AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/31/2022

Paper reveals a quarter of the world’s internet users rely on infrastructure that is susceptible to attacks

About a quarter of the world’s internet users live in countries that are more susceptible than previously thought to targeted attacks on their internet infrastructure. Many of the at-risk countries are located in the Global South. That’s the conclusion of a sweeping, large-scale study conducted by computer scientists at the University of California San Diego. The researchers surveyed 75 countries. “We wanted to study the topology of the internet to find weak links that, if compromised, would expose an entire nation’s traffic,” said Alexander Gamero-Garrido, the paper’s first author, who earned his Ph.D. in computer science at UC San Diego. 


Fraud had ‘significant’ role in $163 billion leak from pandemic-era unemployment system

More than $163 billion in benefits likely leaked from the unemployment system during the pandemic, with a “significant portion” attributable to fraud, according to a U.S. Department of Labor report. Congress created many new programs in March 2020 to support millions of people who lost their jobs from the Covid-19 fallout. Together, the programs raised weekly benefits, increased their duration and expanded the pool of workers eligible for payments. They ended last September, though many states opted out sooner. In that time, the federal government issued almost $873 billion in total unemployment payments, the Labor Department said in a semiannual report to Congress released Thursday.


This Facial Recognition Site Is Creeping Everyone Out

A facial recognition tool called PimEyes has recently gone from unknown to infamous. PimEyes makes it easy to find pictures of people that are strewn across the internet. That isn’t necessarily surprising—reverse image searches have been a thing for years—but it turns out PimEyes is astoundingly good at identifying people with naught but a single photograph. The New York Times reports that it found years-old pictures even if the sample image featured people wearing sunglasses or face masks. Other factors such as different facial hair, new hair styles, or the passage of time didn’t seem to make all that much of a difference either. For some a tool like PimEyes could be little more than a novelty. But for others it’s a nightmare.


Microsoft to roll out security defaults to millions more worldwide

Microsoft announced this week that it’s rolling out security defaults to existing customers who have yet to enable the defaults or Azure AD Conditional Access, applying the defaults to millions of more customers. The software giant introduced security defaults in October 2019 for new tenants with basic security hygiene in place, especially multi-factor authentication (MFA) and modern auth requirements, regardless of license, Alex Weinert, Microsoft’s director of identity security, wrote in the announcement. Since then, more than 30 million organizations are protected by the defaults and experience 80% fewer compromises than the overall tenant population, he continued. However, tenants created before October 2019 were not included in the defaults unless they explicitly enabled features such as Conditional Access, Identity Protection and MFA — until now.


GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. GitHub disclosed this security breach on April 15, three days after discovering the attack, when the malicious actor gained access to npm production infrastructure. The threat actor escalated their access using a compromised AWS access key, acquired after downloading multiple private npm repositories using the stolen OAuth user tokens in the initial stage of the attack.


Man who helped Infraud cybercrime cartel steal millions of credit cards sentenced

A Brooklyn resident was sentenced to four years in federal prison this week after pleading guilty to being an integral member of the Infraud Organization, a cybercrime cartel that stole over four million credit and debit card numbers and cost victims more than $568 million dollars. John Telusma – a 37-year-old who went by “Peterelliot” online – is the 14th member of the Infraud gang to be charged in connection to the group’s activities, which the Justice Department said involved the “mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, computer malware, and other contraband.” Telusma joined Infraud in August 2011 and spent more than five years helping the group monetize their credit card theft. The group spent years marketing troves of stolen bank account information, PayPal accounts and more that gave members free rein to buy flights and concert tickets.

Related Posts