AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/08/2021

Crooks are getting smarter about exploiting SAP software, study finds

Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker managed to chain together multiple software exploits to target an SAP “credential store,” which stores login details for an organization’s high-value SAP users. Access to the credential store could give a hacker the ability to exploit other applications that interact with those credentials.

 

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Days after a massive Facebook data leak made the headlines, it seems like we’re in for another one, this time involving LinkedIn. An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.  While users on the hacker forum can view the leaked samples for about $2 worth of forum credits, the threat actor appears to be auctioning the much-larger 500 million user database for at least a 4-digit sum, presumably in bitcoin.

 

Privacy – Protecting Your Digital Footprint

There are many different definitions of “privacy.” We are going to focus on personal privacy, protecting the information about you that others collect. In today’s digital world, you would be astounded at all the different entities that not only collect information about you, but who then legally share or sell that information. Each time you browse or purchase something online; stream a video; buy groceries; search the web; visit your doctor; or use an app on your smartphone, smart TV, or other home devices, information about you is being collected. This information can be used to sell you goods or services, decide your interest rates for loans, or determine the type of medical care you get or the jobs you are eligible for. Additionally, if this information falls into the wrong hands, it can be used by cyber attackers to target and attack you. 

 

Facebook confirms ‘test’ of Venmo-like QR codes for person-to-person payments in US

Facebook confirms it’s testing a new QR code feature and payment links for use with Facebook Pay to make it easier for people in the U.S. to send or request money from one another. The QR code feature, similar to Venmo’s QR codes and others, will allow a user to scan a friend’s code with their smartphone’s camera to send or request money, while the sharable payment links will let you publish your payment address outside of Facebook itself. The addition was first spotted on Monday by MacRumors, which noted that users were being presented with a new “Scan” button in the Facebook Pay carousel at the top of the screen. When you tap this button, you’re launched into an experience where you can scan the other person’s code. The screen that displays the QR code also introduces the personalized payment URL in the format of “hXXps://m.me/pay/UserName,” which can also be sent to others when you’re making a payment or sending a request.

 

Your ‘smart home’ is watching – and possibly sharing your data with the police

You may have a roommate you have never met. And even worse, they are nosy. They track what you watch on TV, they track when you leave the lights on in the living room, and they even track whenever you use a key fob to enter the house. This is the reality of living in a “smart home”: the house is always watching, always tracking, and sometimes it offers that data up to the highest bidder – or even to police. This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit. The Washington Post recently reported – citing documents uncovered by researchers at the Georgetown school of law – that US Immigration and Customs Enforcement has been using this very playbook to buy up “hundreds of millions of phone, water, electricity and other utility records while pursuing immigration violations”.

 

China Creates Its Own Digital Currency, a First for Major Economy

A thousand years ago, when money meant coins, China invented paper currency. Now the Chinese government is minting cash digitally, in a re-imagination of money that could shake a pillar of American power. It might seem money is already virtual, as credit cards and payment apps such as Apple Pay in the U.S. and WeChat in China eliminate the need for bills or coins. But those are just ways to move money electronically. China is turning legal tender itself into computer code. Cryptocurrencies such as bitcoin have foreshadowed a potential digital future for money, though they exist outside the traditional global financial system and aren’t legal tender like cash issued by governments. China’s version of a digital currency is controlled by its central bank, which will issue the new electronic money. It is expected to give China’s government vast new tools to monitor both its economy and its people. By design, the digital yuan will negate one of bitcoin’s major draws: anonymity for the user.

Related Posts