AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/18/2024

Hackers now sending physical malicious letters, Swiss authorities warn

Is there anything threat actors won’t do to gain initial access? Swiss authorities are warning about a new sophisticated cybersecurity threat – malicious counterfeit letters. Cyber bandits have launched a malicious campaign across Switzerland using counterfeit letters that appear to be from MeteoSwiss (the Federal Office of Meteorology and Climatology). The victims report that the letters contain a QR code asking recipients to download a new “Severe Weather Warning App.” The fraudulent letter pressures recipients by claiming that the app is mandatory and essential for family safety. It instructs users to scan the included QR code with a smartphone and follow the subsequent instructions to download and install the app.

 

Air fryers are the latest surveillance threat you didn’t consider

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We’ve learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about to change. You don’t need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet. But according to Which?, the air fryers’ associated phone apps wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone. The researchers also found evidence that the Aigostar and Xiaomi fryers both sent people’s personal data to servers in China. This was specified in the privacy notice, but we know not everyone reads a privacy notice.

 

NSO – not government clients – operates its spyware, legal documents reveal

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker – and not its government customers – is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software. The new details were contained in sworn depositions from NSO Group employees, portions of which were published for the first time on Thursday. It comes five years after WhatsApp, the popular messaging app owned by Facebook, first announced it was filing suit against NSO. The company, which was blacklisted by the Biden administration in 2021, makes what is widely considered the world’s most sophisticated hacking software, which – according to researchers – has been used in the past in Saudi Arabia, Dubai, India, Mexico, Morocco and Rwanda.

 

T-Mobile confirms it was hacked in recent wave of telecom breaches

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” T-Mobile told the Wall Street Journal, which first reported about the breach. “We will continue to monitor this closely, working with industry peers and the relevant authorities.”

 

Millions of WordPress sites could be at risk from “one of the most serious” plugin flaws ever found

Cybersecurity researchers have found a critical vulnerability affecting millions of WordPress websites which could grant attackers full control over the vulnerable website. Security professionals from Wordfence reported discovering an “improper handling of user authentication” vulnerability in the Really Simple Security WordPress plugin, both free and paid versions. This plugin simplifies the process of securing websites by enabling SSL with a single click, and automatically resolving mixed content issues. Furthermore, it offers features such as security headers, and HTTP Strict Transport Security (HSTS), which made it a super popular choice. It currently has more than five million active installations.

Related Posts