AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/5/2024

Ransomware ban backers insist thugs must be cut off from payday

Global law enforcement authorities’ attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators. Ciaran Martin, founding CEO of the UK’s National Cyber Security Center (NCSC), reiterated his stance on the matter a week after LockBit started to get back on its feet again following the efforts of Operation Cronos to bring its servers offline for good. “Ransomware is by far the most damaging cyber threat to most businesses right now. We have to find a way of making a ransom payments ban work,” he said.

 

American Express credit cards exposed in third-party data breach

American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed. In a data breach notification filed with the state of Massachusetts under “American Express Travel Related Services Company,” the company warned customers their credit cards may have been stolen. “We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system,” explains the data breach notification.

 

North Korea hacks two South Korean chip firms to steal engineering data

The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. NIS says these attacks increased in the second half of 2023 until recently, targeting internet-exposed servers vulnerable to known flaws for initial access to corporate networks. Once the network was breached, the threat actors stole data from servers holding sensitive documents and data.

 

ALPHV website goes down amid growing fallout from Change Healthcare attack

The website used by the ransomware group believed to be responsible for the breach of one of the United States’s largest health care payment processors went down Friday amid reports that the incident has put major financial pressure on medical providers and made it difficult for consumers to get the medicine they need. It’s not yet clear why the website for ALPHV, also known as BlackCat, was down Friday afternoon. The FBI — which had led an operation that seized some of the site’s infrastructure in December, only to have the group bounce back a short time later — did not respond to a request for comment. Websites used by ransomware groups are sometimes unreliable, going up and down, but the site had been accessible this week and even into Friday.

 

TeamCity hit by critical software supply chain bugs

JetBrains is advising immediate patching of two new vulnerabilities affecting its TeamCity software, a CI/CD pipeline tool that can allow attackers to gain unauthenticated administrative access. Tracked under CVE-2024-27198 and CVE-2024-27199, the critical bugs have already been fixed within TeamCity cloud servers with an on-premises patch available with version 2023.11.4. “The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server,” JetBrains said in a blog post on the issue. “The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3.”

 

Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over the period of two weeks. During this time, NSO Group gained access to the users’ sensitive data, including encrypted messages. NSO Group justifies the use of Pegasus by saying it’s a beneficial tool for investigating and preventing terrorist attacks and maintaining the safety of the public. However, the company also says it recognizes that some customers might abuse the abilities of the software for other purposes.

Related Posts