AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/18/2021

Jones Day is latest major law firm affected by vendor data breach

Jones Day confirmed Tuesday that a file transfer platform it used was recently compromised, and that the firm is investigating the breach and talking with affected clients. Hackers that go by the name Clop claim to have stolen files belonging to Jones Day and posted screenshots on the dark web, according to by DataBreaches.net, which posted redacted images of firm correspondence over the weekend.


First Apple Silicon M1 malware discovered in the wild

The first malware native to Apple Silicon M1 Macs has been discovered by independent security researcher Patrick Wardle. Ex-NSA researcher Patrick Wardle has recently praised Apple for the security of its M1 processor, but even so has now discovered evidence of hackers recompiling malware for it. Wardle discovered the existence of GoSearch22.app, an M1-native version of the longstanding Pirrit virus. This version appears to have been aimed at displaying ads and collecting data from the user’s browser. “Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems,” says Wardle in a blog post. “The malicious GoSearch22 application may be the first example of such natively M1 compatible code.” “The creation of such applications is notable for two main reasons,” he continues. “First (and unsurprisingly), this illustrates that malicious code continues to evolve in direct response to both hardware and software changes coming out of Cupertino.”


Bluetooth Overlay Skimmer That Blocks Chip

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead. Here’s a closer look at the electronic gear jammed into these overlay skimmers. It includes a hidden PIN pad overlay that captures, stores and transmits via Bluetooth data from cards swiped through the machine, as well as PINs entered on the device: My reader source shared these images on condition that the retailer in question not be named. But it’s worth pointing out these devices can be installed on virtually any customer-facing payment terminal in the blink of eye.


North Korean hackers charged in massive cryptocurrency theft scheme

Federal authorities said that three North Korean computer programmers have been indicted for conducting a series of cyberattacks to steal and extort more than $1.3 billion in cash and cryptocurrency from financial institutions and companies. The programmers also are accused of creating and deploying “multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform,” according to a Department of Justice press release. Officials said the charges laid out Wednesday expand a case from 2018 that detailed the cyberattack on Sony Pictures and the creation of the ransomware known as WannaCry.


FCC Chair Rosenworcel launches broadband mapping task force

Federal Communications Commission acting chair Jessica Rosenworcel announced on Wednesday the formation of a new task force dedicated to implementing “long-overdue” upgrades to improve the agency’s flawed broadband maps. But the new data isn’t likely to be available until next year, an official leading the effort said during the agency’s monthly meeting. The new “Broadband Data Task Force” will work to make sure that data, which is supposed to show where broadband exists and doesn’t exist in the US, is more precise. The agency has been heavily criticized for years for inaccuracies in the data that often overstates broadband coverage.

Related Posts