AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/23/2022

OKC Police rape kit info exposed in data breach of DNA contractor

Victims of past sexual assault who had their DNA collected in a rape kit by the Oklahoma City Police Department now face yet more uncertainty because of a data breach. Rape kits are used to collect DNA evidence by law enforcement agencies for sexual assault investigations. Saturday, those who had their DNA information stored by a contractor for OKCPD in connection to sexual assault investigations were informed by a U.S. Post Office letter of the breach. The contractor is DNA Solutions, Inc., a DNA research company located in Oklahoma City. The company’s website touts their location in the “prestigious University Research Park Campus in Oklahoma City.” “DNA Solutions is equipped to process a high volume of samples daily which gives our clients rapid turnaround at affordable prices,” reads the company’s About website page.

 

Credit Suisse leak unmasks criminals, fraudsters and corrupt politicians

A massive leak from one of the world’s biggest private banks, Credit Suisse, has exposed the hidden wealth of clients involved in torture, drug trafficking, money laundering, corruption and other serious crimes. Details of accounts linked to 30,000 Credit Suisse clients all over the world are contained in the leak, which unmasks the beneficiaries of more than 100bn Swiss francs (£80bn)* held in one of Switzerland’s best-known financial institutions. The leak points to widespread failures of due diligence by Credit Suisse, despite repeated pledges over decades to weed out dubious clients and illicit funds. The Guardian is part of a consortium of media outlets given exclusive access to the data. We can reveal how Credit Suisse repeatedly either opened or maintained bank accounts for a panoramic array of high-risk clients across the world.

 

Apple Issues Stunning New Blow To Facebook As Google Joins The Battle

Facebook is angry at Apple, and it’s not surprising. The iPhone maker is going to cost the social network upwards of $10 billion due to the iOS 14 privacy features called App Tracking Transparency, Facebook said recently after announcing its financial results. That’s because Apple’s ATT iPhone privacy features cut back on tracking by revoking access to the identifier for advertisers (IDFA)—a unique code that shows when people are seeing an ad on Facebook, Googling it and buying something via its website, for example. Apple is onto a winner with its ATT iPhone features, which it has built on further in iOS 15 with the App Privacy Report. People love to hate Facebook, so they’re not exactly crying into their cereal in the mornings as they read about the Mark Zuckerberg-owned firm’s hefty losses.

 

83% of employees continue accessing old employer’s accounts

In a recent study, Beyond Identity gathered responses from former employees across the United States, the United Kingdom, and Ireland and found 83% of employees admitted to maintaining continued access to accounts from a previous employer. The cybersecurity threat this poses is coupled with the fact that 56% of these employees said they had used this continued digital access with the specific intent of harming their former employer. Ongoing access to sensitive information paired with frequently malicious intent spelled disaster for these former employers. When the survey turned to focus specifically on responses from managers and business leaders, 74% admitted their company had been negatively impacted by a former employee breaching their cybersecurity.

 

The elaborate con that tricked dozens into working for a fake design agency

The Zoom call had about 40 people on it – or that’s what the people who had logged on thought. The all-staff meeting at the glamorous design agency had been called to welcome the growing company’s newest recruits. Its name was Madbird and its dynamic and inspirational boss, Ali Ayad, wanted everyone on the call to be ambitious hustlers – just like him. But what those who had turned on their cameras didn’t know was that some of the others in the meeting weren’t real people. Yes, they were listed as participants. Some even had active email accounts and LinkedIn profiles. But their names were made up and their headshots belonged to other people. The whole thing was fake – the real employees had been “jobfished”. The BBC has spent a year investigating what happened.

 

GitHub opens its vulnerabilities Advisory Database to community submissions

GitHub is opening the GitHub Advisory Database to community submissions, some two years after the Microsoft-owned code-hosting platform first launched the vulnerabilities database for public consumption. The move fits into a broader industrial push to secure the software supply chain, and follows a recent White House-hosted open source security summit which sought to address how best to tackle flaws in community-driven software — such as the recently-discovered Log4j vulnerability. “GitHub believes that free and open security data is critical to empowering the industry as a whole to best secure our software supply chains,” GitHub senior product manager Kate Catlin wrote in a blog post.

 

Meyer Breach Impacts US Employees’ Personal Information

Cookware giant Meyer has revealed a data breach that impacted an undisclosed number of employees. The firm, which is the largest distributor of cookware in the US, revealed the incident in a notification letter to employees posted to the website of the California attorney general’s office. It notes that the attack happened at the end of October 2021, but it wasn’t until December 1 that an investigation revealed employee data might have been taken. The impact on victims could be severe, depending on what was taken, although the firm still doesn’t conclusively know which employees were affected. “The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; permanent resident card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment,” the notice claimed.

 

FBI warns of fake CEO attacks taking place via video conferencing systems

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms. Typically BEC scams work through the exploitation of compromised business email accounts, using a variety of techniques to trick unsuspecting workers into transferring funds into a bank account under the control of the scammer.  Often this might involve the creation of convincing invoices for genuine work that is taking place, or a bogus instruction from a “boss” to move money into an overseas bank account. In its alert, the FBI’s Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts.

 

Expeditors shuts down global operations after likely ransomware attack

Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyberattack over the weekend that forced the organization to shut down most of its operations worldwide. With annual gross revenue of around $10 billion, Expeditors has 350 locations and over 18,000 employees worldwide, providing critical logistics solutions for its customers. Its services include supply chain, warehousing and distribution, transportation, customs and compliance. The company does not mention the type of cyberattack but from its description and an anonymous tip to BleepingComputer, it looks like a massive ransomware incident.

Related Posts