AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/25/2023

IT staffers would help colleagues avoid monitoring software

The use of invasive monitoring software that tracks employee productivity is unlikely to be popular with workers — and it turns out IT staffers aren’t keen on deploying the technology either. In fact, many IT workers are apparently willing to defy company policy and help colleagues find workarounds to avoid being spied on by the boss. That’s according to a survey of 500 IT managers and 500 non-manager IT workers in the US conducted by Wakefield Research on behalf of digital employee experience software vendor 1E. The survey results were made public last week. Almost three quarters of IT managers (72%) surveyed said they’d defy company policy to help co-workers dodge a corporate monitoring application.


These two countries are teaming up to develop AI for cybersecurity

Singapore and France have announced plans to set up a research facility to jointly develop artificial intelligence (AI) capabilities that can be applied in cyberdefense. The agreement between Singapore’s Ministry of Defence (Mindef) and France’s Ministry of the Armed Forces (MOAF) will see both countries collaborate in potential research, such as AI for geospatial analysis, natural language processing to extract information for analysis, and computer vision for monitoring image and video feeds to identify potential threats across various environmental conditions. 


Tangled Up: ‘Tomiris’ APT Uses Turla Malware, Confusing Researchers

Certain campaigns previously connected to the Russian advanced persistent threat (APT) Turla were actually conducted by what appears to be an entirely separate group researchers have named “Tomiris.” Turla (aka Snake, Venomous Bear, or Ourobouros) is a notorious threat actor with ties to the Russian government. Over the years it has utilized zero-dayslegitimate software, and other means to deploy backdoors in systems belonging to militaries and governmentsdiplomatic entities, and technology and research organizations. In one case, it was even linked, through its Kazuar backdoor, to the SolarWinds breach.


Yellow Pages Canada confirms cyber attack as Black Basta leaks data

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend. Founded in 1908, the Yellow Pages Group today owns and operates the YP.ca and YellowPages.ca websites, along with Canada411 online service.


Thousands of Social Media Takedowns Hit People Smugglers

The UK’s National Crime Agency (NCA) has hailed a “landmark agreement” with the big five social media companies, which it claimed is helping law enforcers disrupt the work of people smugglers. The Home Office-backed agreement was finalized around a year ago with Twitter, TikTok, Instagram, Facebook and YouTube. Acting on intelligence supplied by the NCA, the social media firms have during the intervening time removed or suspended over 3300 posts, pages or accounts associated with people smuggling and organized crime, the agency claimed.


Mandiant’s ‘most prevalent threat actor’ may be living under your roof – the teenager

While some spend sleepless nights worrying about the big four nation-state cyber threats, you shouldn’t underestimate the ones possibly living under your roof: teenagers. “One of the most prevalent threat actors in the United States today that is…really hard to defend against: it’s the teenagers,” said Charles Carmakal, CTO of Google Cloud’s Mandiant Consulting, at a threat intelligence panel at the outskirts of RSA Conference in San Francisco. “There’s a number of [teenage] groups that we’re actively tracking.”

Related Posts