AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/13/2023

FBI Warns of Crypto-Stealing Play-to-Earn Games 

Consumers have been warned not to fall for a new type of fake gaming application which has already stolen millions in cryptocurrency from victims. Victims are typically contacted by scammers online, before being introduced in time to the online or mobile game, according to a new Public Service Announcement from the FBI’s Internet Crime Complaint Center (IC3). The game purports to reward the user with cryptocurrency simply for playing. Although there are multiple variations of this scam, the example the FBI used was a player growing virtual crops on an animated farm. Before playing, users are told they must create a cryptocurrency wallet and purchase some digital money. The scammer reportedly explains that the more crypto they store in their wallet, the more rewards they can earn in the game. 


New ‘terms of service’ pretends to absolve Canadian tax agency of all hacking liability 

People expect security when trusting the government with their tax information. Recently, however, a security software developer has accused Canada’s government of dodging that responsibility with lackluster cybersecurity and suspicious terms of service alterations. The changes come after recent hacks impacted Canada’s tax agency. The Canadian Revenue Agency (CRA), which handles the country’s taxes, has new terms and conditions absolving it of any liability if its online services suffer a data breach. The change affects the entire country because all Canadian citizens and businesses must handle their taxes through the CRA, thus trusting their personal information with the agency. Because it holds the personal information of virtually every Canadian taxpayer, the CRA could be an extremely attractive target for identity thieves or other hackers. 


Mental health provider Cerebral alerts 3.1M people of data breach 

Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse. In a ‘Notice of HIPAA Privacy Breach’ published on Cerebral’s site this week, the company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 12, 2019. 


North Korean hackers used polished LinkedIn profiles to target security researchers 

Hackers believed to be working on behalf of North Korea have in recent years posed as recruiters and targeted workers in a variety of industries with offers of extravagant jobs at big-name firms with massive salaries. In the past, that campaign has mostly been carried out over email, but now researchers are seeing North Korean hackers shift their phishing attempts to LinkedIn and WhatsApp. 


Brazil seizing Flipper Zero shipments to prevent use in crime 

The Brazilian National Telecommunications Agency is seizing incoming Flipper Zero purchases due to its alleged use in criminal activity, with purchasers stating that the government agency has rejected all attempts to certify the equipment. Flipper Zero is a portable multi-function cybersecurity tool that allows pentesters and hacking enthusiasts to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more. 

Related Posts