Walmart be data-mining your Ozempic prescriptions?

Last week, Walmart made headlines with a claim that new weight loss drugs might be making people buy less food. Walmart US CEO John Furner told Bloomberg that people taking Wegovy, Ozempic, and similar drugs showed a “slight change” in their purchasing habits: “just less units, slightly less calories.” How does Walmart know this? Because, Bloomberg indicates, it can compare people’s prescription history against their food shopping patterns. It’s the kind of data mining that’s likely possible for any big retail-and-pharmacy operation — and one that raises questions about how private health records should be.


California governor signs ban on social media ‘aiding or abetting’ child abuse

California Governor Gavin Newsom has signed AB 1394, a law that would punish web services for “knowingly facilitating, aiding, or abetting commercial sexual exploitation” of children. It’s one of several online regulations that California has passed in recent years, some of which have been challenged as unconstitutional. Newsom’s office indicated in a press release yesterday that he had signed AB 1394, which passed California’s legislature in late September. The law is set to take effect on January 1, 2025.


Hackers modify online stores’ 404 pages to steal credit cards

A new Magecart card skimming campaign hijacks the 404 error pages of online retailer’s websites, hiding malicious code to steal customers’ credit card information. This technique is one of the three variants observed by researchers of the Akamai Security Intelligence Group, with the other two concealing the code in the HTML image tag’s ‘onerror’ attribute and an image binary to make it appear as the Meta Pixel code snippet. Akamai says the campaign focuses on Magento and WooCommerce sites, with some victims linked to renowned organizations in the food and retail sectors.


Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet

Nimble and able to pivot on the fly to take advantage of emerging vulnerabilities, a campaign named IZ1H9 has ramped up its malware development to target a range of unpatched router and Internet of Things (IoT) devices and add them to a widening botnet used to launch targeted distributed denial-of-service (DDoS) cyberattacks. Researchers from FortiGuard Labs flagged the campaign, which was recently updated with 13 new payloads leveraging known vulnerabilities in D-Link devices; Netis wireless routers; Sunhillo SureLine; Geutebruck IP cameras; and Yealink Device Management, Zyxel devices, TP-Link Artcher, Korenix Jetwave, and Totolink routers.


GNOME Linux systems exposed to RCE attacks via file downloads

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment. libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions. Cue sheets (or CUE files) are plain text files containing the layout of audio tracks on a CD, such as length, name of song, and musician, and are also typically paired with the FLAC audio file format.


Related Posts