AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/24/2023


The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The incident was discovered on May 24, but further investigation revealed that threat actors have had access to the compromised email accounts at least since March 2023. “On May 24, 2023, the City initially became aware of suspicious activity in its email environment. We launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the event. The investigation is ongoing.” 


QNAP takes down server behind widespread brute-force attacks 

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server (used to control a botnet of hundreds of infected systems) within two days. “The QNAP Product Security Incident Response Team (QNAP PSIRT) swiftly took action by successfully blocking hundreds of zombie network IPs through QuFirewall within 7 hours, effectively protecting numerous internet-exposed QNAP NAS devices from further attack,” the company said. 


Palestine crypto donation scams emerge amid Israel-Hamas war 

As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses and lure unsuspecting victims into sending them funds. Researchers have also spotted over 500 “fundraising” emails sent from entities claiming to be charities. 


Hackers ‘may have had access to the full voter roll,’ Washington, DC officials say 

Officials at Washington, D.C.’s Board of Elections (DCBOE) confirmed that hackers accessed the city’s voter rolls, which includes personal information such as partial Social Security numbers and driver’s license numbers. The DCBOE said on Friday that it has been investigating claims made on October 5 by the RansomVC hacking group that 600,000 lines of U.S. voter data, including D.C. voter records, were accessed. DCBOE said its third-party technology supplier DataNet Systems told them on Friday that the breached database server did contain a copy of the DCBOE’s voter roll. While voter rolls are publicly accessible, not all information is shared with those who acquire the database. 


1Password detects “suspicious activity” in its internal Okta account 

1Password, a password manager used by millions of people and more than 100,000 businesses, said it detected suspicious activity on a company account provided by Okta, the identity and authentication service that disclosed a breach on Friday. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,” 1Password CTO Pedro Canahuati wrote in an email. “We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.” 


Scammers use India’s real-time payment system to siphon off money, send it to China 

China-based scammers are using a combination of fake loan apps and India’s real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK. “UPI service providers currently operate without coverage under the Prevention of Money Laundering Act (PMLA),” explained [PDF] CloudSEK researchers, letting the scammers’ exploit the platforms with relative ease. Posing as providers of loan apps, and sometimes impersonating existing entities, the scammers lure victims with promises of easy repayments for quick money in exchange for a fee worth between 5 and 10 percent of the loan. To receive the loan, victims are asked to share personal information, including bank details and their phone numbers and even to upload their national identity cards known as Aadhaar and tax related Permanent Account Number (PAN) cards. 

Related Posts