AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/19/2022

Cybercriminals do their homework for latest banking scam

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. The FBI’s Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework. “In addition to knowing the victim’s financial institution, the actors often had further information such as the victim’s past addresses, social security number, and the last four digits of their bank accounts,” the IC3 said. The con starts off as many that target individuals do nowadays: With a text message. In this case it’s not a phishing attempt, it’s an attempt to ascertain whether the person receiving the message is susceptible to further manipulation.

 

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

Boris Johnson has been told his Downing Street office has been targeted with “multiple” suspected infections using Pegasus, the sophisticated hacking software that can turn a phone into a remote listening device, it was claimed on Monday. A report released by Citizen Lab at the University of Toronto said the United Arab Emirates was suspected of orchestrating spyware attacks on No 10 in 2020 and 2021. Pegasus is the hacking software – or spyware – developed, marketed and licensed to governments around the world by the Israeli firm NSO Group. It has the capability to infect phones running either iOS or Android operating systems.

 

Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active. MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets. In cryptocurrency lingo, a seed is a secret recovery phrase consisting of 12 words that protect access to the wallet’s content. Storing the wallet seed in iCloud practically means that if an owner has their Apple account compromised, their digital assets are also at risk.

 

Funky Pigeon suspends orders after cyber-attack

The online greetings card and gifts business Funky Pigeon has stopped taking orders after being hit by a cyber-attack last week. The company said it was writing to all customers from the past 12 months to inform them of the hack, saying no payment data was at risk and it did not believe account passwords had been affected. The WH Smith-owned company said it had taken its systems offline as a precaution and was therefore unable to fulfil any orders. It said: “As soon as we discovered the incident last Thursday, we launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data.

 

APAC consumers share more data, but will ditch firms over security breach

Consumers in Singapore and Australia share more personal information now than they did two years ago, but more in the two Asian markets will ditch service providers that suffer a data breach than their global counterparts. The former also are disgruntled about having to provide their data to use online services. Some 67% of respondents across Singapore and Australia felt they had little choice but to divulge their personal information in order to use online services. In fact, 54% said they shared their data with so many organisations online each day that they could not verify each company’s ability to safeguard personal data, according to a survey commissioned by security vendor Imperva. 

 

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps

Last month, Dark Reading released an enterprise application security survey that raised serious concerns by IT and security teams about the state of low-code/no-code applications. The survey exposed a deep lack of visibility, control, and knowledge necessary to maintain the level of security maturity expected in the enterprise. Here we will look at concrete concerns raised by the survey, examine their root causes, and offer recommendations on ways to address them today.

Related Posts