AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/30/2022

AMD targeted by RansomHouse, attackers claim to have ‘450Gb’ in stolen data

If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse says it obtained the files from an intrusion into AMD’s network on January 5, 2022, and that this isn’t material from a previous leak of its intellectual property. This relatively new crew also says it doesn’t breach the security of systems itself, nor develop or use ransomware. Instead, it acts as a “mediator” between attackers and victims to ensure payment is made for purloined data. RansomHouse said on its Tor-hidden website that it was holding “450 Gb” – it’s unclear whether the group actually means “gigabytes” or “gigabits” – and uploaded samples of the data. The material was stolen from AMD in January, according to the miscreants.

 

Ukraine arrests cybercrime gang operating over 400 phishing sites

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors’ payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control. According to the police’s estimates, the total damage caused by this cybercrime operation is 100 million hryvnias, or approximately $3,360,000, stolen from roughly 5,000 victimized citizens. Citizens who have entered personal details on any of the following domains should consider themselves compromised and report it to the cyberpolice and their bank to receive further instructions.

 

California DOJ data breach exposes personal information of all concealed carry permit holders across state

The names, addresses and license types of all concealed carry permit holders in California were exposed after the state Department of Justice suffered a data breach, authorities said Tuesday. The Fresno County Sheriff’s Office on Tuesday learned of the breach from the California State Sherriff’s Association, according to a statement. The breach occurred as part of the state DOJ’s launch of its “2022 Firearms Dashboard Portal,” the sheriff’s office said in the statement. “This public site allows access to certain information, however, personal information of Concealed Carry Weapon (CCW) permit holders is not supposed to be visible,” the agency said.

 

Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others

The new head of Israel’s National Cyber Directorate (INCD) has announced the nation intends to build a “Cyber-Dome” – a national defense system to fend off digital attacks. Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February. Portnoy is a 31-year veteran of the Israeli Defense Forces, which he exited as a brigadier general after also serving as head of operations for the Intelligence Corps, and leading visual intelligence team Unit 9900. “The Cyber-Dome will elevate national cyber security by implementing new mechanisms in the national cyber perimeter, reducing the harm from cyber attacks at scale,” Portnoy told a conference in Tel Aviv. “The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. The Dome is a new big data, AI, overall approach to proactive defense. It will synchronize nation-level real-time detection, analysis, and mitigation of threats.”

 

Deepfaking crooks seek remote-working jobs to gain access to sensitive data

The FBI has issued a warning that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs. The FBI’s Internet Crime Complaint Center (IC3) says there has been an increase in reports that deepfake video and audio is being used by criminals when applying for positions that involve access to personal identifiable information (PII), financial data, corporate IT databases, and proprietary information. According to the warning, the fraudsters can also use stolen PII when applying for remote positions, perhaps to skirt around pre-employment background checks.

 

Leaky Access Tokens Exposed Amazon Photos of Users

The Amazon Photos app for Android insufficiently protected user access tokens, according to a blog post published on Wednesday. Theoretically, with exposed tokens, an attacker could’ve accessed users’ personal data from a number of different Amazon apps – not just Photos but also, for example, Amazon Drive. They also could have performed a ransomware attack, locking up or permanently deleting photos, documents and more. The findings were first reported to Amazon’s Vulnerability Research Program on November 7th of last year. On December 18th, Amazon announced that the issues had been fully resolved.

Related Posts