AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/24/2022

A hacker who stole and sold Ed Sheeran songs for crypto gets prison time

Adrian Kwiatkowski, a hacker from Ipswich in England who stole two unreleased songs by Ed Sheeran, has been sentenced to 18 months in prison, according to the BBC. Kwiatkowski sold Sheeran’s tracks, along with 12 other songs by American rapper Lil Uzi Vert, for cryptocurrency worth £131,000 (US$148,000) on the dark web. UK prosecutors said Kwiatkowski got his hands on the unreleased tracks by hacking into their cloud-based accounts. They didn’t specify which cloud services those were, but he stole from a lot more artists, because authorities found 1,263 unreleased songs in his possession. 

Thousands of GitHub repositories deliver fake PoC exploits with malware

Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware. GitHub is one of the largest code hosting platforms, and researchers use it to publish PoC exploits to help the security community verify fixes for vulnerabilities or determine the impact and scope of a flaw. According to the technical paper from the researchers at Leiden Institute of Advanced Computer Science, the possibility of getting infected with malware instead of obtaining a PoC could be as high as 10.3%, excluding proven fakes and prankware.

VMware bug with 9.8 severity rating exploited to install witch’s brew of malware

Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various ransomware and cryptocurrency miners, a researcher at security firm Fortinet said on Thursday. CVE-2022-22954 is a remote code execution vulnerability in VMware Workspace ONE Access that carries a severity rating of 9.8 out of a possible 10. VMware disclosed and patched the vulnerability on April 6. Within 48 hours, hackers reverse-engineered the update and developed a working exploit that they then used to compromise servers that had yet to install the fix. VMware Workspace ONE access ​​helps administrators configure a suite of apps employees need in their work environments.

European Police Warn of Metaverse Cyber-Threats

The coming wave of immersive internet experiences dubbed “the metaverse” could be a magnet for ransomware, identity theft, money laundering and much more, Europol has warned. A new report from the Europol Innovation Lab, Policing in the metaverse: what law enforcement needs to know, urges police forces to start thinking now about the challenges and opportunities created by the metaverse. It cited figures from Gartner predicting that by 2026, a quarter (25%) of people will spend at least one hour per day in the metaverse. However, money and people will also attract cyber-criminals.

Revealed: how coyotes and scammers use TikTok to sell migrants the American dream

The TikTok video starts like most other travel snaps on the platform do, with selfie shots showing the user* and his companions sitting on a plane and walking through the airport. But unlike the highly curated images of hotels and tourist attractions typical of this genre on TikTok, the video quickly takes an uncharacteristic turn, showing the user sleeping in camps, at one point traveling by horseback and ultimately scaling what he calls “la famosa frontera de la muerte” or “the famous border of death” between the US and Mexico.

Related Posts