BU-CERT – Page 2 – Bournemouth University Computer Emergency Response Team

HomePod Forensics II: checkm8 and Data Extraction

Posted on 23 March 2023

From blog.elcomsoft.com

The first-generation HomePod is a smart speaker developed by Apple that offers high-quality audio and a range of features, including Siri integration and smart home controls. However, as with any electronic device, it can store valuable information that may be of interest in forensic investigations. In this article, we will explore how to use the forensically sound checkm8 extraction to access data stored in the HomePod, including the keychain and file system image. We will also outline the specific tools and steps required to extract this information and provide a cheat sheet for those looking to extract data from a HomePod. By the end of this article, you’ll have have a better understanding of how to extract data from the first-generation HomePod and the potential limitations of this extraction method.

New Instagram scam uses fake SHEIN gift cards as lure

Posted on 23 March 2023

From blog.avast.com

Avast researchers have detected a new scam targeting Instagram users from various countries including the UK, Australia, France, Spain, and Poland.

This social media scam begins with a comment from a random account on a user’s post, which congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.

ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

Posted on 23 March 2023

From thehackernews.com

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines.

According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the development is illustrative of the group’s continuous efforts to refine and retool its tactics to sidestep detection.

“The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors,” Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023

Posted on 23 March 2023

From bleepingcomputer.com

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Bogus ChatGPT extension steals Facebook cookies

Posted on 23 March 2023

From theregister.com

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.

The malicious extension – Chat GPT For Google (note the erroneous space in the name of the chatbot) – is very similar in name and code to the real ChatGPT For Google extension. In fact, the phony extension is based on the same open source project used by the actual ChatGPT For Google tool – all the fraudsters had to do was add a few lines of cookie-stealing code.

Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks

Posted on 22 March 2023

From cybersecurity-insiders.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

“Why are you here if you cannot decrypt our data?” This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond.

Unknown actors deploy malware to steal data in occupied regions of Ukraine

Posted on 22 March 2023

From theregister.com

A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.

In a report published Tuesday, Kaspersky researchers detailed the infections, which use a PowerShell-based backdoor they’ve named “PowerMagic” and a previously unknown framework dubbed “CommonMagic” that can steal files from USB devices, take screenshots every three seconds, and send all of this data back to the attacker.

Kaspersky says the cyber snoops, which have been active since at least September 2021, don’t share infrastruture, code, or other direct ties to any known advanced persistent threat (APT) groups. However, the victims – administrative, agricultural and transportation organizations located in the Donetsk, Luhansk and Crimea regions – and the phishing lures suggest that this campaign is related to the illegal Russian invasion of Ukraine.