AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/27/2023

Canada’s privacy watchdog investigating hack affecting military and RCMP personnel 

The Privacy Commissioner of Canada is investigating a cyberattack that compromised data on current and former members of the country’s armed forces and the Royal Canadian Mounted Police (RCMP). Two affiliated companies, Brookfield Global Relocation Services (BGRS) and Sirva Canada LP, informed the Canadian government of the breach in October. The companies have been contracted by the Canadian government to provide relocation services for personnel since 1995, and are involved in around 20,000 moves each year. 


General Electric investigates claims of cyber attack, data theft 

General Electric is investigating claims that a threat actor breached the company’s development environment in a cyberattack and leaked allegedly stolen data. General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries. Earlier this month, a threat actor named IntelBroker attempted to sell access to General Electric’s “development and software pipelines” for $500 on a hacking forum. 


OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! 

OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. This release incorporates the following potentially significant or incompatible changes: The default SSL/TLS security level has been changed from 1 to 2; The x509, ca, and req apps now always produce X.509v3 certificates; and Subject or issuer names in X.509 objects are now displayed as UTF-8 strings by default. 


Shadowy hacking group targeting Israel shows outsized capabilities 

Ahacking campaign displaying what researchers say is some of the most advanced publicly known tradecraft targeting Israel in recent years is showing signs of active development and evolution, a troubling development that has so far blended into the noise of near constant cyber operations targeting Israel. There’s been no shortage of cyberattacks of varying severity targeting Israeli institutions, particularly in the wake of Hamas’ Oct. 7 attack, but the tradecraft and capabilities displayed by the so-far unattributed group is far more sophisticated, said Nicole Fishbein, a researcher with Intezer. 


Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 

Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won’t ever find the state trying to unmask them either – as long as they keep supplying the attacks on Axis nations. It’s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note. Moscow-based Gazeta.ru has named a man it alleges to be the leader of pro-Russia DDoS merchants Killnet, known as “Killmilk,” in an expose following earlier claims that he started targeting the Russian Federation. 


Atomic Stealer malware strikes macOS via fake browser updates 

The ‘ClearFake’ fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware. The ClearFake campaign started in July this year to target Windows users with fake Chrome update prompts that appear on breached sites via JavaScript injections. In October 2023, Guardio Labs discovered a significant development for the malicious operation, which leveraged Binance Smart Chain contracts to hide its malicious scripts supporting the infection chain in the blockchain.

Related Posts