AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/14/2022

Facial Recognition Researcher Left a Trans Database Exposed for Years After Using Images Without Permission

In 2013, researchers at the University of North Carolina, Wilmington (UNCW) published a facial recognition dataset consisting of more than 1 million images of trans people who had uploaded videos of their medical transition to YouTube. The researchers used the videos without the explicit permission of their owners,  and with the stated goal of training facial recognition systems to recognize people before and after they start Hormone Replacement Therapy (HRT). 

Researchers smell a cryptomining Chaos RAT targeting Linux systems

A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux operating systems, the code kills competing malware and resources that affect cryptocurrency mining performance. The newer malware then establishes persistence “by altering /etc/crontab file, a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin,” wrote Trend Micro researchers David Fiser and Alfredo Oliveira.

Play ransomware claims attack on Belgium city of Antwerp

The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp’s IT systems, suffered a ransomware attack that disrupted the city’s IT, email, and phone services. Local media reported that many of the city’s Windows applications were no longer available, and City council member Alexandra d’Archambeau publicly tweeted that email was not available.

NSA says Chinese hackers are actively attacking flaw in widely used networking device

The National Security Agency said on Tuesday that Chinese state-backed hackers are exploiting a flaw in a widely used networking device that allows an attacker to carry out remote code execution. In its advisory, the NSA said it believes a Chinese hacking crew known as APT5 “has demonstrated capabilities” against an application delivery controller made by Citrix. Citrix released an emergency patch to fix the vulnerability on Monday and said that “exploits of this issue on unmitigated appliances in the wild have been reported.”

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.

Related Posts