AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/15/2022

Meta Sued For Billions Over Incitement To Violence In Ethiopia

A little over a year ago, Professor Meareg Amare Abrha was shot outside his home and left to bleed to death. The chemistry professor, an ethnic Tigrayan, had been named in a series of Facebook posts alleging that he had stolen equipment from Ethiopia’s Bahir Dar University, where he worked. Some of the posts gave the neighborhood where he lived and called for his death. But, says the professor’s son Abrham, Facebook failed to take down the posts when requested – indeed, one was still visible as recently as a week ago. And now he, supported by human rights campaign group Foxglove, is now suing Facebook’s parent company Meta.

AWS fixes vulnerability affecting container image repository

Amazon Web Services (AWS) has fixed a new vulnerability affecting a website for finding and sharing public container images – foundational files containing code that runs on IT infrastructure. The website, Elastic Container Register Public, is a popular gallery where companies, like NGINX, Ubuntu, Amazon Linux, and HashiCorp Consul, publish container images for public consumption and usage. Gafnit Amiga, director of security research at Lightspin, discovered a vulnerability on the site that allows attackers to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS accounts. “A malicious actor could poison popular images, all while abusing the trust model of ECR Public as these images would masquerade as being verified and thus undermine the ECR Public supply chain,” she said. 

The Dark Web is Getting Darker – Ransomware Thrives on Illegal Markets

The dark web is getting darker as cybercrime gangs increasingly shop their malware, phishing, and ransomware tools on illegal cybercrime markets. In April 2022, the U.S. Treasury sanctioned the Russia-based Hydra Market. Hydra, the world’s largest dark web market, provided malicious cybercrime and cryptocurrency exchange services to global threat actors. The U.S. and Germany shut Hydra down around the same time. Ransomware groups operating on the dark web employ hundreds of hackers and earn revenues in the hundreds of millions of dollars. In addition, they could generate billions in illicit funds over time. In 2022, researchers found 475 pages of ransomware code for sale on the dark web. Ransomware from 30 strains, including DarkSide and GoldenEye ransomware-as-a-service (RaaS), was available among these offerings.

The double-edged sword of post-ransomware communication

More than a week after a ransomware attack sparked the shutdown of servers at cloud and email-hosting provider Rackspace Technology, questions are still rising and its customer base is growing frustrated. The big picture: Experts tell Axios that corporate ransomware victims face a tough dilemma: Sharing too much info risks it being weaponized in lawsuits or ruining negotiations with attackers. Not sharing enough could lead to customer outrage or even a mass exodus.

Feds Hit DDoS-for-Hire Services with 48 Domain Seizures

The US authorities have charged six people in connection with running DDoS-for-hire services which enabled attacks on millions of targets, according to the Department of Justice (DoJ). Four defendants were charged in Los Angeles in connection with running so-called “booter” services named: RoyalStresser.com (formerly known as Supremesecurityteam.com); SecurityTeam.io; Astrostress.com; and Booter.sx. An additional two people were charged in Alaska with helping to run Ipstressor.com (IPS) and TrueSecurityServices.io. Alongside the charges, the FBI is currently in the process of seizing 48 domains associated with booter services. The DoJ claimed that DDoS attacks launched with their help impacted millions of victims as well as education institutions, government agencies and gaming platforms.

Related Posts