AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/13/2023

 
Recruiters, beware of cybercrooks posing as job applicants! 

Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets people who are involved in recruiting and hiring, the emails do not immediately seem suspicious,” they noted. 

  

Northern Ireland cops count human cost of August data breach 

An official review of the Police Service of Northern Ireland’s (PSNI) August data breach has revealed the full extent of the impact on staff. The incident, which affected 9,483 officers, was branded “the most significant data breach that has ever occurred in the history of UK policing” by Commissioner Pete O’Doherty of the City of London Police, and the damage is said to be “unquantifiable.” The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced to relocate out of fear for their safety. 

 

Over 1,450 pfSense servers exposed to RCE attacks via bug chain 

Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. pfSense is a popular open-source firewall and router software that allows extensive customization and deployment flexibility. It is a cost-effective solution that accommodates specific needs, offering a wide range of features typically found in expensive commercial products. In mid-November, SonarSource’s researchers with the aid of their SonarCloud solution discovered three flaws impacting pfSense 2.7.0 and older and pfSense Plus 23.05.01 and older. The flaws are tracked as CVE-2023-42325 (XSS), CVE-2023-42327 (XSS), and CVE-2023-42326 (command injection). 

 

Cloud engineer gets 2 years for wiping ex-employer’s code repos 

Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. First Republic Bank was a commercial bank in the U.S., employing over seven thousand people and having an annual revenue of $6.75 billion. The bank closed on May 1, 2023, and was sold to JPMorgan Chase. According to the U.S. Department of Justice (DoJ) announcement, Brody was fired on March 11, 2020, from First Republic Bank (FRB) in San Francisco, where he worked as a cloud engineer. 

 

iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone 

The first iOS 17.3 beta rolling out to developers today includes a new “Stolen Device Protection” feature that is designed to add an additional layer of security in the event someone has stolen your iPhone and also obtained the device’s passcode. Earlier this year, The Wall Street Journal‘s Joanna Stern and Nicole Nguyen reported about instances of thieves spying on a victim’s iPhone passcode before stealing the device, often in public places like bars. The thief can then reset the victim’s Apple ID password, turn off Find My, view passwords stored in iCloud Keychain for banking and email accounts, and more. All in all, the report said thieves can essentially “steal your entire digital life.” 

 

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing 

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. “Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity,” the Microsoft Threat Intelligence team said in an analysis. “The misuse of OAuth also enables threat actors to maintain access to applications even if they lose access to the initially compromised account.” 

Related Posts