AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/16/2021

AT&T scrambles to install fiber for 90-year-old after his viral WSJ ad

When 90-year-old Aaron Epstein bought a Wall Street Journal print ad to complain about his slow AT&T Internet service, the impact was immediate. Reporters like me called him and wrote articles, talk of his plight went viral on the Internet, his ad made an appearance on Stephen Colbert’s Late Show, TV networks interviewed him for nightly news broadcasts, and AT&T executives sprang into action to minimize the public-relations damage. Now, barely a week later, Epstein’s home in North Hollywood, California, has AT&T fiber service with unlimited data and advertised speeds of 300Mbps in both directions. In a speed test yesterday, download speeds were 363Mbps and upload speeds were 376Mbps. It’s a gigantic upgrade over the “up to” 3Mbps DSL he and his wife, Anne, struggled with before.


Hackers ask only $1,500 for access to breached company networks

The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. Data from threat intelligence firm Kela indicates that many of the deals actually closed behind closed doors, a trend shaped over the past months. According to the company, over 240 offers to sell initial network access occurred in public conversations on three underground forums. A quarter of these came with no price tag, a clear indication of transactions being done in private conversations. However, this number does not include an offer for access to more than 500 .gov and .edu networks (auctioned for 25 bitcoins) and another one for access to a Chinese electronics maker (asked 150 bitcoins). Neither of them appeared to have been closed due to the insanely high prices.


Krebs: Oldsmar water treatment plant’s security is ‘rule, not the exception’

At a hearing in the House Homeland Security Committee Thursday, former director of the Cybersecurity and Infrastructure Security Agency Christopher Krebs said that the security of a hacked Oldsmar, Florida, water treatment plant was “probably the rule, not the exception.” The Oldsmar attack was notable because a hacker attempted to poison the water supply. The attack did not succeed in that goal, but the hacker did hijack a remote access system used by employees at the city’s water treatment plant. Among CISA’s responsibilities at the Department of Homeland Security is to handle several kinds of public/private and federal/local partnerships in infrastructure cybersecurity. “These are municipal utilities that do not have sufficient resources to have robust security programs. That’s just the way it goes,” Krebs told the committee. “They don’t have the ability to collect revenue at a rate enough to secure their deployments. When you have the internet, it’s supposed to make things easier; it’s supposed to make things more manageable. And so now all of a sudden it’s a security threat.”


France Pushes to Widen EU Regulations on Big Tech Companies

France is pushing for changes to the EU’s upcoming regulations on big tech companies, including Apple, Google, Amazon, and Facebook, that would make it easier for governments to penalize bad behavior and widen controls on content, according to a new report by the Financial Times. The Digital Services Act, presented in December 2020, is designed to tackle illegal online content in the European Union by obliging big tech companies to quickly remove it, or face hefty fines. France now wants to change the Digital Services Act by allowing every individual EU member state to have the right to fine big tech companies and force them to remove content on their platforms. Currently, only EU countries where tech companies are headquartered can enforce the EU’s laws.


Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack

Microsoft president Brad Smith said the software giant’s analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers. Speaking on US news magazine program 60 Minutes, Smith labelled the attack “the largest and most sophisticated attack the world has ever seen.” “When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.” If anyone understands the havoc 1,000 developers can create, it’s Microsoft. Smith didn’t say who those 1,000 developers worked for, but compared the SolarWinds hack to attacks on Ukraine that had been widely attributed to Russia (which denies involvement).


Extreme cold snap causes T-Mobile outages in Texas and other parts of the US

If you’re not getting wireless service on your T-Mobile device, you’re not the only one. Inclement winter weather in Texas and other parts of the US is causing issues with the carrier’s network, with Downdetector tracking more than 1,000 outage reports since 1PM ET. T-Mobile acknowledged the issue this afternoon. “We’re experiencing network issues following severe weather in several areas of the country and especially across Texas,” said Ray Neville, the company’s president of technology, on Twitter. Neville didn’t say when the carrier expects to resolve the outages. AT&T and Verizon (Engadget’s parent company) appear to be going through some of the same problems, but their issues don’t appear to be as widespread and neither company has come out with an official statement yet. All the same, we’ve reached out to both companies to ask for an update.


Survey: Most Americans aren’t answering the phone to avoid robocalls

Roughly 94% of Americans surveyed by Hiya, an app that blocks spammers, say they don’t pick up the phone for unidentified callers due to the onslaught of robocalls. State health departments across the U.S. use calls to perform contact tracing, which aims to help slow the spread of the coronavirus by encouraging quarantines and other precautions. By the numbers: 4 billion robocalls targeted Americans in January alone, according to call-blocking company YouMail. That’s 1,500 robocalls every second, or 12.2 calls for every person. Pandemic-specific scams have been added to standard swindles about Social Security, auto warranties and credit cards.

Related Posts