AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/19/2021

Hackers are weaponizing Excel documents to infiltrate corporate networks

Employees at financial organizations are being targeted using weaponized Exceldocuments as part of a new phishing campaign aimed at infiltrating corporate networks. While the campaign, which has been dubbed MirrorBlast, was first detected in September by the cybersecurity firm ET Labs, another cybersecurity firm called Morphisec has now analyzed the malware used in the campaign and reported its findings in a new blog post. Morphisec warns that the malicious Excel files used in the campaign are particularly dangerous due to the fact that they can bypass malware detection systems as they contain “extremely lightweight” embedded macros.


REvil ransomware operation taken down by an unknown vigilante

The Tor sites of notorious ransomware operators known as REvil have once again gone offline, this time in response to an unknown vigilante hijacking the gang’s domains. A threat actor affiliated with the REvil operation posted on an underground hacking forum that an unknown person has hijacked REvil’s Tor payment portal and data leak blog. “But since we have today at 17.10 from 12:00 Moscow time, someone brought up the hidden-services of a landing and a blog with the same keys as ours, my fears were confirmed. The third party has backups with onion service keys,” a threat actor known as 0_neday posted to the hacking forum.


U.S. TV station operator Sinclair hit by ransomware attack

U.S. TV station operator Sinclair Broadcast Group said on Monday it had found some of its servers and workstations had been encrypted with ransomware, disrupting office networks. Sinclair said it was investigating what information the ransomware affected and had notified law enforcement and other governmental agencies. Ransom software works by encrypting victims’ data and can include locking down a company’s network or stealing data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars. With ransomware attacks on companies becoming more frequent, President Joe Biden has made cybersecurity a top priority and is coordinating with other countries to combat the threat.


Donald Trump’s campaign website was defaced by a hacker

A part of Donald Trump’s campaign website looked different than usual until Monday morning. Its “action” subdomain, which usually houses his calls to action, contained a Turkish message instead. “Do not be like those who forgot Allah, so Ally made them forget themselves. Here they really went astray,” the message in Turkish said, according to Newsweek. The page also contained a video embed of Turkish President Recep Tayyip Erdoğan, as well as a link to the hacker’s Instagram and Facebook pages. A hacker calling themselves RootAyyildiz has claimed responsibility for the defacement — and for many others in the past. The National Intelligence Council released a report earlier this year linking them to the defacement of Biden-Harris’ presidential campaign website, as well. Back then, Biden’s website showed a message in Turkish, the country’s flag and a photo of the 34th Sultan of the Ottoman Empire, Abdul Hamid II. 


Amazon accused of lying to Congress, could face criminal investigation

Amazon has two weeks to prove that it does not discriminate against other products sold on its online platform, a deadline imposed by the House Judiciary Antitrust Subcommittee. A letter addressed to Amazon on Monday suspects the company of misleading the committee and lying to Congress when it said that it does not promote its own products more than others and that it does not use seller data to create competing products. The letter directly cites investigations from Reuters and The Markup, which claim that Amazon “ran a systematic campaign of creating knockoffs and manipulating search results to boost its own product lines in India, one of the company’s largest growth markets.” It was also alleged that Amazon promoted its own competing products over those from other brands.


These weird virtual creatures evolve their bodies to solve problems

An endless variety of virtual creatures scamper and scuttle across the screen, struggling over obstacles or dragging balls toward a target. They look like half-formed crabs made of sausages—or perhaps Thing, the disembodied hand from The Addams Family. But these “unimals” (short for “universal animals”) could in fact help researchers develop more general-purpose intelligence in machines.  Agrim Gupta of Stanford University and his colleagues (including Fei-Fei Li, who co-directs the Stanford Artificial Intelligence Lab and led the creation of ImageNet) used these unimals to explore two questions that often get overlooked in AI research: how intelligence is tied to the way bodies are laid out, and how abilities can be developed through evolution as well as learned. “This work is an important step in a decades-long attempt to better understand the body-brain relationship in robots,” says Josh Bongard, who studies evolutionary robotics at the University of Vermont and was not involved in the work.

Related Posts