AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/11/2021

OVHcloud data centers engulfed in flames

On March 10, OVHcloud founder and chairman Octave Klaba started a Twitter thread updating customers on the situation, which has claimed at least one data center. OVHcloud is a global cloud, dedicated server, and managed bare metal services provider catering to over 1.5 million customers.  The company manages 27 data centers in countries including the US, UK, France, and Australia.  As data centers manage vast quantities of data for customers, providers have to be stringent when it comes to security. OVHcloud restricts physical access to employees only and security personnel are always on-site — but this has not stopped a fire from breaking out. The impacted data centers, located in Strasbourg, France, includes SBG2, which has been completely destroyed. 


A Hacker Was Selling a Cybersecurity Exploit as an NFT. Then OpenSea Stepped In

With all the attention currently on non-fungible tokens (NFTs), there may be a new, darker side emerging – the auctioning of cybersecurity exploits. In a tweet Monday, Matthew Hickey of Hacker House introduced the “zero-day collection,” an “exclusive HackerFantastic authored [zero-day] exploit as part of our NFT proof-of-concept sale series.” The first digital asset for sale in the collection is for Quake3, and Hickey termed it “highly collectable hacker artwork.” While it may seem harmless, the idea of selling a cyber exploit raises questions about ethics and identity when in the wrong hands. NFTs are digital assets that represent a wide range of unique tangible and intangible items, from sports cards to virtual real estate. Unlike bitcoin and other cryptocurrencies, whose units are meant to be interchangeable, each NFT contains distinguishing information that makes it distinct from any other NFT. In this case, the token to be auctioned was for a cybersecurity exploit.


Covid: White hat bounty hackers become millionaires

Hackers earned a record $40m (£28m) in 2020 for reporting software flaws via a leading bug bounty reporting service. HackerOne said nine hackers made more than $1m each after it flagged their findings to affected organisations. One Romanian man, who only started bug-hunting two years ago, saw his total earnings to date top $2m. The UK’s top-earning hacker made $370,000 last year. The platform suggested the pandemic had given the volunteers more time to pursue the endeavour. A survey HackerOne commissioned indicated that 38% of participants had spent more time hacking since the Covid-19 outbreak began. Many of those involved work part-time and are based in dozens of different countries including the US, Argentina, China, India, Nigeria and Egypt.


What is Identity Theft?

Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft. Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud.


iPhone app exposed other people’s call recordings

Researchers found an issue with an iPhone call recording app, which boasts of “more than 1,000,000 downloads”. Used to record and share clips via email, or saved to storage solutions such as Dropbox and Google Drive, it offers a fair bit of flexibility for people in need of some audio recording. The researcher who discovered the vulnerability used various security testing tools to view and modify network traffic used by the app. From there, they discovered it was possible to replace their own phone number with someone else’s. With that done, recordings from that phone (located in the cloud, on an Amazon AWS bucket) were available to them, without a password. The entire call history and the numbers calls were made on were also available, at least until the app was updated and the problem fixed by the developers. Or, as the researchers at PingSafe put it: The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint which leaked the cloud storage URL of the victim’s data.

Related Posts