AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/27/2022

Vice Society Ransomware Campaigns Continue to Impact US Education Sector

The threat actor known as Vice Society has been conducting ransomware and extortion campaigns against the global education sector, particularly in the US. The findings come from Microsoft security researchers, who published an advisory about Vice Society (tracked by the tech giant as DEV-0832) on Tuesday. “Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin, DEV-0832’s latest payload is a Zeppelin variant that includes Vice Society-specific file extensions,” reads the technical write-up. “In several cases, Microsoft assesses that the group did not deploy ransomware and instead possibly performed extortion using only exfiltrated stolen data.”

LinkedIn’s new security features combat fake profiles, threat actors

LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number. Over the past couple of years, LinkedIn has become heavily abused by threat actors to initiate communication with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud. This abuse has been demonstrated time and time again by the Lazarus North Korean Hacking group, which commonly approach targets over LinkedIn with fake job offers

Notorious hacker know as ‘Spdrman’ arraigned for role in Real Deal dark web marketplace

A British national whose hacker handles include “Spdrman” and “Popopret” was arraigned on charges related to operating a dark web marketplace that sold login credentials for U.S. government networks, stolen bank account credentials, malware and other illicit materials, federal prosecutors said Wednesday. U.S. law enforcement officials allege that Daniel Kayne was the mastermind behind The Real Deal that began sometime in early 2015. According to Vice, the underground marketplace distinguished itself by selling computer exploits and stolen login credentials. The Real Deal closed in November 2016.

GitHub Bug Exposed Repositories to Hijacking

Security researchers have discovered a new flaw in GitHub which they say could have enabled attackers to take control of repositories and spread malware to related apps and code. Although GitHub has now fixed the bug in its “popular repository namespace retirement” feature, the same tool could be targeted by threat actors in the future, Checkmarx warned. In fact, a separate vulnerability in the same tool was exploited earlier this year, enabling hackers to hijack and poison popular PHP packages with millions of downloads. Popular repository namespace retirement was created by GitHub to guard against so-called “repojacking.” GitHub repositories have a unique URL connected to their creator’s user account. If users decide to rename their account, a new URL will be generated and GitHub will redirect traffic from the repository’s original URL. “Repojacking is a technique to hijack renamed repository URLs traffic and routing it to the attacker’s repository by exploiting a logical flaw that breaks the original redirect,” explained Checkmarx.

Signal Says It Will Exit India Rather Than Compromise Its Encryption

Signal ensures its users’ security and privacy by encrypting their messages and refusing to collect a bunch of data governments or malicious hackers might find useful or interesting. That hasn’t made it many friends in governments (except with government officials who utilize the service to dodge public records requests). An FBI official once compared Signal creator Moxie Marlinspike to a KKK member, which gives you some idea how entities, whose demands for data have been thwarted by Signal’s refusal to collect/store this data, feel about the ultra-secure messaging platform. The government of India is one of several that take a dim view of encryption, feeling it does little more than allow criminals to avoid detection and otherwise threaten the security of the nation and the safety of the public. 

Related Posts