AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/28/2021

23M Gamer Records Exposed in VIPGames Leak

VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left exposed thanks to a cloud misconfiguration, according to a new report from WizCase. Aside from its desktop users, VIPGames has mobile players too, including via an app that’s been downloaded from the Google Play store more than 100,000 times alone. The site joins a growing list of companies caught without properly configurated clouds which can lead to disastrous results for customers.

 

WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION

Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).  EMOTET has been one of the most professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years. 

 

Amnesty International calls for ban on facial recognition

As advocates for facial recognition tout the tech’s potential to track down the US Capitol rioters, a new Amnesty International campaign has provided a timely reminder of the software’s dangers. The NGO has shared a stream of examples of how the software amplifies racist policing and threatens the right to protest — and called for a global ban on the tech. The Ban the Scan campaign was launched on Tuesday in New York City, where facial recognition has been used 22,000 since 2017. Amnesty notes that the software is often prone to errors. But even when it “works,” it can exacerbate discriminatory policing, violate our privacy, and threaten our rights to peaceful assembly and freedom of expression. The human rights group wants a total ban on the use of facial recognition for government surveillance and a block on any exports of the systems.

 

Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO

The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers. Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn. Maria Roat, the acting Federal CIO, confirmed DeRusha’s appointment early Tuesday. As Federal CISO, DeRusha will be responsible for coordinating cybersecurity policy across the federal bureaucracy and prodding agencies to fortify their networks in the wake of a suspected Russian hacking campaign that has infiltrated the departments of Justice, Energy and others.

 

Four security vendors disclose SolarWinds-related incidents

As most experts predicted last month, the fallout from the SolarWinds supply chain attack is getting bigger as time passes by, and companies had the time to audit internal networks and DNS logs. This week, four new cyber-security vendors — Mimecast, Palo Alto Networks, Qualys, and Fidelis — have added their names to the list of companies that have installed trojanized versions of the SolarWinds Orion app. The most important of this week’s announcements came from Mimecast, a vendor of email security products. Two weeks ago, the company disclosed a major security breach during which hackers broke into its network and used digital certificates used by one of its security products to access the Microsoft 365 accounts of some of its customers. In an update on its blog today, Mimecast said it linked this incident to a trojanized SolarWinds Orion app installed on its network. The company has now confirmed that the SolarWinds hackers are the ones who abused its certificate to go after Mimecast’s customers.

 

Facebook will let researchers study its election ad targeting data

Facebook is attempting to increase transparency around ads that ran in the lead up to November’s US elections. Starting on February 1st, researchers will have access to targeting data on more than 1.3 million social issues, electoral and political ads that appeared on Facebook and Instagram in the three-month period before election day. The company temporarily banned those types of ads after the polls closed. “We have heard feedback, particularly from the academic community, that understanding how advertisers choose to target audiences is key to learning more about the impact of digital ads on specific events like elections,” Facebook product manager Sarah Clark Schiff wrote in a blog post. “We recognize that understanding the online political advertising landscape is key to protecting elections, and we know we can’t do it alone.”

 

Texting Scams: Five Ways to Avoid Smishing in 2021

Mobile and email messaging volumes continues to increase globally, and in 2021 the amount of mobile messaging traffic in particular doesn’t show any signs of slowing down. Billions of text messages are sent each day worldwide and threat actors are actively targeting users—and their money—through text message/SMS phishing (smishing). We process more than 50% of North America’s mobile messages and our telemetry reports indicate mobile phishing messages increased by 328% in Q3 2020 when compared to Q2 2020. Threat actors understand that consumers trust mobile messaging and they are much more apt to read and access links/URLs contained in mobile messages than those in email. This level of trust combined with the reach of mobile devices in the general public where nine in ten possess a mobile device, makes the mobile channel ripe for fraud and identity theft. Smishing messages often use fraudulent branding combined with urgency and a request that a user click a malicious link. 

 

How Often Are Social Media Accounts Hacked?

How often are social media accounts hacked? Although it’s a tricky question, the short answer is clear: way too often. Social media account takeovers are an increasingly common occurrence, affecting the likes of politicians, celebrities, brands, other high-profile accounts and even the heads of social networks themselves. But they also trickle down to individuals and small business accounts in striking numbers. A social media profile is a valuable tool for corporations and celebrities to spread awareness, but it’s also a broad, easily exploited, and often unregulated attack surface. If the page itself is compromised, the brand can become tarnished and trusting users can be enticed to click malicious links, directing to phishing pages, scams, or exploits.

Related Posts