AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/07/2021

1 – Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know

A new SMS malware campaign capable of stealing passwords and banking credentials has started spreading like wildfire in recent weeks. So much so that mobile carriers and law enforcement agencies alike have been prompted to issue warnings about the so-called FluBot campaign. “What’s unique about the campaign is that it has different kill chains depending on whether the target uses an iOS or Android device,” Hank Schless, senior manager of security solutions at Lookout, said. Writing in a blog on the rise of FluBot, Schless explained that clicking the link in the SMS will take iOS users to cloned online banking pages.


2 – 3 Companies Settle Over Millions of Fake Comments on FCC’s Net Neutrality Rollback

Three companies responsible for millions of fake comments submitted to the Federal Communications Commission ahead of its 2017 vote to repeal net neutrality have entered into settlements with the New York Office of Attorney General.  New York Attorney General Letitia James announced the settlements Thursday along with the results of a multiyear investigation and recommendations for agencies to fix the comment-making process. According to the report, nearly all of the 22 million comments regarding the net neutrality vote were fraudulent and represent coordinated attempts to sway the process government agencies use to help guide decision-making when finalizing rules and regulations. 


3 – Russian agent accused of interfering in US elections is back meddling online, Facebook says

A man the U.S. intelligence community has assessed is an active Russian agent who interfered in U.S. elections is back stirring the pot on Facebook, the company announced Thursday. But this time, Andriy Derkach and associates appear to have been running influence operations targeted at Ukraine, not the U.S., Facebook said. The Treasury Department previously sanctioned Derkach, whom Treasury identified as being an “active Russian agent for over a decade,” for his alleged interference in U.S. elections. Facebook said it removed the Ukraine-targeted campaign, which used fake accounts and its own websites to amplify its messaging, for violating its coordinated inauthentic behavior policy last month. The campaign, which Facebook first caught onto following a tip from the FBI, focused on Ukraine politics and anti-Russia content. It’s not clear why a reputed Russian agent would circulate anti-Russia materials. The operators used multiple social media platforms and seemingly independent media websites and social media accounts to circulate content.


4 – IoT Security: Be Aware of What You Connect at Home

Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks. McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices. Most of these new devices connect via home routers (another IoT device), 5G mobile broadband and satellite internet. These are new frontiers for threat actors, which means a new set of security concerns if you are not prepared. The more devices connected at home, the bigger the attack surface. One of the biggest unsolved problems is the point of access — the router that IoT, mobile and wearable devices often connect to. For one, these devices aren’t designed well enough or configured by the users properly. However, the real problem is that routers can still be breached and lead to compromise on the devices they connect.


5 – Someone Modified An AirTag To Make It Fit Into A Wallet

Apple’s AirTag launched last month and for the most part, it is very functional. Reviews have heaped praise on the accessory, although one chief complaint/feedback that we’ve seen is that Apple should have designed it to make it more wallet-friendly, since along with keys, wallets are things we sometimes forget to take with us or lose. In fact, Apple’s competitor Tile already has trackers designed for wallets, so why not the AirTag too, right? Not feeling content with the current design, YouTuber Andrew Ngai decided to modify his AirTag and make it more wallet-friendly. He basically disassembled the device and separated it from its casing, and then putting it into a new slimmer card-shaped case. It might sound simple, but it was actually a rather complicated process. This is because in order to remove the components from the case, the AirTag had to be heated up to 150F. Also, he had to relocate the battery to reduce the thickness and also come up with a way for the AirTag to draw power from it.

Related Posts