AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/26/2024

7-Zip affected by dangerous vulnerability: users must update the app manually

The popular file compression program 7-Zip is currently affected by a high-severity vulnerability that allows attackers to execute code on the victim’s machines, Trend Micro’s Zero Day Initiative (ZDI) has disclosed. The flaw has a severity score of 7.8 out of 10, and it affects all 7-Zip versions prior to 24.07. It was released on June 19th, 2024, and the current version is 24.08. The app and subsequent updates must be installed manually, as the program doesn’t have automatic updates. Therefore, many systems are likely still vulnerable.

 

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom detection signature Volexity had deployed at a customer site (“Organization A”) indicated a threat actor had compromised a server on the customer’s network. While Volexity quickly investigated the threat activity, more questions were raised than answers due to a very motivated and skilled advanced persistent threat (APT) actor, who was using a novel attack vector Volexity had not previously encountered. At the end of the investigation, Volexity would tie the breach to a Russian threat actor it tracks as GruesomeLarch (publicly known as APT28, Forest Blizzard, Sofacy, Fancy Bear, among other names). Volexity further determined that GruesomeLarch was actively targeting Organization A in order to collect data from individuals with expertise on and projects actively involving Ukraine.

 

Meta removes over 2 million accounts pushing pig butchering scams

Meta announced that it has taken down 2 million accounts across its platforms since the beginning of the year that are linked to pig butchering and other scams. Most of these accounts originate from Myanmar, Laos, the United Arab Emirates, the Philippines, and Cambodia, which is known for hosting “scam slave” operations. “These criminal scam hubs lure often unsuspecting job seekers with too-good-to-be-true job postings on local job boards, forums and recruitment platforms to then force them to work as online scammers, often under the threat of physical abuse,” explains Meta.

 

China has utterly pwned ‘thousands and thousands’ of devices at US telcos

The Biden administration on Friday hosted telco execs to chat about China’s recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover. Details of the extent of China’s attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights into info he’s learned in his role as chair of the Senate Intelligence Committee. Warner told the Post, “my hair is on fire,” given the severity of China’s attacks on US telcos. The attacks, which started well before the US election, have seen Middle Kingdom operatives establish a persistent presence – and may require the replacement of “literally thousands and thousands and thousands” of switches and routers.

 

Avast security tools hijacked in order to crack antivirus protection

Hackers are using a legitimate Avast Anti-Rootkit driver to disguise their malware, turn off antivirus protection, and infect systems, experts have warned. The vulnerable driver has been exploited in a number of attacks since 2021, with the original vulnerabilities being present since at least 2016, research by Trellix, has claimed, noting the malware can use the vulnerable driver to end the processes of security software at the kernel level. The malware in question belongs to the AV Killer family, with the attack using a vector known as bring-your-own-vulnerable-driver (BYOVD) to infect the system.

 

Former Verizon employee gets four-year sentence for sharing cyber secrets with Chinese government

A 59-year-old IT worker living in Florida was sentenced to four years in prison on Monday for sharing sensitive information with the Chinese government’s intelligence agency.  Ping Li, a U.S. citizen living in Wesley Chapel, pleaded guilty to the charge of conspiring to act as an agent of the People’s Republic of China and will have to pay a $250,000 fine. Dating back to at least 2012, Li shared troves of data with the Ministry of State Security (MSS), the country’s civilian intelligence agency. 

 

Related Posts