AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/01/2023

Canada Bans WeChat and Kaspersky Apps On Government Devices 

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an “unacceptable level of risk to privacy and security.” “The Government of Canada is committed to keeping government information and networks secure,” the Canadian government said. “We regularly monitor potential threats and take immediate action to address risks.” To that end, Tencent’s WeChat and Kaspersky’s suite of applications have been removed from government-issued mobile devices effective October 30, 2023. Going forward, users of these devices will be blocked from downloading the apps. 

 

Four dozen countries declare they won’t pay ransomware ransoms 

The United States and a consortium of some four dozen countries will pledge this week to no longer pay ransoms demanded as part of ransomware attacks, a senior administration official said Monday. The statement will come as part of a meeting of the International Counter Ransomware Initiative set to take place Tuesday. The commitment to no longer pay ransoms will be part of a joint policy statement signed by 48 countries, the European Union and Interpol. 

 

Mass exploitation of CitrixBleed vulnerability, including a ransomware group 

Three days ago, AssetNote posted an excellent write up about CitrixBleed aka CVE-2023–4966 in Citrix Netscaler/ADC/AAA/whatever it is called today. This vulnerability is now under mass exploitation. A few weeks ago it was under limited targeted exploitation to allow network access. It’s not AssetNote’s fault — it was clear multiple groups had already obtained technical details. The patch became available on October 10th. Even if you applied the patch and rebooted, you still have a problem as session token persist. 

 

Florida Man Sentenced to 30 Months in Jail for Sim-Swapping and Crypto Theft 

A judge has sentenced Jordan Dave Persad, 20, of Orlando, Florida, to 30 months in prison and $1 million restitution after he hacked into people’s emails, took over phone numbers, and stole $1 million worth of cryptocurrency. Taking over a cryptocurrency account is difficult, even if the hacker has the know-how. Many people use SMS-based two-factor authentication, so hackers would need access to the phone number to bypass it. As it turns out, this is not as difficult as people might think, and it’s one reason people should never use SMS two-factor authentication if there’s a choice. 

 

Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached 

The MOVEit data breach has caused havoc across all prominent industries and organizations. This large-scale cyberattack in May 2023 (from May 28th to May 30th, 2023) has claimed countless victims. The attackers exploited a vulnerability in a managed file transfer software called MOVEit Transfer developed by Ipswitch INC. Many organizations have become targets of this breach including government agencies, airlines, educational and financial institutions and healthcare providers, and lost sensitive data such as credit card numbers, PII, and SSNs (social security numbers). 

 

British Library Still Reeling After Major Cyber Incident 

The UK’s national library is still suffering what it describes as a “major technology outage” due to a “cyber incident” it experienced over the weekend. The British Library explained on X (formerly Twitter) that the outage is impacting its “website, online systems and services, and some onsite services including public Wi-Fi.” Phone lines and on-site services at its main building in London and a separate facility in Yorkshire are also impacted. “Our Reading Rooms will be open for personal study but with very limited access to collection items and no access to digital collections or our digital catalogue. Reader Registration is also unavailable,” it said. 

Related Posts