AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/19/2023

Xfinity discloses data breach affecting over 35 million people 

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19. 


Pro-China campaign targeted YouTube with AI avatars 

Think tank Australian Strategic Policy Institute (ASPI) last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have collectively published over 4,500 videos, accumulating 120 million views and 730,000 subscribers. ASPI reported the accounts to YouTube and 19 of the channels were subsequently removed. According to the think tank, Shadow Play has been operating since mid-2022. At times it uses AI to generate voiceovers. “To our knowledge, this is one of the first times that video essays, together with generative AI voiceovers, have been used as a tactic in an influence operation,” explained ASPI. 


Impact of Log4Shell Bug Was Overblown, Say Researchers 

Security researchers have claimed that a vulnerability described as the biggest and most critical ever discovered was far less dangerous than first believed. Log4Shell was a critical, CVSS 10.0-rated vulnerability in popular open source logging utility Log4j. It was thought to be relatively easy to exploit, enabled remote code execution, and was found in a huge range of proprietary and open source applications. Some experts predicted that it could be exploited by threat actors for years as organizations struggled to find and patch vulnerable versions hidden within open source dependencies. However, a new report from VulnCheck released yesterday posited that these fears were “overblown and exaggerated.” 


Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site 

An international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware,” a message on the gang’s dark web leak site now reads, seen by TechCrunch. According to the splash, the takedown operation also involved law enforcement agencies from the United Kingdom, Denmark, Germany, Spain and Australia. 


Telecom organizations in Africa targeted by Iran-linked hackers 

A cyber-espionage group linked to Iran’s intelligence service has been targeting telecommunications companies in Egypt, Sudan and Tanzania, researchers have found. This is likely the first time the group, tracked as MuddyWater, has operated against organizations in Africa, according to Marc Elias, a threat intelligence analyst at Symantec, who analyzed the incident. In previously reported attacks, the hackers were mostly interested in entities in the Middle East. 

Related Posts