AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/08/2022

Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their data “unavailable.” Despite requests for comment, the company would not explain why it waited until now to notify the 521,046 people affected, some of whom had their Social Security numbers leaked in the attack. 


BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs

The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation. BlackCat/ALPHV is a new feature-rich ransomware operation launched in November 2021 and developed in the Rust programming language, which is unusual for ransomware infections. The ransomware executable is highly customizable, with different encryption methods and options allowing for attacks on a wide range of corporate environments. While the ransomware gang calls themselves ALPHV, security researcher MalwareHunterTeam named the ransomware BlackCat after the image of a black cat used on every victim’s Tor payment page.


Securitas breached, 3TB of airport employee records exposed

An unsecured AWS server, found open to the public Internet, is the root cause of a huge compromise of data of airport employees in Colombia and Peru. This server, according to a report, belongs to Securitas, a Stockholm-based multinational company that provides security services like security guarding, fire and safety, and supply-chain risk management among others. Approximately 3TB of data dating back to 2018 was housed on the server, the report says. It also names Securitas client airports most affected by this breach: El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport in Colombia; and Aeropuerto Internacional Jorge Chávez in Peru. SafetyDetectives, who wrote the report, hasn’t examined every file in the bucket—there were almost 1.5 million files—but noted with high probability that all client airports of Securitas are affected. The report authors believe other airports in Latin America may also have been exposed.


Russia arrests third hacking group, reportedly seizes carding forums

Russia arrested six people today, allegedly part of a hacking group involved in the theft and selling of stolen credit cards. Russian media reports that the arrests come at the request of investigators from the Ministry of Internal Affairs of the Russian Federation. “The Tverskoy Court of Moscow received petitions from the investigation to select a measure of restraint in the form of detention against six people suspected of committing a crime under part 2 of article 187 of the Criminal Code of the Russian Federation (“Illegal circulation of means of payment”),” said press court clerk Ksenia Rozina in a statement to TASS Russian News Agency.


IRS announces transition away from use of third-party verification involving facial recognition

The IRS announced it will transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts. The transition will occur over the coming weeks in order to prevent larger disruptions to taxpayers during filing season. During the transition, the IRS will quickly develop and bring online an additional authentication process that does not involve facial recognition. The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools. “The IRS takes taxpayer privacy and security seriously, and we understand the concerns that have been raised,” said IRS Commissioner Chuck Rettig. “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”


News Corp. says Wall Street Journal, New York Post were targeted by hackers

News Corp., the media company that owns The Wall Street Journal and New York Post, said Friday that it has been the victim of a sustained Chinese hacking campaign. The company said in an email sent to employees that hackers had breached company systems and targeted specific documents and reporter email accounts. The hackers only breached news organizations and not other News Corp. properties, such as HarperCollins Publishers and Storyful, the email said. It wasn’t clear exactly how the hackers broke in, but the company discovered the hackers had affected “a system used by several of its business units” on Jan. 20. In a Friday filing with the U.S. Securities and Exchange Commission, News Corp. said  the hackers went through a third-party computing service it uses.

Related Posts