AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/21/2024

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were taken over by carrying out brute-force attacks, which employ trial-and-error methods to guess login credentials. The group operated under the direction of a leader, who distributed the hacking tasks to other members.

 

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative control over affected servers. “The attackers are then able to install malware that can reach out to its command-and-control (C&C) server and perform additional commands such as deploying Cobalt Strike beacons and remote access trojans (RATs),” Trend Micro said in a new report.

 

Hackers claim to have breached Israeli nuclear facility’s computer network

An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza. The hackers claim to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center. The secretive facility, which houses a nuclear reactor linked to Israel’s unavowed nuclear weapons program, has historically been targeted by Hamas rockets.

 

Google balks at $270M fine after training AI on French news sites’ content

Google has agreed to pay 250 million euros (about $273 million) to settle a dispute in France after breaching years-old commitments to inform and pay French news publishers when referencing and displaying content in both search results and when training Google’s AI-powered chatbot, Gemini. According to France’s competition watchdog, the Autorité de la Concurrence (ADLC), Google dodged many commitments to deal with publishers fairly. Most recently, it never notified publishers or the ADLC before training Gemini (initially launched as Bard) on publishers’ content or displaying content in Gemini outputs. Google also waited until September 28, 2023, to introduce easy options for publishers to opt out, which made it impossible for publishers to negotiate fair deals for that content, the ADLC found.

 

Ivanti urges customers to address a critical remote code execution vulnerability impacting the Standalone Sentry solution

Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. “An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.” reads the advisory. This vulnerability affects all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also impacted. The company urge customers to install the available versions 9.17.1, 9.18.1, and 9.19.1, which address the issue.

 

Stalkerware usage surging, despite data privacy concerns

Stalkerware has reached “pandemic proportions,” according to Kaspersky, which documented a total of 31,031 people affected by the intrusive software in 2023 – up almost six percent on the prior year. The security shop detected 2,645 unique cases of stalkerware in Europe last year, with the three most affected countries being Germany (577), France (332) and the United Kingdom (271). In North America, 77 percent of all instances were in the United States, according to the annual State of Stalkerware report. Of the 1,049 affected individuals, 779 were American and 250 Canadian. Perhaps unsurprisingly, Russia (9,890), Brazil (4,186) and India (2,492) were the top three countries for stalkerware, and these three have held this dubious distinction since 2019.

 

Related Posts