AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/05/2023

US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families

Americans with family overseas who hope to visit the United States may soon face an increased risk of being surveilled by their own government. Support in Congress is growing for intensified vetting procedures at the US border, which would see immigrants and foreign visitors subjected to the same levels of scrutiny as suspected terrorists and spies. A bill introduced last week by members of the Senate Intelligence Committee (SSCI) and forthcoming legislation from its House counterpart both aim to expand the use of a key foreign intelligence program—Section 702—for screening and vetting visitors to the US.

 

Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says

Humans will ultimately be held responsible for the use or misuse of artificial intelligence technologies during military conflicts, a top Department of Defense official said during a panel discussion at the Reagan National Defense Forum on Saturday. Air Force Secretary Frank Kendall dismissed the notion “of the rogue robot that goes out there and runs around and shoots everything in sight indiscriminately,” highlighting the fact that AI technologies — particularly those deployed on the battlefields of the future — will be governed by some level of human oversight.

 

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed AeroBlade, which appears to be aimed at carrying out both competitive and commercial cyberespionage. The threat actor employed spear-phishing as the means of distribution mechanism. A weaponized document that was delivered as an email attachment reportedly has a malicious VBA macro code embedded in it as well as a remote template injection mechanism to provide the next stage of the payload execution, according to the BlackBerry Threat Research and Intelligence team.

 

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to cryptocurrency, as well as individuals who hold crypto assets or take an interest in the subject. Information about the new loader variant first appeared in an X (formerly Twitter) post. Earlier RustBucket versions spread its malicious payload via an app disguised as a PDF viewer. By contrast, this new variety was found inside a ZIP archive that contained a PDF file named, “Crypto-assets and their risks for financial stability”, with a thumbnail that showed a corresponding title page. The metadata preserved inside the ZIP archive suggests the app was created on October 21, 2023.

 

BlackCat ransomware crims threaten to directly extort victim’s customers

The AlphV/BlackCat ransomware group said it plans to “go direct” to the clients of a firm it allegedly attacked to extort them, claiming to have infiltrated the systems of accounting software vendor Tipalti. BlackCat claims it has had access to Tipalti’s systems since September 8 and alleges that since then it has managed to exfiltrate more than 265GB of “confidential” data belonging to the company, its employees, and its clients. Tipalti said it is “thoroughly” investigating the gang’s claims. The criminals believe their chances of getting an extortion payment from Tipalti directly are slim, based on their apparent understanding that Tipalti’s cyber insurance policy doesn’t cover extortion and – or so it claims – an evaluation of its internal discussions suggesting they would not engage with cybercriminals.

Related Posts