AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/19/2023

The Fake Browser Update Scam Gets a Makeover 

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. 


TV advertising sales giant affected by ransomware attack 

A television advertising sales and technology company jointly owned by the three largest U.S. cable operators was hit with a ransomware attack in recent weeks that affected operations. Ampersand — owned by Comcast Corporation, Charter Communications and Cox Communications — provides viewership data to advertisers about 85 million households and has existed since 1981. Last weekend, the Black Basta ransomware gang claimed to have attacked the company, according to cybersecurity researcher Dominic Alvieri. 


Brave appears to install VPN Services without user consent 

If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices. Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month. Brave Software is not the only browser maker that has integrated a VPN solution in its browser. Mozilla, maker of Firefox, entered into a cooperation with Mullvad and launched Mozilla VPN in 2020. 


CIA exposed to potential intelligence interception due to X’s URL bug 

An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence. Kevin McSheehan, who uses the online handle “Pad,” spotted the issue after hovering over the link to the CIA’s Telegram channel displayed on its X social media profile. After the CIA updated its profile at some point after September 27, the Telegram link shortened, cutting off part of the full username, allowing McSheehan to register the new, unregistered handle. 


North Korean Attackers Exploiting Critical CI/CD Vulnerability 

North Korean threat actors are actively exploiting a critical vulnerability in a continuous integration/continuous deployment (CI/CD) application used in software development, Microsoft has warned. The tech giant said it has observed two North Korean nation-state actors – Diamond Sleet and Onyx Sleet – exploiting the remote code execution vulnerability, CVE-2023-42793, since early October 2023. The flaw, which has a 9.8 CVSS severity rating, affects multiple versions of JetBrains TeamCity server used by organizations for DevOps and other software activities. 


Related Posts