AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/10/2022

Researchers Detail How Cyber Criminals Target Cryptocurrency Users

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. “As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies,” Proofpoint said in a new report. “The rise and proliferation of cryptocurrency has also provided attackers with a new method of financial extraction.” The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of cryware wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers.


Russia, China, warn US its cyber support of Ukraine has consequences

Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal. The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia’s illegal invasion. While many nations occasionally mention they possess offensive cyber-weapons and won’t be afraid to use them, admissions they’ve been used are rare. US Cyber Command chief General Paul Nakasone’s public remarks to that effect were therefore unusual. China addressed the American ops at its daily foreign affairs briefing on June 8, when spokesperson Zhao Lijian said “The US needs to explain to the international community how these ‘hacking operations’ are consistent with its professed position of not engaging directly in the Russia-Ukraine conflict.”


How CISA’s list of “must-patch” vulnerabilities has expanded in both size, and in who’s using it

When the Cybersecurity and Infrastructure Security Agency debuted its list of known, exploited vulnerabilities in November, it was nearly 300 flaws long and came attached to an order for federal agencies to fix them quickly. Now, as of this week, the catalog known as “KEV” or the “Must-Patch” list is well on its way to 800 listings, and it’s the “No. 1 topic” that CISA Executive Director for Cybersecurity Eric Goldstein says comes up in his frequent, daily meetings with businesses. The reason, said Goldstein, is that the private sector has — without any order from his agency — adopted the KEV list as a guide for the vulnerabilities they focus on, rather than relying on the traditional open-source industry standard Common Vulnerability Scoring System for assessing the severity of software weaknesses.


Google is using AI to anticipate your web browsing needs

Google has announced a number of machine learning improvements for its Chrome web browser to enhance safety and add personalised features. Chrome already uses machine learning to make images more accessible for people with vision issues, or to generate real-time captions on videos. In March, the browser received a new built-in phishing detector that uses machine learning (ML). Google said this new model identifies 2.5 times more potentially malicious sites and phishing attacks than the previous model. The tech giant now plans to use AI to improve how the web browser handles permission requests for notifications. “On the one hand, page notifications help deliver updates from sites you care about; on the other hand, notification permission prompts can become a nuisance,” said Google software engineer Tarun Bansal.


Experts, NSA cyber director say ransomware could threaten campaigns in 2022

With the 2022 election season around the corner, campaigns of all sizes need to be prepared for a widened set of potential cybersecurity risks, experts and a top intelligence official said. “The worry in all of election security is trust and confidence — that we’ve delivered a safe and secure election,” National Security Agency cyber director Rob Joyce told CyberScoop at a media roundtable at the 2022 RSA Conference on Wednesday. “And if you know if elections are subject to ransomware, or if there’s a botnet that runs a denial of service, what you’ll find is that’s probably going to, in this day and age, escalate and be an issue of trust. Joyce noted that NSA tends to play a supporting role to the Department of Homeland Security’s CISA, but both botnets and ransomware fall within the agency’s technical lane and are cause for concern ahead of 2022.

Related Posts