AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

IInfoSec News Nuggets – 06/18/2019

A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message. As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into entering their email credentials. An example of this is a new campaign that uses the subject line of "Encrypted Message Received" and pretends to be a notice from your mail server stating that you need to login to read an encrypted message.


2 TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

XENOTIME, the APT group behind the TRISIS industrial control system (ICS) event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations in the U.S. and elsewhere – perhaps a precursor to a dangerous attack on critical infrastructure that could cause physical damage or loss of life. “Offensive government programs worldwide are placing more emphasis and resources into attacking and disrupting industrial processes like oil, power and water,” said Sergio Caltagirone, vice president of threat intelligence at Dragos. He told Threatpost that “This means more attacks are coming. People will die, we just don’t know when.”


3 Oregon State University (OSU) Discloses Data Breach

On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise, the email account contained the personal information of approximately 636 students and families, as determined by a forensic analysis conducted by Oregon State University. It’s possible the external actors accessed this information while they abused the hacked email account to send phishing emails around the country. Steve Clark, vice president for university relations and marketing at Oregon State University, said the university is still in the process of verifying whether such exposure did indeed occur.


4 Facebook will launch its Libra digital currency in 2020

Facebook has finally revealed plans to launch its new digital currency Libra next year. The tech giant said users would be able to use the coin through its apps and on Facebook-owned messaging service WhatsApp. Once it’s launched, users will be able to purchase Libra and store it in its own digital wallet called Calibra. The website for Calibra was also launched earlier today. “Over the coming months, the association and its members will be recruiting additional members to further diversify and support the network. We will also be raising money in a private placement to help jumpstart the ecosystem and drive adoption,” a company statement reads.


5 Robocalls are overwhelming hospitals and patients, threatening a new kind of health crisis

In the heart of Boston, Tufts Medical Center treats scores of health conditions, administering measles vaccines for children and pioneering next-generation tools that can eradicate the rarest of cancers. But doctors, administrators and other hospital staff struggled to contain a much different kind of epidemic one April morning last year: a wave of thousands of robocalls that spread like a virus from one phone line to the next, disrupting communications for hours. For most Americans, such robocalls represent an unavoidable digital-age nuisance, resulting in seemingly constant interruptions targeting their phones. For hospitals, though, the spam calls amount to a literal life-or-death challenge, one that increasingly is threatening doctors and patients in a setting where every second can count.


6 Florida Effort to Block Election Hacking Gets Extra $2M

Florida’s county elections departments will retain $2.3 million in unspent grant money aimed at stopping cyber-attacks on the state’s voting system, Gov. Ron DeSantis announced Monday. DeSantis announced the unspent money is left over from a $19 million federal grant given last year to combat potential attacks on the Florida’s voting system and was supposed to be returned to the state. It will be combined with $2.8 million in state funding currently budgeted. The spending comes after it was disclosed last month that the FBI believes Russian hackers breached the voter information files of two of Florida’s 67 county election supervisor offices during the 2016 presidential election. Officials do not believe the vote tabulation system was compromised and say there is no indication last year’s state elections were hacked.

Related Posts