AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/24/2024

Dutch cybercops tracked a crypto theft to one of the world’s worst botnets

After years of hacking servers to swindle millions of dollars, the notorious Ebury malware gang had slipped into the shadows by 2021. Suddenly, they reemerged with a bang. The new evidence surfaced during a police investigation in the Netherlands. A cryptocurrency theft had been reported to the Dutch National High Tech Crime Unit (NHTCU). On the victim’s server, the cybercops found a familiar foe: Ebury. The discovery revealed a new target for the botnet. Ebury had diversified to stealing Bitcoin wallets and credit card details.

 

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface. This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information.

 

JAVS courtroom recording software backdoored in supply chain attack

Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. The company behind this software, also known as JAVS, says the digital recording tool currently has over 10,000 installations in many courtrooms, legal offices, correctional facilities, and government agencies worldwide. JAVS has since removed the compromised version from its official website, saying that the trojanized software containing a malicious fffmpeg.exe binary “did not originate from JAVS or any 3rd party associated with JAVS.”

 

Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day

Microsoft has warned retailers and restaurants of sophisticated gift card fraud which can cost victims up to $100,000 a day. In a new Cyber Signals report, the tech giant highlighted a 30% rise in intrusion activity by the threat actor Storm-0539 between March and May 2024. The group, which operates out of Morocco, focuses on compromising cloud and identity services in the criminal targeting of gift card portals linked to large retailers, luxury brands and well-known fast-food restaurants in.

 

Google fixes eighth actively exploited Chrome zero-day this year

Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. The security issue was discovered internally by Google’s Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity ‘type confusion’ in V8, Chrome’s JavaScript engine responsible for executing JS code. “Google is aware that an exploit for CVE-2024-5274 exists in the wild,” the company said in the security advisory.

Related Posts