AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/22/2024

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it’s rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it “presents a lower assessed risk” despite the criticality.

 

It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files

North Korea’s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. A Wednesday post explains that the crew – also known as Black Banshee, Thallium, APT 43 and Velvet Chollima – has a long history of trying to lift info from government agencies and outfits like think tanks, probably to gather intelligence that Kim Jong Un’s regime might find valuable. Kimsuky’s favorite tactic is spear phishing, sometimes after a lengthy social engineering effort from correspondents posing as academics or media. Past attacks have seen victims sent a questionnaire laden with malware.

 

US sues Apple for illegal monopoly over smartphones

The US Department of Justice accused Apple of operating an illegal monopoly in the smartphone market in an expansive new antitrust lawsuit that seeks to upend many of the ways Apple locks down iPhones. The DOJ, along with 16 state and district attorneys general, accuses Apple of driving up prices for consumers and developers at the expense of making users more reliant on its phones. The parties allege that Apple “selectively” imposes contractual restrictions on developers and withholds critical ways of accessing the phone as a way to prevent competition from arising, according to the release.

 

39,000 Websites Infected in ‘Sign1’ Malware Campaign

More than 39,000 websites have been infected with a new malware family that redirects visitors to scam domains and displays unwanted ads, website security firm Sucuri warns. Dubbed Sign1, the JavaScript malware was found inside WordPress custom HTML widgets or within the Simple Custom CSS and JS WordPress plugin that the attackers added to the compromised websites. “Using this method, hackers infect websites without placing any malicious code into server files which allows the malware to stay unnoticed for a long time — as it’s much more common for security providers to scan website files for malware than to check in the database,” Sucuri says.

 

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles.

Related Posts