AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/10/2023

PayPal and Twitter abused in Turkey relief donation scams 

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria: this time stealing donations by abusing legitimate platforms like PayPal and Twitter. This week, high magnitude earthquakes claimed more than 15,000 lives, caused extensive infrastructural damage and disrupted network connectivity across the Middle East and Mediterranean region. As government, businesses and charity organizations step up to raise funds and aid victims of this ecological disaster, threat actors are wasting no time in targeting unsuspecting donors. 


Malicious Google ads sneak AWS phishing sites into search results 

A new phishing campaign targeting Amazon Web Services (AWS) logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The campaign was discovered by Sentinel Labs, whose analysts observed the malicious search results on January 30, 2023. The bad ads ranked second when searching for “aws,” right behind Amazon’s own promoted search result. Initially, the threat actors linked the ad directly to the phishing page. However, at a later phase, they added a redirection step, likely to evade detection by Google’s ad fraud detection systems. 


U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group 

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. 


Reddit reveals security incident that looks more SNAFU than TIFU 

Colorful web forum Reddit has revealed it has suffered a security breach. In a post titled “We had a security incident. Here’s what we know” Reddit’s founding engineer and CTO “KeyserSosa” – aka Christopher Slowe – explained that late on February 5 “we became aware of a sophisticated phishing campaign that targeted Reddit employees.” The attacker “sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.” 


Is 13 too young to have a TikTok or Instagram account? 

The surgeon general is the “nation’s doctor” in the United States. He or she is tasked with giving Americans the “best scientific information” about their health. Late last month the current US surgeon general, Vivek Murthy, warned that 13 is too young to join social media. He said it posed a risk to young people’s “self-worth and their relationships”, adding: I, personally, based on the data I’ve seen, believe that 13 is too early … the skewed and often distorted environment of social media often does a disservice to many of those children. Is 13 too young? What should parents think about when it comes to their kids and social media accounts? 

Related Posts