AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/22/2023

Four in five Apache Struts 2 downloads are for versions featuring critical flaw 

Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 in terms of CVSS severity. It is a logic bug in the framework’s file upload feature: if an application uses Struts 2 to allow users to upload files to a server, those folks can abuse the vulnerability to save documents where they shouldn’t be allowed to on that remote machine. Thus someone could, for instance, use the flaw to upload a webshell script to a web server, and access it to take control of or get a foothold on that system.  


Lapsus$: GTA 6 hacker handed indefinite hospital order 

An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who has autism, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m. The judge said Kurtaj’s skills and desire to commit cyber crime meant he remained a high risk to the public. He will remain at a secure hospital for life unless doctors deem him no longer a danger. 


FTC bans Rite Aid from using AI facial recognition for 5 years 

Pharmacy chain Rite Aid was banned from utilizing commercial artificial intelligence facial recognition by the Federal Trade Commission after the store failed to comply with the current “reasonable safeguards” to prevent automated systems from harming consumers. In an injunction filed against Rite Aid on December 19, the FTC claims that the company did not do enough to secure affirmative consent from consumers interacting with the automated biometrics used across Rite Aid stores. These biometric softwares collected sensitive consumer data and protected information without adequately requesting permission from consumers, leaving some customers erroneously accused of theft and wrongdoing within the stores.  


Crypto drainer steals $59 million from 63k people in Twitter ad push 

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named ‘MS Drainer’ that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they discovered over ten thousand phishing websites using the drainer from March 2023 to today, with spikes in the activity observed in May, June, and November. A drainer is a malicious smart contract or, in this case, a complete phishing suite designed to drain funds from a user’s cryptocurrency wallet without their consent. 


Fake VPN Chrome extensions force-installed 1.5 million times 

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via an installer hidden in pirated copies of popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4, which are distributed from torrent sites. ReasonLabs notified Google of its findings, and the tech giant removed the offending extensions from the Chrome Web Store, but only after those had amassed a total of 1.5 million downloads. 

Related Posts