AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/04/2023

IRS System Doesn’t Meet All Cloud Security Requirements, Watchdog Says 

The IRS’s Enterprise Case Management System did not always meet established cloud security requirements, the Treasury Department’s Inspector General found. In a new report, the IG found the IRS did not meet every agency guideline for cloud operations, despite running the ECM system—a hybrid cloud system aimed at modernizing and consolidating the IRS’s legacy case management system—under the agency’s cloud authorization. The system “processes and stores sensitive information within the IRS, providing restricted access to IRS employees via the Internet,” the report noted. According to the IG, “control weaknesses within the ECM system can pose a substantial risk to taxpayer records currently residing in the system. The potential harm includes breach, unauthorized access and disclosure of taxpayer information.” 

 

TikTok to Comply With US Law, Protect User Data From China 

TikTok and its parent company ByteDance will continue to safeguard US user data from China, Erich Andersen, general counsel for TikTok has confrimed. ByteDance is developing technologies “to make it physically impossible for any government, including the Chinese government, to access US user data,” Andersen made the claims in an interview with The Associated Press (AP) on Friday. The attorney also highlighted ByteDance’s intentions to make Lemon8, a photo- and video-sharing app released in China in 2020 and currently being tested in the US, just as secure. “We’re obviously going to do our best with the Lemon8 app to comply with US law and to make sure we do the right thing here. But I think we [have] got a long way to go with that application — it’s pretty much a startup phase.” 

 

A Serial Tech Investment Scammer Takes Up Coding? 

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “CodesToYou,” which purports to be a “full cycle software development company” based in the U.K. Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. 

 

Feds seize $112 million connected to cryptocurrency ‘pig butchering’ scams 

The Justice Department said Monday that it seized nearly $112 million worth of cryptocurrency connected to investment scams after warrants were obtained in Arizona, California and Idaho. The seizures are part of a larger effort to address confidence schemes known colloquially as “pig butchering,” in which scammers develop long-term relationships with victims online before convincing them to invest in fraudulent cryptocurrency trading platforms. The department did not name any specific people, companies, or platforms connected to the seized funds but said the FBI’s office in Phoenix is still investigating the case. The funds were in six digital currency accounts, the DOJ’s announcement said. 

 

My phone, my credit card, my hacker, and me 

It was a Friday in July when I first noticed something seemed off. I was spending some time with my family on a gorgeous summer day, swimming and drinking beer and ignoring my phone as much as possible. When I finally checked my notifications, I had two alerts from Verizon. Both contained authorization codes — the kind of security measure they take when you make changes to your account. There was also a receipt from Verizon for $0 and a message thanking me for activating my new device. I immediately checked my Verizon account, but nothing seemed amiss. The receipt seemed like a glitch — as if Verizon had belatedly billed me for the phone, which I’d activated four months prior. In hindsight, I should have been more suspicious. I should have called Verizon right away. But why would I want to spend the day in customer-service hell when I could spend it on a boat? 

Related Posts