AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/15/2023

Ethereum feature abused to steal $60 million from 99K victims 

Malicious actors have been abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. This is reported by Web3 anti-scam specialists at ‘Scam Sniffer,’ who observed several cases of in-the-wild exploitation of the function, in some cases losses incurred by one individual reaching up to $1.6 million. 


The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story 

EARLY IN THE morning on October 21, 2016, Scott Shapiro got out of bed, opened his Dell laptop to read the day’s news, and found that the internet was broken. Not his internet, though at first it struck Shapiro that way as he checked and double-checked his computer’s Wi-Fi connection and his router. The internet. The New York Times website was offline, as was Twitter. So too were the websites of The GuardianThe Wall Street Journal, CNN, the BBC, and Fox News. (And WIRED.) When Twitter intermittently sputtered back online, users cataloged an alarming, untold number of other digital services that were also victims of the outage. AmazonSpotifyRedditPayPalAirbnbSlack, SoundCloud, HBO, and Netflix were all, to varying degrees, crippled for most of the East Coast of the United States and other patches of the country. 


FBI takes down IPStorm malware botnet as hacker behind it pleads guilty 

The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation. The Justice Department said it took down the infrastructure associated with the IPStorm malware — which experts said infected thousands of Linux, Mac, and Android devices across Asia, Europe, North America and South America. 


AMD SEV OMG: Trusted execution undone by cache meddling 

Boffins based in Germany and Austria have found a flaw in AMD’s SEV trusted execution environment that makes it less than trustworthy. The researchers – Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, and Michael Schwarz (all with CISPA Helmholtz Center for Information Security), Youheng Lü (independent), Andreas Kogler (Graz University of Technology) – call the vulnerability CacheWarp for its ability to create inconsistencies between cache lines and memory. Modern CPUs support virtual memory to keep processes isolated and allow multi-tenant operations. This involves mapping virtual memory to physical memory via page tables so tenant and system processes occupying the same space can be separately managed. 


Rivian blames “fat finger” for infotainment-bricking software update 

The more innovation-minded people in the auto industry have heralded the advent of the software-defined car. It’s been spun as a big benefit for consumers, too—witness the excitement among Tesla owners when that company adds a new video game or childish noise to see why the rest of the industry joined the hype train. But sometimes there are downsides, as some Rivian owners are finding out this week. The EV startup, which makes well-regarded pickup trucks and SUVs, as well as delivery vans for Amazon, pushed out a new over-the-air software update on Monday. But all is not well with 2023.42; the update stalls before it completes installing, taking out both infotainment and main instrument display screens. 


The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners 

We present the Active Adversary Report for Security Practitioners, analyzing data amassed by Sophos’ Incident Response team and covering the six quarters ending June 2023. This is the third and final Active Adversary Report of the year. Our previous 2023 reports, which were geared toward business leaders (April) and tech leaders (August), focused on broad trends in attacker behavior. This report will dive deeper into topics that were noted but not previously highlighted, bringing forth findings that, though interesting from any cybersecurity point of view, are most likely to be actionable for security practitioners. 

Related Posts