AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/04/2024

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns 

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. “We are committed to delivering a secure and trusted experience with Recall,” the company said in an updated statement released Thursday. “To ensure we deliver on these important updates, we’re taking additional time to refine the experience before previewing it with Windows Insiders. Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot+ PCs by December” 

 

Attacker Abuses Victim Resources to Reap Rewards from Titan Network 

Recently, we observed an attack where an attacker exploited the Atlassian Confluence server vulnerability CVE-2023-22527. This allowed unauthenticated attackers to achieve remote code execution (RCE) and leverage the Titan Network for cryptomining activity. Titan Network, which is based on decentralized physical infrastructure networks (DePIN), is an open-source platform that allows users to share and deploy hardware resources, turning them into valuable digital assets like computing power, storage, and bandwidth. Its economic incentives and network design ensure that contributors are rewarded for their resources, while end-users enjoy high-quality, reliable results comparable to modern cloud services. In the attack, the malicious actor compromises victims’ machines and installs Titan edge nodes to reap those rewards. 

 

Threat actor says Interbank refused to pay the ransom after a two-week negotiation 

Interbank, formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. A threat actor that uses the moniker ‘kzoldyck’ claims the leak of 3.7 TB of company data related to 3 million customers. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. 

 

Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’ 

Crooks potentially defrauded hundreds of thousands of consumers by hacking legitimate shopping websites and redirecting people to fake online shops that sold hard-to-find items but never shipped them, according to cybersecurity researchers. The long-running scheme involved malicious code that “creates fake product listings and adds metadata that puts these fake listings near the top of search engine rankings for the items, making them an appealing offer for an unsuspecting consumer,” Satori Threat Intelligence said Thursday. 

 

In legal first, Japan convicts man of abusing AI to generate ransomware 

A 25-year-old man has become the first person in Japan to be convicted for criminal activities involving generative AI. According to The Yomiuri Shimbun, the Tokyo District Court found Ryuki Hayashi guilty of creating a computer virus using interactive generative artificial intelligence. He was sentenced to three years in prison, suspended for four years. Prosecutors had sought a four-year sentence. The newspaper reported that Hayashi developed the ransomware-like virus at his home in Kawasaki around March 31, 2023, using illegal source code obtained with AI tools. 

 

A Slick Scam and an Empty Bank Account 

Emily was having a typical busy Tuesday. She grabbed her morning coffee, glanced at her phone, and noticed a text from her bank: “Did you make this transaction? Reply YES or NO.” She frowned. She hadn’t made any purchases yet that day. Maybe it was just a glitch. She replied “NO,” and within minutes, a call came in. It was a woman claiming to be from her bank’s fraud department, speaking in a calm, professional tone. “We’ve detected unusual activity on your account. To secure it, we need to verify some details.” Emily, still groggy from sleep, complied. The caller walked Emily through a series of steps, asking for her online banking password and even guiding her to approve a notification on her phone. “This will block the hacker’s access,” the woman assured her. Emily followed along, not realizing she was falling into a trap. 

 

LastPass warns of fake support centers trying to steal customer data 

LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords. Threat actors are attempting to target a large swath of the company’s user base by leaving 5-star reviews with a fake LastPass customer support number. 

 

Related Posts