AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/12/2021

Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach

Queensland’s largest regional water supplier, Sunwater, says it was targeted by hackers in a cyber security breach that went undetected for nine months. It has been revealed that hackers left suspicious files on a webserver to redirect visitor traffic to an online video platform last year. Sunwater admitted the cyber breach after the tabling of a Queensland’s Audit Office report into the state’s water authorities, which mentioned the incident but did not say which authority was targeted. Following questions from the ABC, Sunwater confirmed it was the authority affected by the breach revealed in the Audit Office’s report. A Sunwater spokesperson said no financial or customer data had been compromised and immediate steps had been taken to improve security once the unauthorised access to an online content management system was detected.

 

VP Harris announces US support for international cybersecurity partnership in Paris

US Vice President Kamala Harris said the US will be joining the Paris Call for Trust and Security in Cyberspace — a voluntary agreement between more than 80 countries, local governments, and tech companies centered on advancing cybersecurity and “preserving the open, interoperable, secure, and reliable Internet.” The announcement was part of a diplomatic trip Harris made to Paris, where she met with French President Emmanuel Macron to discuss a range of issues. Macron spearheaded the creation of the initiative in 2018 and has long sought the inclusion of the US. But the administration of former President Donald Trump refused to join, criticizing it because both China and Russia also were not part of it. 

 

Booking.com was reportedly hacked by a US intel agency but never told customers

A hacker working for a US intelligence agency breached the servers of Booking.com in 2016 and stole user data related to the Middle East, according to a book published on Thursday. The book also says the online travel agency opted to keep the incident secret. Amsterdam-based Booking.com made the decision after calling in the Dutch intelligence service, known as AIVD, to investigate the data breach. On the advice of legal counsel, the company didn’t notify affected customers or the Dutch Data Protection Authority. The grounds: Booking.com wasn’t legally required to do so because no sensitive or financial information was accessed. IT specialists working for Booking.com told a different story, according to the book De Machine: In de ban van Booking.com (English translation: The Machine: Under the Spell of Booking.com). The book’s authors, three journalists at the Dutch national newspaper NRC, report that the internal name for the breach was the “PIN-leak,” because the breach involved stolen PINs from reservations.

 

Watering hole attacks enabled hackers to target iPhone and Mac users in Hong Kong

Google’s Threat Advisory Group (TAG) have disclosed details of a massive cyber-espionage campaign which exploited multiple vulnerabilities, including a zero-day, in iOS and macOS to target people interested in Hong Kong politics, particularly pro-democracy issues. The researchers said they discovered watering hole attacks in August which used an exploit chain to install malware on vulnerable iOS and macOS devices visiting compromised websites of a Hong Kong media outlet and a prominent pro-democracy group. The security vulnerabilities exploited included a zero-day, privilege escalation bug (CVE-2021-30869) which existed in macOS Catalina. This security bug affected the XNU kernel component and enabled a malicious application to execute arbitrary code with the highest privileges. TAG promptly disclosed the bug to Apple, which released a fix for it on 23 September.

 

DDoS attack takes yet another VoIP provider offline

Voice over Internet Protocol (VoIP) provider Telnyx has become the latest victim of the recent spate of distributed denial-of-service (DDoS) attacks against the internet telephony companies. Telnyx caters to customers across the world, and the attack caused disruptions across its network, all over the world. “Telnyx is currently experiencing a DDoS attack. Until we reach a resolution, you may be experiencing failed calls, API and portal latency/time outs, and/or delayed or failed messages,” communicated Telnyx through its status page. After a few hours, Telnyx began migrating its services to Cloudflare’s Magic Transit service, which offers DDoS protection. As of now, the migration process has completed and the service is up and operational.

 

Researchers show that Apple’s CSAM scanning can be fooled easily

A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple’s CSAM. CSAM (Child Sexual Abuse Material) was a controversial proposal submitted by Apple earlier this year. The proposal was eventually retracted in September, following strong backlash from customers, advocacy groups, and researchers. Apple hasn’t abandoned CSAM but rather postponed its roll-out for 2022, promising new rounds of improvements and a more transparent approach in its development. The main idea is to compare image hashes (IDs) of pictures shared privately between iOS users to a database of hashes provided by NCMEC and other child safety organizations.

Related Posts