AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/16/2024

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace’s acquisition of Google Domains last year. The theory is that cybercriminals may have picked up on a flaw in the method Squarespace used to migrate Google Domains customer data over to its servers, allowing them to guess the email addresses associated with admin accounts and register the account for themselves. The assessment was made by security researchers Samczsun, Taylor Monahan, and Andrew Mohawk in a report published over the weekend. In it, they say the attacks began on July 9 and all affected organizations had their domains migrated to Squarespace following the acquisition.

 

CISA broke into a US federal agency, and no one noticed for a full 5 months

The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets. CISA calls these SILENTSHIELD assessments. The agency’s dedicated red team picks a federal civilian executive branch (FCEB) agency to probe and does so without prior notice – all the while trying to simulate the maneuvers of a long term hostile nation-state threat group.

 

GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. “This case was exceptional because it is difficult to overestimate the potential consequences if it had fallen into the wrong hands – one could supposedly inject malicious code into PyPI packages (imagine replacing all Python packages with malicious ones), and even to the Python language itself,” the software supply chain security company said.

 

It’s never been easier for the cops to break into your phone

Just two days after the attempted assassination at former President Donald Trump’s rally in Butler, Pennsylvania, the FBI announced it “gained access” to the shooter’s phone. The bureau has not disclosed how it broke into the phone — or what has been found on it — but the speed with which it did so is significant, and security experts say it points to the increased efficacy of phone-hacking tools. In a call with reporters on Sunday, the bureau said field agents in Pennsylvania had tried and failed to break into Thomas Matthew Crooks’ phone. The device was then sent to the FBI lab in Quantico, Virginia. 

 

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to target military personnel in the Middle East by leveraging social engineering tactics and using military-themed lures to trick victims into downloading the  malware. Based on a preexisting RAT (Remote Access Trojan) called Dendroid, GuardZoo grants attackers remote control over the infected device, allowing for data exfiltration and potentially additional  malware installations. The campaign remains active and has targeted users in Yemen, Saudi Arabia, Egypt, and Oman, as Google has confirmed that no GuardZoo-infected apps are currently available on Google Play. 

Related Posts