AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/7/2024

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the campaign and analyzed the payloads used in attacks, bash scripts, and Golang ELF binaries.


Law enforcement personnel say LexisNexis retaliated when asked to remove data

More than 18,000 people associated with New Jersey law enforcement filed a class action lawsuit against LexisNexis Risk Data Management, LLC on Monday, alleging that after they asked for their information to remain private, the data broker retaliated against them by freezing their credit and falsely reporting them as identity theft victims. The lawsuit claims that in December and January — prior to a separate class action lawsuit filed in February — LexisNexis punished law enforcement personnel who asked for information to be taken down by launching a “campaign to freeze the credit reports of Plaintiffs and others, and in doing so permanently mar their credit histories with alleged identity thefts that never happened.”


Ransomware Attackers Leak Sensitive Swiss Government Documents, Login Credentials

Sensitive Swiss federal government data, including classified documents and log in credentials, were leaked by the Play ransomware group following an attack on IT service provider Xplain in 2023. An investigation by Switzerland’s National Cyber Security Centre (NCSC) revealed that around 65,000 documents relating to the federal government were published by the attackers on the darknet on June 14, 2023. This comprised 5% of the total data package uploaded by Play. Of these files, 47,413 belonged to Xplain (70%) and 9040 to the Federal Administration (14%). Xplain is a major IT service provider to national and cantonal authorities in Switzerland.


Google opens new cyber-defence hub in Japan

Google has established its first regional cyber-defence hub in Tokyo, Japan. Located at Google’s Roppongi office, the hub is aimed at boosting cyber-defence capabilities throughout the Asia-Pacific region. The new facility will also be a base for training regional cyber-defence experts. The hub will promote cooperation between government representatives, businesses, and educational institutions, enabling the sharing of critical data and research on cybersecurity countermeasures. In addition, Google is looking to strengthen defences against the increasingly complex cyberattacks which pose a risk to regional economic stability, national security, and personal privacy. For that reason, the US-based tech giant will host engineering teams from South Korea, Japan, Australia, India, and Southeast Asia to conduct research on how to counter cyberattacks.


Kaspersky warns to stay vigilant amid cyberthreats affecting women

Ahead of International Women’s Day, Kaspersky experts have conducted research and found malware-infected websites and phishing pages mainly targeting women – including community sites, forums with advice articles, online stores selling clothes or cosmetics, and more. Some of the web pages were originally legitimate resources, later hacked by cybercriminals to spread malware. Among the threats spread on the detected websites Kaspersky experts found web skimmers – usually embedded in the code of online shops to steal user payment data, leading to the potential financial loss for a victim.

Related Posts