AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/15/2023

How worried should we be about the “AutoSpill” credential leak in Android password managers? 

By now, you’ve probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it poses is real, but it’s also more limited and easier to contain than much of the coverage to date has recognized. This FAQ dives into the many nuances that make AutoSpill hard for most people (yours truly included) to understand. This post wouldn’t have been possible without invaluable assistance from Alesandro Ortiz, a researcher who discovered a similar Android vulnerability in 2020. 


Ten Years Later, New Clues in the Target Breach 

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator. 


Four Charged in Connection With $80m Pig Butchering Scheme 

Four US residents have been charged with a series of money laundering offenses connected to a major “pig butchering” fraud syndicate. Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, of Rosemead, California; and Hailong Zhu, 40, of Naperville, Illinois, are charged with conspiracy to commit money laundering, concealment money laundering and international money laundering. 


New Security Vulnerabilities Uncovered in pfSense Firewall Software – Patch Now 

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. “Security inside a local network is often more lax as network administrators trust their firewalls to protect them from remote attacks,” security researcher Oskar Zeino-Mahmalat said. 


Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating normally’ 

The Kraft Heinz Company said it is looking into recent claims of data theft made by a ransomware gang. The Chicago-based company is the third-largest food and beverage company in North America and the fifth-largest in the world — reporting annual sales of more than $26 billion in 2021. On Wednesday evening, the Snatch ransomware gang added the company to its leak site, claiming to have stolen an undisclosed amount of data. A spokesperson for Kraft Heinz provided more information about what may have been attacked but said the company is not dealing with any adverse effects. 

Related Posts