AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/19/2021

1 – iPhone calendar spam attacks on the rise

Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as “calendar spam.” Calendar spam became a big problem for Apple’s iCloud calendars back in 2016. At that time, Apple put some protections in place on iCloud to prevent these issues. Whatever they did was working, up until recently. Let’s take a look at how the scammers have changed their tactics. Users will encounter a scam web page like the following one (though this is just an example). These pages are reached via a number of techniques, including malvertising, compromised WordPress sites, and Search Engine Optimization (SEO) tricks. In this case, the page displays a fake captcha that users are expected to tap in order to prove they’re not a bot.


2 – Russia spy chief suggests West behind SolarWinds cyber-attack

In an exclusive interview with BBC Moscow correspondent Steve Rosenberg, the head of Russia’s Foreign Intelligence Service has denied that his agency was linked to a massive cyber-attack in the US last year. Sergei Naryshkin was responding to accusations from UK and US authorities that Russian intelligence carried out the SolarWinds attack, which was described as the world’s most sophisticated hack. Mr Naryshkin suggested it was Western intelligence that may have orchestrated the operation. Russia’s spy chief also revealed that contact has been re-established with the head of Britain’s secret intelligence service MI6, and that he hopes for a face-to-face meeting soon.


3 – Amazon’s Sidewalk Network Is Turned On by Default. Here’s How to Turn It Off

Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is. I suspect most of those people would be even more surprised to know that it’s turned on by default on every one of their devices. I’ll get to that part in just a minute. First, let’s talk about Sidewalk. The idea behind is actually really smart–make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn’t located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.


4 – Spotting cryptocurrency investment scams

Cryptocurrency has gotten lots of attention as a new way to invest. But here’s the thing: scammers are taking advantage of people’s understanding (or not) of cryptocurrency investments, and how they work. And younger people are losing big. In fact, the FTC’s new data spotlight shows that, since October 2020, nearly 7,000 people reported losses to bogus cryptocurrency investments, adding up to more than $80 million. People ages 20-49 were more than five times more likely than other age groups to report losing money on those scams. But here’s an even more striking point: people in their 20s and 30s have lost more money on investment scams than on any other type of fraud. And more than half of their reported investment scam losses — $35 million — were in cryptocurrency.


5 – Google will notify you about compromised passwords — and let you change them quickly

Google introduced new features for password protection at its virtual developer conference Google IO today. One of the most notable features was sending alerts for your compromised credentials and let you change them quickly through Chrome. The company’s password manager — built into Chrome and Android — will automatically send you an alert when one of your saved passwords is part of a data breach. But that’s not all: the company is introducing will let you also change it quickly in Chrome, so you don’t have to sign in to the site, and go to the change password field. Google said that this feature is powered by its Duplex on web AI platform.


6 – When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar

Members of the cybersecurity community at large know that learning opportunities present themselves every day. The purpose behind this investigative anecdote on the “water watering hole” is educational and highlights how sometimes two intrusions just don’t line up together no matter how much coincidence there is. We hope you will agree after reading this that intelligence and intrusion analysis are not always what they seem.  Our story begins in Oldsmar, Florida on Monday 8 February 2021, when the Pinellas County Sheriff held a press conference. The sheriff, Oldsmar mayor, and city manager described a water poisoning attempt at the city’s water treatment plant the previous Friday. This unprecedented event made both a stir in the media and among Dragos’ team of adversary hunters. 

Related Posts