AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/23/2022

Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’

The email went out to students at Knox College, a small liberal arts school in Illinois, on the evening of Dec. 12. A hacker group known as Hive had broken into the college’s computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students. “We have compromised your collage networks,” the email said, written in the kind of broken English common among international ransomware hackers. “The data we have includes your personal information, medical records, psychological assessments, and many other sensitive data.”

Insiders worry CISA is too distracted from critical cyber mission

When Congress was still trying to understand the full extent of Russia’s 2016 election meddling and growing increasingly anxious about possible cyberattacks on other U.S. targets, lawmakers rallied behind an idea to shore up the nation’s digital defenses. In the fall of 2018, they passed legislation establishing an agency inside the Department of Homeland Security to streamline federal cybersecurity efforts, encourage industry to improve vulnerable systems and help safeguard critical infrastructure from determined nation-state hackers.

DuckDuckGo now blocks Google sign-in pop-ups on all sites

DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. DuckDuckGo offers a privacy-focused search engine, an email service, mobile apps, and data-protecting browser extensions. A standalone web browser is also in the works, currently in beta and only available for macOS. The company announced today that all its Chrome, Firefox, Brave, and Microsoft Edge apps and browser extensions will now actively block Google sign-in prompts displayed on sites.

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the passwords had been changed. After regaining access to the accounts, they discovered they had been hacked and a secondary email at the disposable @yopmail.com domain was added to their profile.

LastPass users: Your info and password vault data are now in hackers’ hands

LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults. The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager’s development environment and “took portions of source code and some proprietary LastPass technical information.” The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren’t affected.

BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers

MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related to transactions. “The affected information varied by patron,” according to the statement.

Related Posts