AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/13/2024

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials 

Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users’ credentials from compromised devices. “This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” the SonicWall Capture Labs threat research team said in a recent report. The distribution vector for the campaign is currently unclear. However, once the app is installed on the users’ phones, it requests them to grant it permissions to the accessibility services and the device administrator API, a now-deprecated feature that provides device administration features at the system level. 


Europol confirms web portal breach, says no operational data stolen 

Europol, the European Union’s law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. EPE is an online platform law enforcement experts use to “share knowledge, best practices and non-personal data on crime.” “Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol told BleepingComputer. 


Okta’s security chief on the company’s own cyberattack and how the ‘battleground’ has shifted 

Okta is one of the largest security companies in the world, helping big-name clients in the public and private sector protect themselves. But the company has had several of its own security incidents, including the most recent last OctoberThat’s when unidentified nation-state attackers used stolen Okta credentials to access customers’ files that had been uploaded to the company’s support case management system. The stolen files replicated browser activity and contained “sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users.” 


Hackers are now targeting the children of corporate executives in elaborate ransomware attacks 

It’s 10 p.m., do you know where your children’s phones are? They could be getting SIM swapped. As corporations amp up their cyber defenses, malicious hackers are getting more creative, reports Mandiant, a leading cybersecurity firm and Google subsidiary. Hackers are even going so far as to target the children of corporate executives in the hopes of holding personal information ransom — an attack known as ransomwareRansomware attacks typically come from malicious actors who hack into companies or other entities to steal data, which they then hold until the victim agrees to pay a fee. 


After Ascension ransomware attack, feds issue alert on Black Basta group 

Several U.S. government agencies warned that the Black Basta ransomware gang is targeting the healthcare industry and 12 of the 16 critical infrastructure sectors. In a Friday afternoon advisory, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) said Black Basta has attacked at least 500 organizations globally between April 2022 and May 2024. According to the agencies, the ransomware-as-a-service gang typically breaches organizations through phishing attacks and known vulnerabilities but does not provide ransom demands or payment information immediately. 


Related Posts