AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/30/2023

New ‘Pig Butchering’ Scam in West Africa Impersonates US Financial Advisors 

A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa. Recently discovered by cybersecurity experts at DomainTools, the ‘pig butchering’ operation uses a complex network of social engineering techniques to defraud victims. Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat actor used professional network services such as LinkedIn to identify, research and contact potential victims. “Notably, fraud actors associated with this campaign frequent social media platforms like TikTok and Instagram,” the advisory adds. Further, DomainTools explained that due to the complexity of manipulating a target when impersonating a financial advisor, scam websites relating to these operations must remain accessible for as long as possible. 


Inside TikTok’s proposal to address US national security concerns 

TikTok has presented a detailed proposal to a secretive federal panel that will decide its future in the U.S. that relies extensively on the American tech giant Oracle to mitigate perceived security risks of the viral video app. A TikTok official speaking on condition of anonymity described the company’s proposal to the Committee on Foreign Investment in the United States to CyberScoop. Aspects of the proposal, known as Project Texas (a likely reference to Oracle’s Austin headquarters), have been previously reported and briefed to members of civil society, but as negotiations have stalled with CFIUS, which will decide whether the company can continue to operate in the U.S., the company has begun to describe the proposal in greater technical detail.  


Target says data sold on dark web is ‘outdated,’ likely ‘released by third party’ 

Following the posting of an alleged database of customer information on a hacker forum, Target is denying that the data being sold on the dark web is current and says that the information was not taken directly from its systems.  On Thursday, the hacker posted the trove, which contains names, addresses, and transaction information, purportedly for more than 800,000 Target customers. But Target spokesperson Brian Harper-Tibaldo told The Record that the data is “outdated” and “may have been released by a third party.” “Our cybersecurity team is confident this is not a data breach and has found no malicious access to or compromise of Target’s systems,” he said. “In addition, the team can confirm that no current or personal guest information was included in the data disclosed by the threat actor.” 


FTC Finalizes Order with Ed Tech Provider Chegg for Lax Security that Exposed Student Data 

The Federal Trade Commission has finalized its order with education technology provider Chegg Inc. for its careless data security practices that exposed sensitive information about millions of Chegg’s customers and employees, including Social Security numbers, email addresses, and passwords. The FTC’s order requires Chegg to implement a comprehensive information security program, limit the data the company can collect and retain, offer users multifactor authentication to secure their accounts, and allow users to request access to and deletion of their data. 


New Coronavirus Strain? Nope, Just Hackers Trying to Spread Malware 

Received a random file about the coronavirus? It’s best to avoid opening it. Hackers are starting to exploit fears around the ongoing outbreak to infect computers with malware, according to security researchers. The attacks have been occurring through files and emails that pretend to know something about the coronavirus, but have actually been designed to take over the victim’s computer. On Wednesday, the hackers were spotted sending out spam emails to users in Japan, warning about a new strain of coronavirus reaching the island country, according(Opens in a new window) to IBM Security. The emails, which are written in Japanese, urge the recipient to open up the attached Word document to learn more. 


Five Data Wipers Attack Ukrainian News Agency 

Ukrainian cyber-experts have discovered multiple pieces of destructive malware that, earlier this month, were used in an attack targeting the country’s national news agency (Ukrinform). The country’s Computer Emergency Response Team (CERT-UA) revealed in an update that the attack was publicized on a Telegram channel “CyberArmyofRussia_Reborn” on January 17. After being asked by Ukrinform to investigate, a team at CERT-UA discovered five scripts – “the functionality of which is aimed at violating the integrity and availability of information (writing files/disks with zero bytes/arbitrary data and their subsequent deletion).” The threat actors are believed to have gained unauthorized remote access to the Ukrinform network as far back as December 7 2022, but bided their time before launching the destructive malware. 

Related Posts