AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/24/2022

France says non to Office 365 and Google Workspace in school

The French minister of national education and youth has said that free versions of Microsoft Office 365 and Google Workspace should not be used in schools – a position that reflects ongoing European concerns about cloud data sovereignty, competition, and privacy rules. In August, Philippe Latombe, a member of the French National Assembly, advised [PDF] Pap Ndiaye, the minister of national education, that the free version of Microsoft Office 365, while appealing, amounts to a form of illegal dumping. He asked the education minister what he intends to do, given the data sovereignty issues involved with storing personal data in an American cloud service. Last week, the Ministry of National Education published a written reply to confirm that French public procurement contracts require “consideration” – payment.

 

Microsoft warns: This forgotten open-source web server could let hackers ‘silently’ gain access to your system

Microsoft has raised an alarm about a peculiar cybersecurity threat that serves as a warning to all enterprises about open-source software (OSS) supply chain security. The Microsoft Threat Intelligence Center (MSTIC) kicked off its own investigation into an April 2022 report by security vendor Recorded Future about a “likely Chinese state-sponsored” threat actor targeting the Indian power sector for the past two years. Recorded Future listed over a dozen network indicators of compromise (IOCs) it had observed between late 2021 and Q1 2022 that were used in 38 intrusions against multiple organisations in India’s energy sector.  

 

34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. “The underground market value of stolen logs and compromised card details is estimated around $5.8 million,” Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards. A majority of the victims are located in the U.S., followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, 890,000 devices in 111 countries were infected during the time frame.

 

If your kids love Roblox, check their browser for this malware

The latest high-profile heist of valuable digital currency has nothing to do with Bitcoin or Ethereum. Nope, this time thieves are stealing currency and assets from Roblox players. Roblox is a massively popular kid’s game platform that has a disturbing amount of real money trading hands, and it’s become the target of a series of Chrome extensions hiding malware. , at least two extensions posted to the official Chrome Web Store were fronts for a backdoor program that gathers a Roblox player’s user info and potentially makes them a target for hacking, especially if they’re also a user of the third-party Rolimons.com currency trading system.

 

Security experts are laying Mastodon’s flaws bare

The rising popularity of Mastodon, partly as a side-effect of Elon Musk buying Twitter, has triggered a wave of vulnerability discoveries in the app. Cybersecurity researchers using the platform recently discovered three separate vulnerabilities that could allow threat actors to tamper with the data, and even download it. For example, a researcher at PortSwigger, Gareth Heyes, discovered an HTML injection vulnerability. A security software engineer from MinIO, Lenin Alevski, discovered a system misconfiguration that allowed him to download, modify, and even delete, everything sitting in a Mastodon instance’s S3 cloud storage bucket, and Anurag Sen found an anonymous server scraping Mastodon user data.

 

Sonder confirms data breach, documents and other PII potentially compromised

Hospitality company Sonder has confirmed a data breach that has potentially compromised guest records. According to a security update published on Wednesday, November 23, 2022, Sonder learned of unauthorized access to one of its systems on November 14. “Sonder believes that guest records created prior to October 1, 2021, were involved in this incident,” the company wrote. It added that they have no evidence to indicate that accounts created after November 14, 2022, were involved. “This suggests the company has improved their security since last October, that, or the attacker managed to access an old backup or copy of the data,” explained Mark Warren, product specialist at Osirium. “‘Unauthorized access could apply to current staff, someone who left a while ago, a vendor, or an attacker,” Warren told Infosecurity.

Related Posts