AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/07/2024

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA 

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID. This session ID is stored in a session cookie (or a “Remember-Me cookie” as the FBI calls it) on your browser, which is typically valid for 30 days. 

 

Windows 11 24H2 misery continues, as Microsoft’s buggy update is now breaking printers – especially on Copilot+ PCs 

Windows 11 24H2 is continuing its run of trouble with bugs and this time we’re hearing about various difficulties with printers, which are mostly hitting Arm-based Copilot+ PCs, but also other computers (with x86 Intel and AMD chips) too. Neowin reports that there are quite a number of complaints from those with printers who have upgraded to Windows 11 24H2 and are finding their device is no longer working. This is affecting all the best-known printer manufacturers, the likes of Brother, Canon, HP and so forth. 

 

Latest US telecom hack from China may have affected thousands 

In October, the FBI and CISA confirmed that they were investigating a potential hack of telecommunications infrastructure in the US. The hack sought private data from presidential candidates and close staff. However, a new report claims that hackers enabled “vast spying” from vulnerable telecom equipment, potentially affecting thousands of Americans. Following confirmation by US authorities, a report by The New York Times revealed that the main target of the hack was the phones of Donald Trump, JD Vance, and Kamala Harris’ campaign staff. According to investigators, the Chinese hacking group is known as “Salt Typhoon.” They may have gained access to call and SMS records in their search for confidential data. 

 

Cybercrooks are targeting Bengal cat lovers in Australia for some reason 

Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting a niche group of victims. Around since 2014, Gootloader has been one of the most popular malware strains of its kind. It’s used as an infostealer or at times a malware dropper acting as a precursor to other attacks like ransomware. Financially motivated attackers typically cast their net far and wide or target specific, high-value organizations and/or individuals such as banks and crypto investors. It’s what makes the security shop’s finding that criminals, armed with Gootloader, were seemingly targeting Australian enthusiasts of Bengal cats all the more baffling. 

 

GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide 

Cyble Research and Intelligence Labs (CRIL) recently identified a phishing site, “mygov-au[.]app,” masquerading as the official MyGov website of the Australian Government. Upon further analysis, this site was found to be distributing a suspicious APK file linked to the GodFather Malware, known for its ability to steal banking application credentials. The downloaded application, “MyGov.apk”, communicates with the URL “hxxps://az-inatv[.]com/.” This app is programmed to track the number of devices it is installed on, retrieve the device’s IP address, and store this information on the server in a text file. Figures 3 and 4 show the code of index.php and count.php responsible for getting the count and IP address. 

Related Posts