Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies

Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies.  TYURIN is charged with committing these crimes with Gery Shalon, a/k/a “Garri Shalelashvili,” a/k/a “Gabriel,” a/k/a “Gabi,” a/k/a “Phillipe Mousset,” a/k/a “Christopher Engeham,” Joshua Samuel Aaron, a/k/a “Mike Shields,” and Ziv Orenstein, a/k/a “Aviv Stein,” a/k/a “John Avery,” in furtherance of securities market manipulation, illegal online gambling, and payment processing fraud schemes perpetrated by Shalon, Aaron, Orenstein, and their co-conspirators.  TYURIN previously pled guilty to these charges, and was sentenced today before U.S. District Judge Laura Taylor Swain. 

 

CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords

Perpetrators of a widespread, intelligence-gathering campaign used common hacker techniques to get through passwords in addition to more sophisticated methods, according to an update to the Cybersecurity and Infrastructure Security Agency’s alert. “CISA incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services,” reads the activity alert updated Wednesday. CISA notes that the activity alert does not in any way supersede its emergency directive and is not formal guidance but the document provides additional context for remediation efforts.

 

Contract tracing app helped lower COVID cases in Minnesota, CIO says

Minnesota’s contact tracing app played a contributing role in the state’s ability to lower COVID-19 case levels after the virus peaked in November, statewide Chief Information Officer Tarek Tomes said in an interview Wednesday. With new daily cases now a fraction of what they were several weeks ago, Tomes said the state hopes to continue that positive trend with the upcoming launch of an online dashboard that tracks data on COVID-19 vaccinations. Minnesota’s contact tracing app, COVIDaware MN, launched in November using the Exposure Notifications platform, developed jointly by Apple and Google, as the state’s 7-day average topped 7,000 new daily cases. Since then, Tomes said the app has gained about 380,000 users out of a statewide population of about 5.6 million.

 

FireEye’s Mandia: ‘Severity-Zero Alert’ Led to Discovery of SolarWinds Attack

In a panel today hosted by the Aspen Institute, Mandia described how his company first recognized the serious attack it had suffered, describing how a newly registered phone using a FireEye user account was the first indication of malicious activity. “In this particular case, the event that got briefed to me and got us to escalate and declare this a full-blown incident was somebody was accessing our network just like we do, but they were doing it with a second registered device,” he explained. The FireEye user whose account was associated with the flagged access was contacted and asked if he had registered a new phone, but he had not. “Even though this was a severity-zero alert” at first, Mandia said, it was evidence of a major security event. “We had somebody bypassing our two-factor authentication by registering a new device and accessing our network just like our employees do, but it actually wasn’t our employee” doing it, he said.

 

Supreme Court Asked to Consider if Fifth Amendment Protects Passwords

The American Civil Liberties Union and the Electronic Frontier Foundation, two of the nation’s largest defenders of digital privacy, are asking the Supreme Court to stop criminal prosecutors from forcing people to unlock their own cellphones, under the argument that the U.S. Constitution’s protection against self-incrimination applies equally to passwords. While the debate is hardly new, it’s yet to be considered by the country’s highest court. As long as there have been cellphones, police have sought to access their contents, hoping to find a digital trace that could link a suspect to a crime. But as the technology has improved, it has also given police ever-increasing access to the most intimate details of a person’s life. It was inevitable then that the Supreme Court would be forced to consider how the rights of individuals caught up in criminal proceedings apply to the ubiquitous device.

 

Apple removed Parler from the App Store for inciting violence

Apple has removed the Parler social network app from the App Store for violating policies, including not providing an updated moderation plan or an updated app with objectionable content removed. Since the U.S. Capitol Building riot on January 6th, 2021, there has been an increase in social networking posts that incite violence against politicians, law enforcement, and organizations that supporters. Many of these posts are found on the conservative social network app Parler and contain threats to Vice President Pence, police, and even Twitter. Yesterday, Buzzfeed News obtained an email Apple sent to Parler stating that the app is breaking numerous policies related to the user content displayed within the application.

Related Posts