AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/5/2024

FBI removes malware from hundreds of routers across the US

The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an Advanced Persistent Threat (APT) group known as “Volt Typhoon.” The US Cybersecurity and Infrastructure Security Agency (CISA) warned US businesses in May, 2023 about Volt Typhoon, an elite squadron of hackers with ties to the Chinese government, that targets high-value entities like governments, large corporations, and critical infrastructure.


AnyDesk says hackers breached its production servers, reset passwords

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company’s production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk is a remote access solution that allows users to remotely access computers over a network or the internet. The program is very popular with the enterprise, which use it for remote support or to access colocated servers.


Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs

Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app used by Airbus pilots was vulnerable to remote data manipulation, given the right conditions. In reality, that Die Hard scene was, surprise surprise, riddled with plot holes – the researchers proved that a few months ago – but proving the possibility of something similar would always be exciting.


The ‘Big Three’ ransomware groups are losing their grip on the industry as gangs begin to fracture, study shows

Major ransomware groups LockBitALPHV (BlackCat), and Cl0p, increased their attack output in 2023, but are losing ground to a surge of new collectives, research has revealed. LockBit remained the most prolific group in 2023 with 1,191 listed victims according to data collated from the dark web leak sites of over 50 ransomware groups and published in security specialist Searchlight Cyber’s annual ransomware report.


Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’

A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police. The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday. “(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.


The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in mid-August it was the victim of a cybersecurity incident that forced it to take some systems offline. At this time, Clorox has yet to share technical details of the cyberattack. The described impacts suggest that the company was likely a ransomware attack. According to a filing with SEC, Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million. The costs include losses caused by disruptions, as well as expenses for third-party forensics and consultants assisting the company in investigating and remediating the attack.

Related Posts