AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/20/2022

NSO Group Spyware Reportedly Used by Israeli Police Force

Spyware from controversial Israeli software firm NSO Group was reportedly used by the nation’s civilian police force, according to a new report from an Israeli business publication, Calcalist. The new findings allege that the Israeli police conducted warrantless phone taps on Israeli politicians and activists, among others. According to the report, NSO Group, which was sanctioned by the U.S. Department of Commerce in November 2021, provided its flagship spyware product, Pegasus, to the police force, which in turn allegedly monitored local mayors and protesters who criticized former Prime Minister Benjamin Netanyahu.


Nigerian police arrest members of SilverTerrier BEC gang

Interpol said today that Nigerian authorities have detained 11 internet scammers, including members of the SilverTerrier cybercrime group. Authorities said the suspects engaged in Business Email Compromise (BEC), a type of internet crime where hackers use phishing emails or email account hacks to trick companies or government entities into making payments to the wrong bank accounts. The arrests took place last year, between December 13 and December 22, as part of Operation Falcon II. Interpol said that following a forensic analysis of the data extracted from phones and computers seized during house searches, they said the 11 suspects were linked to attacks on more than 50,000 targets. “One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop,” Interpol officials said today.


EU wants to build its own DNS infrastructure with built-in filtering capabilities

The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free. The proposed service, named DNS4EU, is currently in a project planning phase, and the EU is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states. EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators. “The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider,” officials said in the DNS4EU infrastructure project revealed last week. But EU officials said that other factors also played a role in their decision to build DNS4EU, including cybersecurity and data privacy.


Red Cross: Hack exposes data on 515,000 vulnerable people

The International Committee of the Red Cross, which is best known for helping war victims, says hackers broke into servers hosting its data and gained access to personal, confidential information on more than a half-million vulnerable people. The Geneva-based agency said Wednesday the breach by unknown intruders this week affected data about some 515,000 people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.” It said the information originated in at least 60 Red Cross and Red Crescent chapters around the world.


Fortune favours the breached: Crypto.com admits 400 users hit in hack

Cryto.com CEO Kris Marszalek told Bloomberg on Wednesday that the attack earlier this week hit 400 users. For what Marszalek said was a period of 13 to 14 hours, Crypto.com paused its users’ ability to withdraw funds and subsequently asked its users to reset two-factor authentication. The company informed its users they would need to sign back into their accounts and reset their two-factor authentication. Marszalek said Crypto.com’s 200 security professionals had created a “very robust” infrastructure and stated it had defence-in-depth. “There are multiple layers, and in this particular incident, some of these layers were breached,” he said. “Which resulted in about 400 accounts having unauthorised transactions.” Marszalek added the impacted users had their funds fully reimbursed on the same day, and while he would not be drawn to put a figure on the amount of funds taken, he said the company was working on a postmortem that would appear on its blog in the next few days.


Cyberattacks In Ukraine Show Potential For ‘Widespread Damage’ To U.S. Networks, Government Warns

A White House national security memorandum signed today makes similar recommendations to those found in a Cybersecurity and Infrastructure Security Agency (CISA) memo published yesterday in which the agency stated that recent malware attacks in Ukraine highlight the potential for “widespread damage to critical infrastructure” here in the United States. The CISA memo offers a series of recommended measures that could help detect cyberattacks and reduce possible damage and lists two specific malware threats that have been used previously, NotPetya and the WannaCry ransomware, as examples of just how damaging these attacks can be. 


Related Posts