AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/10/2022

Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.


US: Your AI has to explain its decisions

For years, tech has claimed that AI decisions are very hard to explain, but still pretty darn good. If US lawmakers get their way, that will have to change. Citing potential for fraud and techno-fiddling to get the desired answers to support big business’s profit wishes, like denying loans, housing choices and the like, lawmakers are pairing with civic organizations to try to force the issue through the Algorithmic Accountability Act of 2022. The idea that a black box – super high tech or otherwise – brings to bear a certain digital whimsy on the life-altering decisions meted to the fates of the masses seems a step too far. Especially, US senators argue, if it means troubling trends toward tech-driven discrimination. If you’ve ever been denied a loan your first question is “why?” That’s especially tricky if banks don’t have to answer, besides offering “it’s very technical, not only you wouldn’t understand, but you can’t, and neither do we.” This kind of non-answer buried in opaque techno-wizardry eventually had to pique questions about the machine learning environments’ decisions we now find oozing from every tech pore we confront in our digital lives.


Romance Fraud Losses Increased by 91% During COVID-19

Romance fraud losses surged by 91% during COVID-19 compared to pre-pandemic levels, according to new research from TSB. The bank said it had observed cases of romance fraud double in the pandemic as a result of the shift to online dating amid social distance restrictions. It also found that the average financial loss per victim over this period was an eye-watering £6100. Interactions that originated on Facebook accounted for the highest number of fraud cases, at 35%. This was followed by the dating sites Tinder (24%), Plenty of Fish (21%) and Match.com (9%). TSB also calculated the length of these virtual ‘relationships’ by analyzing its own data relating to victims’ first and last payments to fraudsters. These lasted for an average of 62 days, with the longest one spanning nearly three years. In almost a third (32%) of cases, victims transferred money to the fraudsters for periods lasting over two weeks before realizing the scam. In 27% of cases, payments lasted over a month, and 11% continued over half a year. Interestingly, women made up two-thirds (66%) of TSB’s cases and suffered significantly higher financial losses on average than men (£6300 vs. £4600).


You’re listening to KUOW … like it or not: Mysterious glitch has Mazda drivers stuck on public radio

Drivers of certain vehicles in Seattle and other parts of Western Washington are shouting at their car radios this week. Not because of any particular song or news item that’s being broadcast, but because an apparent technical glitch has caused the radios to be stuck on public radio station KUOW. The impacted drivers appear to all be owners of Mazda vehicles from between 2014 and 2017. In some cases the in-car infotainment systems have stopped working altogether, derailing the ability to listen to the radio at all or use Bluetooth phone connections, GPS, the rear camera and more. According to Mazda drivers who spoke with GeekWire, and others in a Reddit thread discussing the dilemma, everyone who has had an issue was listening to KUOW 94.9 in recent weeks when the car systems went haywire. KUOW sounded unsure of a possible cause; at least one dealership service department blamed 5G; and Mazda told GeekWire in an official statement that it identified the problem and a fix is planned.


Intel Lists 16 New BIOS Firmware Vulnerabilities

Intel has released a security bulletin with 16 newly-discovered BIOS-related vulnerabilities that allow attackers to use Denial of Service and Escalation of Privilege attacks on a local machine, at the same time bypassing the operating system and its associated security measures. According to Intel, these issues impact its 6th to 11th-Gen Core processors along with its Xeon lineup, including the W, E and D models. Ten of the vulnerabilities have a ‘high’ severity rating, meaning they allow unfettered access to the machine, while three are ranked as ‘medium’ and one is ranked as ‘low.’ These new vulnerabilities aren’t included in the recent list of Intel/AMD vulnerabilities, nor are they related to the recently-announced BIOS vulnerabilites that impact HP, Dell, Lenovo, and other vendors. Nonetheless, these 16 new vulnerabilities are similar to some because they are BIOS-related. All 16 allow attackers to hijack the BIOS of a computer in order to gain access to the local machine, thereby accessing sensitive data.


Kioxia and Western Digital lose 6.5 exabytes of 3D NAND to contamination

In what is another blow to the component industry, Kioxia (formerly Toshiba) and Western Digital report that contamination issues have been found at their joint NAND production factories. Western Digital says that up to 6.5 exabytes of flash memory, or 6.5 million terabytes, have been affected. An amount that will doubtlessly have an impact on the market. In a statement (via Tom’s Hardware), Kioxia said that operations were halted at its Yokkaichi and Kitakami plants due to a component containing impurities involved in the production of BiCS 3D NAND flash memory, used in a range of SSDs and other products. The company added that it hoped for “early recovery to normal operation.”

Related Posts