AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/06/2023

Singapore tells crypto operators: act like grown up financial institutions 

Singapore has joined the ranks of nations requiring digital payment operators to follow the same sort of regulations and customer protection requirements that apply to conventional financial institutions. In measures floated in October 2022 and to be enacted by the end of 2023, Singapore’s Monetary Authority (MAS) will require operators to hold customer assets under a statutory trust segregated from their own assets. Crypto outfits are also barred from facilitating retail customer lending and staking – the term for locking up crypto assets for a set time to support blockchain validation. Operators will also be required to reconcile customer assets daily, keep proper records, maintain access and operational controls to customer digital payment tokens (DPTs) in Singapore, and provide risk disclosures. 


Stop Those Phone Call Scams 

David was busy watching his favorite streaming series when he got a phone call from a number he did not recognize. The area code was the same as his, so he assumed it was someone local and answered the phone. Right away David was asked to confirm his full name. The caller then stated that he was from the police department and that a warrant had been issued for David’s arrest. David’s taxes were outstanding and if they were not paid in the next 24 hours, the police would have to arrest him. David was terrified and asked what he needed to do. 


Japan’s largest port halts operations due to cyberattack 

The port of Nagoya, the largest in Japan in loading and unloading, and responsible for exports of important Japanese companies, suffered a cyberattack on its system and was still unable to resume operating Thursday morning. The port of departure for exports from companies including car maker Toyota, the facility experienced a glitch Tuesday detected by an employee when he was unable to turn on a computer, local port authorities said. A printer connected to this system printed a notice reading “Lockbit” indicating that the system was infected with “ransomware,” a type of malicious program that demands a reward to restore access to computer data, according to the same source detailed to the public channel NHK. 


Over 130,000 solar energy monitoring systems exposed online 

Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units. Cyble’s threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI. 


Microsoft investigates Outlook.com bug breaking email search 

Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors. When searching, users see an error saying, “Sorry, something went wrong. Please try again later.” “Our initial review of Outlook.com server logs, in parallel with HTTP Archive format (HAR) logs captured during an internal reproduction of impact, indicates 401 errors are occurring due to an exception when users attempt to perform the search,” Microsoft says on the service health portal. 


Want to Delete Your Threads Profile? Then Delete Your Instagram Account, Says Meta 

Threads, Meta’s alternative to Twitter, has officially launched. But users thinking of installing the social media app just to check it out should be aware that you can’t delete your Threads profile without also deleting your Instagram account. Meta describes Threads as “Instagram’s text-based conversation app,” and there’s purpose in that precise phrasing. It doesn’t just mean that your Instagram username ports over to Threads and that you have the option to follow the same people you follow on Instagram. It also means that once you create a Threads profile, there’s no way to delete it unless you’re prepared to delete your Instagram account wholesale. 

Related Posts