AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/06/2023

Discord will switch to temporary file links to block malware delivery 

Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware. “Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content, and generally reduce the amount of malware distributed using our CDN,” Discord told BleepingComputer. 


No, Okta, senior management, not an errant employee, caused you to get hacked 

Identity and authentication management provider Okta on Friday published an autopsy report on a recent breach that gave hackers administrative access to the Okta accounts of some of its customers. While the postmortem emphasizes the transgressions of an employee logging into a personal Google account on a work device, the biggest contributing factor was something the company understated: a badly configured service account. 


Microsoft is overhauling its software security after major Azure cloud attacks 

Microsoft has had a rough few years of cybersecurity incidents. It found itself at the center of the SolarWinds attack nearly three years ago, one of the most sophisticated cybersecurity attacks we’ve ever seen. Then, 30,000 organizations’ email servers were hacked in 2021 thanks to a Microsoft Exchange Server flaw. If that weren’t enough already, Chinese hackers breached US government emails via a Microsoft cloud exploit earlier this year. 


Apple ‘Find My’ network can be abused to steal keylogged passwords 

Apple’s “Find My” location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags. The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline. 


DDoS attack revealed as cause of online service outage at public healthcare institutions 

A distributed denial-of-service (DDoS) attack has been identified as the cause of an online service outage that affected several public healthcare institutions in Singapore. And the attacks are continuing, according to national healthtech agency Synapxe, which is responsible for the IT operations that support the country’s public healthcare network. This network encompasses 46 public healthcare institutions, such as hospitals and polyclinics, and 1,400 community partners that include nursing homes and general practitioners.  


Socks5Systemz proxy service infects 10,000 systems worldwide 

A proxy botnet called ‘Socks5Systemz’ has been infecting computers worldwide via the ‘PrivateLoader’ and ‘Amadey’ malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding proxies for malicious, illegal, or anonymous traffic. It sells this service to subscribers who pay between $1 and $140 per day in crypto to access it. Socks5Systemz is detailed in a report by BitSight that clarifies that the proxy botnet has been around since at least 2016 but has remained relatively under the radar until recently. 

Related Posts