AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/25/2022

TikTok is increasingly becoming a news source

More and more Americans are getting their news from TikTok, according to a new Pew Research Center survey. The percentage of people getting news from TikTok has tripled since 2020; around 10 percent of all US adults now regularly get news on the app. For adults under 30, that number jumps to 26 percent.

People already on TikTok are also shifting how they use the app, in this case increasingly as a source of news. One-third of adult users on the app say they get their news on the platform, up from 22 percent in 2020. TikTok becoming more of a news app is in contrast with other platforms, where Pew found that news consumption was stagnant or trending downward.

Pendragon car dealer refuses $60 million LockBit ransomware demand

Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them. Pendragon owns CarStore, Evans Halshaw, and Stratstone luxury car retailer, that sell brands cars for all budgets, from Jaguar, Porsche, Ferrari, Mercedes-Benz, BMW, Land Rover, or Aston Martin, to Renault, Ford, Hyundai, Nissan, Peugeot, Vauxhall, Citroen, DS, Dacia, and DAF. Pendragon did not provide many details about the security incident and limited the information to saying that there is no impact on operations.

Novel PURPLEURCHIN attack uses multiple clouds for cryptojacking

A new and sophisticated type of cryptojacking operation had been uncovered by the Sysdig Threat Research Team (Sysdig TRT). The operation, which the researchers dub PURPLEURCHIN, is complex and highly automated and uses multiple cloud providers, including GitHub, Heroku and Buddy.works. Specifically, the threat actors user the free tiers of cloud CI/CD and DevOps automation services, including GitHub, Heroku and Buddy.works. The researchers found more than 30 free accounts on GitHub, 2,000 on Heroku and 900 on Buddy being used for this purpose. “The threat actor is targeting several platforms at the same time and seemingly always looking for more,” the team said in a statement sent to Computing.

WhatsApp Services Restored Globally Following Widespread Outage

Meta-owned WhatsApp has restored its services globally following a disruption on Tuesday in which people were unable to send and receive messages or connect to the WhatsApp server. The outage affected a number of countries, including India, Singapore, the UK and the US. “We know people had trouble sending messages on WhatsApp today. We’ve fixed the issue and apologise for any inconvenience,” a spokesperson from Meta told CNET. Web outage reporting site Down Detector showed a spike in reports at about 3:17 a.m. ET Tuesday with complaints highlighting issues sending and receiving messages or connecting to the server.

Hive claims ransomware attack on Tata Power, begins leaking data

Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai. In screenshots seen by BleepingComputer, Hive operators are seen posting data they claim to have stolen from Tata Power, indicating that the ransom negotiations failed. As of a few hours ago, operators behind the Hive ransomware group are seen leaking data allegedly stolen from Tata Power on their leak site.

Related Posts