AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/08/2021

What is the dark web and what does it mean for cyber security?

The dark web, or darknet, is the part of the internet that is difficult to access without the proper tools and authorizations. An average, everyday web surfer using a commonly-available web browser like Chrome or Explorer isn’t likely to be taking a virtual walk on the dark side, but security leaders still must make an effort to understand the threats the darknet pose. While the darknet has some legitimate purposes, it is often used by cybercriminals to organize and execute ransomware and DDoS attacks and to sell information stolen from companies and individuals. The dark web is a part of the internet that is only accessible with a special browser. It has legitimate uses, but abuse by malicious actors is a cybersecurity problem. A web search for “dark web” and “ransomware” turns up a wealth of news about ransomware gangs selling and threatening to sell stolen information. To manage cybersecurity risks, it’s important to be aware of dark web threats and stolen information.


Companies are doing a terrible job of reporting cybersecurity risks to investors, a new study says

Many publicly traded companies are leaving investors in the dark on important cybersecurity risks, a new report suggests. That includes vulnerabilities like the ones that allowed Russian hackers to exploit SolarWinds and other firms to infiltrate nine federal agencies and at least 100 companies. The study’s authors found that many publicly traded companies fail to provide investors with some of the most basic information required by the Securities and Exchange Commission. Instead, many companies rely on boilerplate legal statements like “[c]yber-attacks could have a disruptive effect on our business,” an analysis of annual and quarterly reports for publicly traded organizations showed.


U.S. says John McAfee indicted over fraudulent cryptocurrency schemes

John McAfee, the founder of the McAfee antivirus software company, has been indicted in Manhattan federal court on fraud and money laundering conspiracy crimes, stemming from two schemes concerning the fraudulent promotion to investors of cryptocurrencies, the U.S. Department of Justice said on Friday. Jimmy Gale Watson Jr, an executive adviser of McAfee’s so-called cryptocurrency team, has also been charged, and was arrested on Thursday night, the Justice Department said. McAfee is being detained in Spain on separate criminal charges filed by the Justice Department’s tax division, the department said.


Study Reveals Extent of Privacy Vulnerabilities with Amazon’s Alexa

“When people use Alexa to play games or seek information, they often think they’re interacting only with Amazon,” says Anupam Das, co-author of the paper and an assistant professor of computer science at North Carolina State University. “But a lot of the applications they are interacting with were created by third parties, and we’ve identified several flaws in the current vetting process that could allow those third parties to gain access to users’ personal or private information.” At issue are the programs that run on Alexa, allowing users to do everything from listen to music to order groceries. These programs, which are roughly equivalent to the apps on a smartphone, are called skills. Amazon has sold at least 100 million Alexa devices (and possibly twice that many), and there are more than 100,000 skills for users to choose from. Because the majority of these skills are created by third-party developers, and Alexa is used in homes, researchers wanted to learn more about potential security and privacy concerns.


BEC scammer infects own device, giving researchers a front-row seat to operations

The attacker was trying to carry out a business email compromise (BEC), a scheme that uses spoofed emails to trick people into sending crooks money.  BEC scams are so prevalent they accounted for $1.7 billion in losses reported to the FBI in 2019 — or half of all cybercrime losses reported to the bureau. To carry out the scam, the scammer needed more details on equipment used at an unnamed oil company to make malicious emails to the company’s employees more believable, Leal wrote in a blog post. That meant planting malicious code on devices used at the company to monitor communications. At the same time, however, the attacker apparently forgot to remove the malicious code they placed on their own device, perhaps for testing purposes, giving Leal’s team a window into the attacker’s machinations and frustrations. Because it was infected by the malware, the device was sending screenshots back to the control panel the hacker was using in the scam.

Related Posts