AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/21/2022

Russian hackers attempted to breach petroleum refining company in NATO country, researchers say

A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto’s Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like “military assistance,” according to the report, which provides an update on the activities since the start of the Russian invasion of Ukraine of a hacking group Palo Alto tracks as “Trident Ursa.”

FBI: Steep climb in teens targeted by online ‘sextortion’

The FBI sounded the alarm Monday about an explosive increase in teenage boys being targeted online and extorted for money after being tricked into sending sexually explicit pictures. At least 3,000 children, mostly teenage boys, have been victims of the schemes that are connected to more than a dozen suicides this year, a scale that U.S. authorities have not seen before, Justice Department officials said. Many think they are chatting online with kids around their own age but are quickly manipulated into sending explicit pictures and then blackmailed for money with threats to release the images, the FBI said. Most victims are between 14 and 17, but kids as young as 10 have been targeted.

Senators want agencies to encrypt data before sharing with new NSF database

Sens. Ron Wyden, D-Ore., and Rob Portman, R-Ohio, are urging the National Science Foundation to require encryption to protect sensitive data shared via a powerful new platform being stood up by the U.S. government for cross-agency collaboration. The pair argue in a letter sent Tuesday to NSF Director Sethuraman Panchanathan that encryption is the best technology to ensure that data shared through the new National Secure Data Service stays out of reach of foreign adversaries and malicious hackers. Wyden and Portman want the encryption protections applied to any data that could be used to infer the identity of an individual.

Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say

Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info

Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students’ information as well as the education publishing giant’s own source code and digital keys, according to security researchers. The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted McGraw Hill a day later. One production bucket contained more than 47 million files and 12TB of data, and a second non-production bucket held more than 69 million files and 10TB of data, we’re told. “In the limited sample we researched, we could see that the amount of records varied on each file from ten to tens of thousands students per file,” the researchers said. “Due to the amount of files exposed and because we only review a small sample following ethical rules, the actual total number of affected students could be far higher than our estimate.”

DraftKings hack exposes 67,000 users’ personal and financial info

DraftKings reported that it suffered a data breach in November that affected over 67,000 customers. Even if you aren’t part of that group, it’s wise to change your DraftKings password. In the data breach notification, DraftKings said that the credentials used in the attack came from other websites. Once in an account, the attacker did an initial $5 deposit, then changed the password and the phone number used for two-factor authentication. Then they withdrew money from any linked bank accounts. BleepingComputer says that the compromised accounts cost $10 to $35 each on an online marketplace for hackers. The seller even included step-by-step instructions on how to drain the accounts.

Okta’s source code stolen after GitHub repositories hacked

Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. According to a ‘confidential’ email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta’s source code. BleepingComputer has obtained a ‘confidential’ security incident notification that Okta has been emailing to its ‘security contacts’ as of a few hours ago. We have confirmed that multiple sources, including IT admins, have been receiving this email notification.

Related Posts