Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/26/2021

1 – Costco Issues Scam Warning

Costco Wholesale Corporation is warning American internet users to be wary of more than a dozen digital scams targeting its customer base. On its website, the American multinational corporation has published screenshots of 14 “prominent fraudulent emails, texts, and posts” in which cyber-criminals are impersonating Costco. The majority of the traps use financial benefits to lure victims, promising free products, financial reimbursements, exclusive offers, cash-back rewards, and gift cards worth $50. Many try to trick to victims into sharing their personal information by asking them to take a short survey in order to claim a prize. Cyber-criminals impersonating Costco are also exploiting the coronavirus pandemic to con customers. One scam tells shoppers that a Covid-19 stimulus package consisting of $130 of free merchandise will be given to “loyal Costco members” who fill in a customer survey.

 

2 – Ransomware gang wants to short the stock price of their victims

The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets. In a message posted on their dark web portal, the Darkside crew said it is willing to notify crooked market traders in advance so they can short a company’s stock price before they list its name on their website as a victim. The Darkside crew believes that the negative impact of having a traded company’s name listed on its website would be enough to cause its stock price to fall and for a crooked trader to make a profit. “While other ransomware families previously discussed how to leverage the effect of a publicly disclosed cyber attack on the stock market, they have never made it their official attack vector,” Dmitry Smilyanets, threat intel analyst at Recorded Future, told The Record today. “DarkSide becomes the first ransomware variant to make it formal.”

 

3 – The hidden risk of 2021: Insider threats

Emphasis on perimeter defense has long been a dominant conversation in cybersecurity, with malicious hackers and sophisticated cybercriminal groups behind most high-profile leaks and breaches. But not every threat originates outside the organization. Forrester predicts that insider data breaches will rise 8 percent in 2021 and that a third of all incidents will be caused internally, and many organizations are wholly unprepared to deal with these kinds of threats. With a largely remote workforce in 2021, the risk of insider threats has grown exponentially. Employees may be mixing personal and work behaviors and operating under less secure home networks, introducing consumer-rated and unknown IoT and family devices to the network. Accounting for the risks they bring is a critical concern for the year ahead, and cybersecurity professionals need a broader focus: what can we do about the guys on the inside? 

 

4 – Apple AirDrop security flaw exposes phone numbers and email address to nearby strangers

The file-sharing shortcut, which is available on iOS, iPadOS and macOS, allows users to quickly and easily send photos, documents and more when another Apple device is nearby. However, computer science researchers at the Technical University of Darmstadt have suggested the feature has a significant security flaw. In the team’s recently published paper, it’s suggested that strangers within nearby range of Apple devices with AirDrop turned on can lift email address and phone number information. Despite notifying Apple of the issue back in May 2019, no acknowledgement or fix for the flaw has since been rolled out to an estimated 1.5 billion affected devices, the team says. The researchers believe the problem stems from a couple of things.

 

5 – The Moon is going to get its own 4G network, thanks to this rugged lunar rover

From connecting offshore oil rigs and underground mines, to letting climbers livestream from 5,200 meters above sea level on Mount Everest: 4G networks are already capable of reaching some of the most remote spots on the planet. Now, the technology is gearing up for its next, extra-terrestrial challenge – to connect the Moon. NASA is planning to establish a sustainable human presence on the Moon by the end of the decade as part of its Artemis program, and with such a project inevitably comes a host of logistics issues. But although food, sleep or spacesuit design might be first to spring to mind, equally as important to life in outer space is appropriate communication. 

Related Posts