AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/05/2021

Scammers posing as FBI agents threaten targets with jail time

The U.S. Federal Bureau of Investigation (FBI) is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don’t hand out personal and/or financial information. As the FBI warns, the agency has received multiple reports of such scam attempts where the fraudsters are targeting North Florida residents attempting to steal their personal info. Additionally, “multiple versions of the government impersonation scam have been reported in recent days, all of which exploit intimidation tactics,” the FBI Jacksonville report added. One of the victims reported that scammers first called as a sweepstakes company representative with promises of a large prize in exchange for providing sensitive personal information.

 

This Linux malware is hijacking supercomputers across the globe

Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets.  The cybersecurity team has named the malware Kobalos in deference to the kobalos, a small creature in Greek mythology believed to cause mischief.  Kobalos is unusual for a number of reasons. The malware’s codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too. 

 

TikTok will now warn you about videos with questionable information

TikTok will start displaying warnings on videos that contain questionable information that couldn’t be verified by fact-checkers, and it’ll begin warning users when they go to re-share those videos that the information hasn’t been confirmed. The app will now display a warning label on these videos that reads, “Caution: Video flagged for unverified content.” This means a fact-checker looked at the content but wasn’t able to certify that it was right or wrong. TikTok has already been reducing the spread of some unverified videos, but they weren’t publicly flagged before today. Creators will now get a message when a warning label is added to their video, and those videos will all have their distribution reduced.

 

Instagram, TikTok, and Twitter team up to crack down on hackers who steal rare usernames

Instagram has disabled hundreds of accounts that were stolen as part of online hacking operations designed to gain access to and sell rare and coveted usernames, the company tells The Verge. Both TikTok and Twitter also took action on some of the accounts belonging to the same hackers, reports journalist and cybersecurity expert Brian Krebs. The Facebook-owned platform set its sights mainly on the community surrounding OGUsers, a website well-known for trafficking in stolen usernames and helping facilitate the hacking of these accounts through methods like SIM swapping, which is when a user gains control of someone’s phone number and uses it to reset passwords and take control of social media handles. News of Instagram’s enforcement was first reported on Thursday by Reuters.

 

11 Year Old Poses As A Hacker Online, Blackmails His Own Father

Just because you consider someone to be your family, even if it’s necessarily by blood, it doesn’t mean that they can’t turn around and betray you or do things that work against you. Take for example over in India, where a man who extorted by what he thought was a group of hackers, only to find out that it was his 11-year old son. The man claimed that he was initially threatened by the “group” to pay Rs 10 crore to them unless he wanted them to leak his alleged obscene photos and family details. His email was hacked where the password was changed along with the mobile number associated with it. The “hackers” even claimed that they were watching him and his family and continue to harass them. However, when the man eventually reached out to the police for help, they discovered that the IP address of the so-called hackers came from the man’s own home, meaning that the threats were made from within the house. The police started to question the man’s son who later confessed that he was behind it.

 

Woman pleads guilty for using gov’t PC to steal photos of ‘snitches’ in Iowa

On Thursday, the US Department of Justice (DoJ) said that two individuals were involved in the scheme: Rachel Manna, a resident of West Des Moines, and Ankeny, Iowa-based Danielle Taff, who was formerly employed as a contractor paralegal for the US Attorney’s Office for the Southern District of Iowa. Taff worked in the civil division, and so should have been nowhere near records related to criminal cases. However, in 2018, 33-year-year Manna asked Taff, as her acquaintance, to access information relating to “certain defendants in a criminal investigation and prosecution being handled by the US Attorney’s Office,” according to the DoJ. Taff agreed to Manna’s request and in mid-May, the 37-year-old used her government PC to access criminal investigation files on the district’s shared storage drive. 

Related Posts