AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/10/2022

15,000 sites hacked for massive Google SEO poisoning campaign

Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors’ goal is to generate enough indexed pages to increase the fake Q&A sites’ authority and thus rank better in search engines.

Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank

Ukrainian hacktivists claim to have breached the Central Bank of Russia, stealing thousands of internal documents. A 2.6 GB folder released publicly on Thursday and partially reviewed by The Record contains 27,000 allegedly stolen files detailing the bank’s operations, its security policies, and the personal data of some of its current and former employees. “If Russia’s Central Bank cannot protect its own data, how can it guarantee the stability of the ruble?” hacktivists wrote on the Telegram messaging app. The alleged heist was carried out by members from Ukraine’s IT Army — a group of more than 200,000 cyber volunteers formed after Russia’s invasion of Ukraine in late February to conduct coordinated distributed denial-of-service attacks on Russian websites. The central bank is one of Russia’s most important financial institutions, and serves as the architect of state monetary policy and regulator of the national currency. It denied that its system had been hacked and said that all leaked documents were already in the public domain, Russian media reported

Microsoft Scrambles to Thwart New Zero-Day Attacks

For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process, Microsoft flagged six distinct vulnerabilities in the “exploitation detected” category and urged Windows administrators to treat these updates with utmost urgency. Redmond’s security response team documented four new exploited zero-days CVE-2022-41125CVE-2022-41073CVE-2022-41091 and CVE-2022-41128 — alongside two Exchange Server bugs (CVE-2022-41040 and CVE-2022-41082) and warned that exploits are swirling in privilege escalation, feature bypass and remote code execution attacks.

Cybersecurity Awareness: An Open Letter to CISOs

Dear CISOs, Cybersecurity Awareness Month has recently ended, and there’s a strong feeling of déjà vu. People were once again branded as “the weakest link,” “assets” or other dehumanizing terms – we also came across dozens of articles in which vendors scaremongered with the latest cybercrime stats. Even more interesting were the various ways in which articles tried to avoid blaming people… while still blaming people. Whether it’s ‘the end user,’ ‘human error,’ ‘the under-trained employee,’ or in more recent years, the ‘hybrid’ or ‘remote’ worker, they all say the same thing: people = problem. On the other hand, but in the same vein, training bodies used the month to tout their “creative, funny and widely engaging” awareness videos that will apparently arm people with the skills they need to stay secure. Do you really feel any more secure? It’s time to do the math. 

Verified mess — Twitter’s $8 blue tick rollout sees ‘verified’ fakes

Twitter has officially rolled out its Twitter Blue program for an $8 monthly fee that confers upon the Tweeter multiple benefits, including the much-sought blue badge. Whereas previously, only accounts of notable personalities and organizations earned the blue-tick, it’s now open to anyone willing to shed the monthly fee. But, all this has led to its own set of problems, such as threat actors now impersonating famous people and still being granted a “verified” status.

Related Posts