AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/19/2022

US Cybersecurity Agency CISA to Open London Office

The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration.

The cyber defense agency’s first Attaché Office will open later this month in London and its goal is to “serve as a focal point for international collaboration between CISA, UK government officials, and other federal agency officials.”

The first attaché in the UK office is Julie Johnson, who previously served as regional protective security advisor for CISA in New York, and the agency’s regional lead for federal interagency working groups. Prior to joining CISA, Johnson worked at the US Department of State. CISA said she is well versed in cybersecurity and critical infrastructure.

CISA said the new London office will help advance its mission in cybersecurity, emergency communications, and critical infrastructure protection. The office will also help boost operational cooperation, build partner capacity, shape the global policy ecosystem, and strengthen collaboration.

“As America’s cyber defense agency, we know that digital threat actors don’t operate neatly within borders. To help build resilience against threats domestically, we must think globally,” said CISA Director Jen Easterly. “I’m thrilled for CISA’s first international Attaché Office to open in London—true operational collaboration is a global endeavor.”

 

Walmart-controlled flight booking service suffers substantial data leak

An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers.

News of the breach emerged on Monday, when customers received a message depicted in the tweet below.

While the message to customers assures them that “no sensitive information pertaining to your Cleartrip account” was exposed, that leaves open the possibility that information pertinent to other matters may have been accessed. The Register therefore asked Cleartrip how attackers were able to access its systems, what data was exposed, whether that data was encrypted, if any information was exfiltrated, when the breach was detected, when the company notified users, and how the company plans to change its infosec practices in response to the breach.

 

New MacOS Backdoor Communicates Via Public Cloud

Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims.

The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to the security vendor.

“We still do not know how CloudMensis is initially distributed and who the targets are,” explained ESET researcher Marc-Etienne Léveillé, who analyzed the backdoor.

“The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

These targets are said to be fairly limited. Once the backdoor gains code execution and administrative privileges, it runs first-stage malware which in turn retrieves a more feature-rich second stage from a cloud storage service, ESET said.

 

Globe-trotting Roaming Mantis malware is hitting Android and iOS users alike

Roaming Mantis, an Android malware(opens in new tab) operation that aims to steal sensitive data, and potentially even money, from its victims, has now set its sights to the people of France, cybersecurity researchers are saying. 

Before targeting the French, Roaming Mantis attacked people in Germany, Taiwan, South Korea, Japan, the US, and the U.K., BleepingComputer reports.

This is not the same thing as the Mantis botnet, which recently emerged as one of the largest and most powerful botnets to ever appear.

 

FBI and MI5 bosses: China cheats and steals at massive scale

The directors of the UK Military Intelligence, Section 5 (MI5) and the US Federal Bureau of Investigation on Wednesday shared a public platform for the first time and warned of China’s increased espionage activity on UK and US intellectual property.

Speaking to an audience of business and academic leaders, MI5 director general Ken McCallum and FBI director Chris Wray argued that Beijing’s Made in China 2025 program and other self-sufficiency tech goals can’t be achieved without a boost from illicit activities.

“This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the Chinese Communist Party,” said McCallum.

“And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think,” he added.

Related Posts