AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/12/2023

Gen Z hackers created a sophisticated new playbook for cyberattacks 

There’s a new generation of hackers in town. Brought up with digital currency, skilled at social engineering, and aided by online resources their predecessors could only dream of, young internet raiders—some still teenagers—are finding creative ways to rob some of the world’s largest firms and making off with eye-popping sums. Since late last year, more than 100 organizations, from Comcast to Clorox to Grubhub, have been targeted by a hacking group known as Scattered Spider, also known as Muddled Libra or UNC3944, whose members authorities believe are between just 17 and 22 years old. 

 

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user. A patch for the flaw was released by Adobe in January 2023. HackSys security researchers Ashfaq Ansari and Krishnakant Patil were credited with discovering and reporting the flaw. 

 

Mirai-based botnet updates ‘arsenal of exploits’ on routers, IoT devices 

A Mirai-based malware botnet has expanded its payload arsenal to aggressively target routers and other internet-facing devices, researchers have discovered. The variant, called IZ1H9, was observed by researchers at Fortinet exploiting vulnerabilities in products from nine different brands, including D-Link, Netis, Sunhillo, Geutebruck, Yealink, Zyxel, TP-Link, Korenix and TOTOLINK. “Peak exploitation” of the vulnerabilities occurred on September 6, the researchers believe. 

 

Air Europa Asks Customers to Cancel Cards After Breach 

A leading Spanish airline has told some of its customers to cancel their payment cards after revealing their details were compromised in a data breach. Angry customers took to X (formerly Twitter) to share emails sent by Air Europa in Spanish and English. It explained that their long card number, CVV number and expiry date were “recently” compromised following the discovery of unauthorized access in “one of our systems” – although it failed to specify which. 

 

US construction giant unearths concrete evidence of cyberattack 

Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will “continue to cause disruption.” The California-headquartered engineering biz, which produces wood and concrete construction products designed make structures more safe, confirmed the digital assault on the same day it was spotted. “On October 10, 2023, Simpson Manufacturing Co., Inc. experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident,” it states in an SEC filing [PDF]. 

 

Microsoft: State hackers exploiting Confluence zero-day since September 

Microsoft says a Chinese-backed threat group tracked as ‘Storm-0062’ (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. Atlassian had already notified customers about the active exploitation status of CVE-2023-22515 when it disclosed it on October 4, 2023. Still, the company withheld specific details on the threat groups leveraging the vulnerability in the wild. Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062’s involvement in CVE-2023-22515’s exploitation and posted four offending IP addresses on a thread on Twitter. 

Related Posts