AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/01/2022

New open-source tool scans public AWS S3 buckets for secrets

A new open-source ‘S3crets Scanner’ scanner allows researchers and red-teamers to search for ‘secrets’ mistakenly stored in publicly exposed or company’s Amazon AWS S3 storage buckets. Amazon S3 (Simple Storage Service) is a cloud storage service commonly used by companies to store software, services, and data in containers known as buckets. Unfortunately, companies sometimes fail to properly secure their S3 buckets and thus publicly expose stored data to the Internet. This type of misconfiguration has caused data breaches in the past, with threat actors gaining access to employee or customer details, backups, and other types of data.

CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new series of guidelines to help federal agencies defend against distributed denial-of-service (DDoS) attacks. The Capacity Enhancement Guide has been published in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It provides organizations with proactive steps to reduce the likelihood and impact of DDoS attacks. “The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage,” CISA wrote Friday in a press release accompanying the report. Alongside the guide, the Agency has released a separate document that provides federal civilian executive branch (FCEB) agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations. The documents jointly provide various guidelines for federal agencies to follow before, during and after a DDoS attack.

Hackers selling access to 576 corporate networks for $4 million

A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise. The research comes from Israeli cyber-intelligence firm KELA which published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales but a steep rise in the value of the offerings. Although the number of sales for network access remained about the same as in the previous two quarters, the cumulative requested price has now reached $4,000,000.


AS FURIOUS ANTI-GOVERNMENT protests swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones. Iran’s tight grip on the country’s connection to the global internet has proven an effective tool for suppressing unrest. The lack of clarity about what technological powers are held by the Iranian government — one of the most opaque and isolated in the world — has engendered its own form of quiet terror for prospective dissidents. Protesters have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown.

World’s second largest copper producer recovering from cyberattack

The second largest copper producer in the world said it is recovering from a cyberattack that forced it to shut off several IT systems. German firm Aurubis did not respond to requests for comment but released a statement on Friday saying that overnight, the company faced a cyberattack that “was apparently part of a larger attack on the metals and mining industry.” “As a result, numerous systems at Aurubis sites had to be shut down and disconnected from the internet as a preventive measure. Production could largely be maintained,” the company said. “The extent of the impact in the Group is currently being assessed. In addition, Aurubis is working closely with the investigating authorities.” Aurubis could not say when production and raw material procurement systems would get back up and running. 

Psychotherapy extortion suspect: arrest warrant issued

Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family…and then, as if that were not bad enough, imagine that the words you’d never expected to be typed in and saved at all, let alone indefinitely, had been made accessible over the internet, allegedly “protected” by little more than a default password giving anyone access to everything. Now imagine, some time later (according to some reports, the company that ran the clinic suffered data breaches in 2018 and 2019, but the overt criminality surrounding the stolen data didn’t start until 2020), that your deepest secrets, and those of tens of thousands of other trusting patients, were used in a blackmail attempt against the company.

Related Posts