AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/20/2022

Court reaffirms that data scraping isn’t hacking in LinkedIn appeal

The Ninth Circuit Court of Appeals on Monday reaffirmed a 2019 ruling that LinkedIn could not ban competitor hiQ Labs from scraping publicly available data on its platform by citing federal hacking laws. The case dates back to a 2019 lawsuit by HiQ Labs to block a cease-and-desist letter from LinkedIn aimed at halting the company from scraping public data from the social networking site. The court sided with hiQ Labs, deciding that LinkedIn couldn’t invoke federal hacking laws to stop the behavior as it likely did not violate them. LinkedIn appealed the case to the Supreme Court, which remanded the case back to the Ninth Circuit court this summer after its ruling in the Van Buren case, a landmark test of the extent of U.S. hacking laws. The case involved a former Georgia police officer who was accused of violating the Computer Fraud and Abuse Act (CFAA) by looking up license plate data in exchange for bribes. The Supreme Court issued a 6-3 ruling that his improper use of otherwise authorized access didn’t constitute hacking.


Newly found zero-click iPhone exploit used in NSO spyware attacks

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists. The previously unknown iOS zero-click security flaw dubbed HOMAGE affects some versions before iOS 13.2 (the latest stable iOS version is 15.4). It was used in a campaign targeting at least 65 people with NSO’s Pegasus spyware between 2017 and 2020, together with the Kismet iMessage exploit and a WhatsApp flaw. Among the victims of these attacks, Citizen Lab mentioned Catalan Members of the European Parliament (MEPs), every Catalan president since 2010, as well as Catalan legislators, jurists, journalists, and members of civil society organizations and their families.


Currency.com Confirms ‘Failed’ Russian Cyberattack Attempt

Currency.com confirmed that the crypto trading platform suffered a massive cyberattack attempt after it suspended its operations in Russia last week. The platform suffered a failed distributed ‘denial of service’ (DDoS) cyber-attack last Tuesday, it said in a press release shared with Finance Magnates. In addition, it stressed that the attack was unsuccessful and that all customer accounts and data are safe. In a DDoS attack, the hackers bombard a platform with multiple requests for its services, thus crashing its infrastructure. Earlier, Ukraine’s President Volodymyr Zelensky said that Russian hackers targeted the country’s defense ministry and finance sector with DDoS attacks.


Ransomware: This gang is getting a lot quicker at encrypting networks

A highly successful and aggressive ransomware gang is getting even faster at encrypting networks as they look to extort ransom payments from as many victims as possible.  Researchers at Mandiant examined ransomware attacks by a cyber-criminal group they refer to as FIN12 – responsible for one in five attacks investigated by the cybersecurity company – and found that there’s been a significant decrease in the amount of time between initially breaking into networks and their encryption with ransomware, most commonly Ryuk ransomware. 


Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers

Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang. Stating that the “impact of the incident was significantly less than the maximum potential impact” the company had previously shared last month, Okta said the intrusion impacted only two customer tenants, down from 366 as was initially assumed. The security event took place on January 21 when the LAPSUS$ hacking group gained unauthorized remote access to a workstation belonging to a Sitel support engineer. But it only became public knowledge nearly two months later when the adversary posted screenshots of Okta’s internal systems on their Telegram channel.


The evolving role of the lawyer in cybersecurity

The use of threat intelligence (information gathered from external sources about active or emerging threats to an organization) and threat hunting (finding adversaries lurking within an organization) are quickly becoming cornerstones of effective cybersecurity programs, and this was a central theme discussed at the ACC Foundation’s recent Cybersecurity Summit. However, when actionable threat intelligence is combined with the skills and powers of technically sophisticated lawyers, that can be a force multiplier, pivoting an organization’s cybersecurity posture from being reactive and defensive to active and aggressive.

Related Posts