AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/19/2024

Chinese spies spent months inside aerospace engineering firm’s network via legacy IT

Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense’s Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim’s three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer’s IT environment for four months while poking around for more boxes to commandeer.

 

Europol takes down “Ghost” encrypted messaging platform used for crime

Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called “Ghost,” which was used by organized crime such as drug trafficking and money laundering. Ghost featured advanced security and anonymization features, allowing the purchase of subscriptions with cryptocurrency, featuring three encryption layers, and a message self-destruction system that eliminated evidence from the sender’s and recipient’s devices. Thousands of people worldwide used the Ghost platform to exchange roughly 1,000 messages daily, while an extensive global network of resellers promoted it to aspiring clients.

 

Tor insists its network is safe after German cops convict CSAM dark-web admin

The Tor project has insisted its privacy-preserving powers remain potent, countering German reports that user anonymity on its network can be and has been compromised by police. A report by German news magazine program Panorama and YouTube investigative journalism channel STRG_F claims that the German Federal Criminal Police Office (BKA) and the Public Prosecutor General’s Office in Frankfurt am Main were able to identify at least one Tor user after carrying out network surveillance.

 

Hezbollah Pager Attack: A Wake-up Call to Tech Manufacturers to Secure their Supply Chains?

In a coordinated and deadly attack, pagers used by hundreds of Hezbollah members exploded almost simultaneously across Lebanon on Tuesday, killing at least nine people and injuring thousands more, according to officials. Both Hezbollah and the Lebanese government have pointed to Israel as the orchestrator of what appears to be a highly sophisticated remote strike. A U.S. official revealed that Israel had briefed the United States following the operation, which involved small amounts of explosives being secretly planted inside the pagers and then detonated.

 

Clever ‘GitHub Scanner’ campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new “issue” on an open source repository falsely claiming that the project contains a “security vulnerability” and urges others to visit a counterfeit “GitHub Scanner” domain. The domain in question, however, is not associated with GitHub and tricks users into installing Windows malware.

Related Posts