AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/05/2022

NATO Launches Massive Cyber-Defense Exercise

NATO this week kicked off its Cyber Coalition 22 exercise with a mission to enhance cyber resilience among its members. The military alliance brought together 1000 defenders from 26 member countries plus Finland and Sweden, Georgia, Ireland, Japan, Switzerland and the EU, as well as participants from industry and academia. The five-day exercise is designed to pose real-life challenges to participants such as cyber-attacks on power grids and NATO assets, with a view to enhancing their ability to defend networks and collaborate in cyberspace, the alliance said. “Cyber Coalition 22 provides a unique platform for collaboration, experimentation, sharing of experience and developing best practices,” it added.

 

Hive Social turns off servers after researchers warn hackers can access all data

Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. “The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages,” the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. “This also includes private email addresses and phone numbers entered during login.”

 

DHS Cyber Safety Review Board to focus on Lapsus$ hackers

The Department of Homeland Security announced Friday that the Cyber Safety Review Board’s next investigation will focus on the Lapsus$ hacking group. The decision to focus on a hacking group represents a departure from the body’s inaugural investigation, which reviewed a specific cyber vulnerability. That report focused on Log4j, a vulnerability in a widely used logging library. This time around the CSRB will study the actions of Lapsus$, a notorious hacking group that has targeted a slew of companies and attempted to extort them in exchange for not releasing stolen data.

 

LinkedIn rolls out focused inbox and messaging safety tools as it gets to grip with spam and scams

LinkedIn, the social platform for the working world for networking and recruitment, hasn’t been the biggest name in headlines when it comes to how social media is leveraged for spam, scams, toxicity and fake news, but they’re all significant problems on the platform that will only get bigger as traffic grows (as it’s doing currently, at a rate of 34%/year), and as businesses and people fly from other social networks and look to the likes of LinkedIn, which now has some 875 million members, for more targeted business interactions. Today the company made a couple of announcements related to its direct messaging service — your private inbox that sits alongside your public feed — that speak to this theme: LinkedIn is rolling out a “focused” option for incoming messages with others relegated to an “other” box; and it’s turning on new automatic spam and harassment detection and a new feature to report unwanted messaging.

 

Hacker Makes Off With Millions After Minting Six Quadrillion of Ankr’s BNB Staking Tokens

Ankr, a web3 infrastructure project on BNB Chain, has suffered a major exploit with an attacker minting and dumping millions worth of its wrapped BNB token, aBNBc. On Dec. 2, Nansen, an on-chain analytics provider, flagged that six quadrillion aBNBc had been abruptly minted. It added that the hacker was racing to offload the tokens onto BNB Chain-based decentralized exchanges, using the network’s deployment of Tornado Cash — a crypto mixing protocol designed to obfuscate the transaction history for digital assets — to move their illicit gains to the Ethereum network.

 

A year later, Log4Shell still lingers

When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours to identification and remediation efforts. One federal cabinet department reported that its security team devoted 33,000 hours to Log4j vulnerability response alone. Tenable telemetry found that one in 10 assets – including desktops, laptops, servers, storage devices, network devices, phones, tablets, virtual machines, web applications, IoT devices cloud instances and containers – was vulnerable to Log4Shell as of December 2021. October 2022 data showed improvements, with 2.5% of assets vulnerable. Yet nearly one third (29%) of these assets had recurrences of Log4Shell after full remediation was achieved.

 

Meta faces lawsuit for harvesting financial data from tax prep websites

A group of anonymous plaintiffs who filed their taxes online in 2020 using H&R Block has sued Meta, accusing the company of violating users’ trust and privacy. If you’ll recall, a recent Markup investigation revealed that H&R Block, along with other popular tax-filing websites like TaxAct and TaxSlayer, have been sending users’ sensitive financial information to Meta through its Pixel tracking tool. Pixel is a piece of code companies can embed on their websites so they can track visitors’ activities and identify Facebook and Instagram users to target with ads. Apparently, the aforementioned tax prep websites had been transmitting personal information, such as income data, filing statuses, refund amounts and dependents’ tuition grants, to Meta through that code. The tax-filing services had already changed their Pixel settings to stop sending information or had been reevaluating how they used Pixel by the time Markup’s report came out. 

 

Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices

Mayors’ offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service. Kaspersky researchers have named the wiper CryWiper, a nod to the extension .cry that gets appended to destroyed files. Kaspersky says its team has seen the malware launch “pinpoint attacks” on targets in Russia. Izvestia, meanwhile, reported that the targets are Russian mayors’ offices and courts. Additional details, including how many organizations have been hit and whether the malware successfully wiped data, weren’t immediately known.

 

Police arrest 55 members of ‘Black Panthers’ SIM Swap gang

The Spanish National Police have arrested 55 members of the ‘Black Panthers’ cybercrime group, including one of the organization’s leaders based in Barcelona. The gang was operating four specialized activity cells dedicated to social engineering, vishing (voice phishing), phishing, and carding, having a very organized structure. The arrested leader coordinated the cells and recruited new members and money mules. “The criminal group consisted of a network structure, made up of interconnected and perfectly defined action cells, whose division of tasks dealt with knowledge, accessibility to stolen information, and experience,” reads the police’s announcement.

Related Posts