AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/07/2022

Pegasus spyware was used to hack reporters’ phones. I’m suing its creators

Iwas warned in August 2020. A source told me to meet him at six o’clock at night in an empty parking lot in San Salvador. He had my number, but he contacted me through a mutual acquaintance instead; he didn’t want to leave a trace. When I arrived, he told me to leave my phone in the car. As we walked, he warned me that my colleagues at El Faro, the Salvadoran news organization, were being followed because of a story they were pursuing about negotiations between the president of El Salvador and the notorious MS-13 gang.


Rackspace Admits Security Incident, Helps Customers Migrate to Microsoft 365 Accounts

Cloud company Rackspace has revealed it experienced a cybersecurity incident causing it to temporarily suspend its Hosted Exchange environment. “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact,” the company wrote on its website on Saturday. “After further analysis, we have determined that this is a security incident. The known impact is isolated to a portion of our Hosted Exchange platform. We are taking necessary actions to evaluate and protect our environments.” As the company assessed the extent of the security issue, it revealed it assisted customers in opening replacement Microsoft 365 accounts so they could resume sending and receiving emails.


Apple Sued by Women After Exes Use AirTags to Stalk Them

Apple is facing a lawsuit in federal court in San Francisco by two women, one of which claims her ex-boyfriend used an AirTag to track her without her consent, reports Bloomberg. Since their release in April 2021, the use of Apple’s AirTags has raised concerns among privacy groups and law enforcement that the trackers could be used for illegal tracking. Apple has built several safeguards to protect against unwanted tracking, but according to the new lawsuit, those safeguards are “inadequate.” The lawsuit, filed on Monday, claims that the safeguards in place, which include alerting iPhone users if an unknown AirTag is found to be following them, are “woefully inadequate, and do little, if anything, to promptly warn individuals if they are being tracked.” The other woman in the lawsuit says her husband placed an AirTag in her child’s backpack in order to track her. The two women are requesting an unspecified amount of damages and accusing Apple of releasing an unsafe product.


Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that’s designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. “The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware,” Resecurity said. “InTheBox may be called the largest and probably the only one in its marketplace category providing high-quality web injects for popular types of mobile malware.”


ChatGPT shows promise of using AI to write malware

For even the most skilled hackers, it can take at least an hour to write a script to exploit a software vulnerability and infiltrate their target. Soon, a machine may be able to do it in mere seconds. When OpenAI last week released its ChatGPT tool, allowing users to interact with an artificial intelligence chatbot, computer security researcher Brendan Dolan-Gavitt wondered whether he could instruct it to write malicious code. So, he asked the model to solve a simple capture-the-flag challenge. The result was nearly remarkable. ChatGPT correctly recognized that the code contained a buffer overflow vulnerability and wrote a piece of code exploiting the flaw. If not for a minor error — the number of characters in the input — the model would have solved the problem perfectly.


Amnesty Canada Target of China-linked Cyberattack

The English-language division of Amnesty International’s Canadian office claims it was the subject of a “sophisticated” hacking attempt that it suspects is connected to China. Amnesty International Canada said in a statement on Monday that the cyber security breach was discovered for the first time on October 5 when suspicious activity was noticed on Amnesty’s IT infrastructure. It continued by saying that quick action was taken to safeguard the systems and look into the attack’s origin. “As a group that promotes human rights around the world, we are well aware that we could be the target of state-sponsored efforts to obstruct or monitor our activities. The security and privacy of our activists, staff, funders, and stakeholders remain our top priority, and we will not be intimidated by this, said Ketty Nivyabandi, secretary general of Amnesty International Canada. 


Suspects arrested for hacking US networks to steal employee data

Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. The suspects identified in four recently unsealed U.S. indictments are Akinola Taylor (Nigeria), Olayemi Adafin (United Kingdom), Olakunle Oyebanjo (Nigeria), and Kazeem Olanrewaju Runsewe (Nigeria). The four men are accused of transnational wire fraud and identity theft for filing false tax claims with the United States Internal Revenue Service (IRS) to steal money from the agency through tax refunds.


TSA is ready for a nationwide deployment of its facial recognition system

The TSA started using its biometric system in 16 US airports as an optional screening procedure requiring the traveler to insert their ID document and have their face scanned. The system is named CAT-2, and according to the TSA, it can successfully match a live photo captured against the image on the digital ID to verify a passenger’s identity. The agency says the biometric data collected through CAT-2 scanning is anonymized, encrypted, and then transferred for analysis to the Department of Homeland Security’s Science & Technology Directorate to assess the technology’s effectiveness. The data will be deleted within 24 months, TSA states.


Shift to Memory-Safe Languages Gains Momentum

The software industry is making headway against a group of pernicious vulnerabilities that are responsible for the vast majority of critical, remotely exploitable, and in-the-wild attacks, software-security experts said this week. The class of vulnerabilities — so-called memory-safety issues — include buffer overflows and use-after-free errors and have accounted for the majority of application security issues disclosed by software companies. Now, the latest data show that the increasing use of memory-safe languages — such as Java, C#, and more recently, Rust — has resulted in a rapid decline of the entire class of vulnerabilities.

Related Posts