AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/09/2021

Software bug to blame for global internet outage, Fastly says

Fastly, the company behind a major global internet outage this week, said on Wednesday the incident was caused by a bug in its software that was triggered when one of its customers changed their settings. Tuesday’s outage raised questions about the reliance of the internet on a few infrastructure companies. Fastly’s issue knocked out high traffic sites including news providers such as The Guardian and New York Times, as well as British government sites, Reddit, and Amazon.com. “This outage was broad and severe, and we’re truly sorry for the impact to our customers and everyone who relies on them,” the company said in a blog post authored by Nick Rockwell, its senior engineering and infrastructure executive. He said the problem should have been anticipated.

 

Operators of MoviePass Subscription Service Agree to Settle FTC Allegations that They Limited Usage, Failed to Secure User Data

The operators of the MoviePass subscription service have agreed to settle Federal Trade Commission allegations they took steps to block subscribers from using the service as advertised, while also failing to secure subscribers’ personal data.  Under the proposed settlement, MoviePass, Inc., its parent company Helios and Matheson Analytics, Inc. (Helios), and their principals, Mitchell Lowe and Theodore Farnsworth, will be barred from misrepresenting their business and data security practices. In addition, any businesses controlled by MoviePass, Helios, or Lowe must implement comprehensive information security programs.  “MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information,” said Daniel Kaufman, the FTC’s Acting Director of the Bureau of Consumer Protection. “The FTC will continue working to protect consumers from deception and to ensure that businesses deliver on their promises.”

 

Chip shortages could last into 2023, warns electronics giant Flex

Global chip shortages could last significantly longer than expected, continuing until at least the middle of next year, and possibly into 2023. The warning was given by contract manufacturing giant Flex.  It follows another warning by an Apple supplier in Taiwan that chip production there will be affected unless the country can get a better supply of vaccines. The pandemic saw many chip fabrication plants forced to close or reduce capacity for a period, and catching up afterwards is difficult due to the lengthy timeframes involved in building new plants and bringing them online. It typically takes around two years from breaking ground to the first chips rolling off the production line. Apple has been better insulated than most tech companies by virtue of having TSMC make its own A-series and M1 chips, and the sheer size of the company enabling it to negotiate priority supplies from other chipmakers. Even so, the company can still struggle to obtain enough supplies of more generic chips, like display drivers.

 

SIM swapping victim alleges T-Mobile failed to stop $20,000 cryptocurrency scam

A Pennsylvania woman who lost the equivalent of $20,000 in cryptocurrency as part of a mobile fraud scheme says T-Mobile failed to protect her account in the face of a wave of similar incidents. Sima Kesler, in a complaint filed Wednesday in Pennsylvania Eastern District Court, alleges she was the victim of a May 2020 SIM swapping scheme, in which scammers convince a phone carrier to give them control of an individual user’s account. With control of a victim’s phone information, thieves can receive text messages and access unrelated accounts tied to the victim’s mobile number. In this case, Kesler says she stored roughly $20,000 in a Coinbase account connected to her T-Mobile subscription.

 

Fujifilm refuses to pay ransomware demand, restores network from backups

Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan last week and is instead relying on backups to restore operations.  The company’s computer systems in the US, Europe, the Middle East and Africa are now “fully operational and back to business as usual”, a Fujifilm spokesperson told Verdict.  Fujifilm – once known for selling photographic film but now produces biotechnology, chemical and other digital imaging products – detected unauthorized access to its servers on 1 June. On 4 June it confirmed a ransomware attack was affecting a “specific network” in Japan and that it shut down “all networks and server systems” while it investigated the “extent and scale” of the attack. Fujifilm said it would not comment on the amount demanded by the ransomware gang.

Related Posts