AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/07/2023

Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms 

Cybersecurity agencies in the U.S. and Canada warned Thursday that threat actors are using new TrueBot malware variants to steal data from victims. In an advisory co-written by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS), the organizations said that as recently as May 31 they observed a surge in financially motivated TrueBot activity. 


Google’s going to scrape the entire public Internet to train its AI tools and there’s nothing we can do about it 

Google’s latest privacy policy update isn’t necessarily surprising, but it does also set off some alarm bells. Particularly for those who already have their doubts over the AI revolution.  As highlighted by Gizmodo the latest statement on the search giant’s privacy policy contains a key update relating to AI: “For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.” 


Shell Becomes Latest Cl0p MOVEit Victim 

Shell, the multinational oil and gas company, has confirmed that it is the victim of a MOVEit hack, revealing that personal information regarding its employees was compromised. According to a July 5 statement: “A cybersecurity incident has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform. MOVEit Transfer is used by a small number of Shell employees and customers. This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating. Some personal information relating to employees of the BG Group has been accessed without authorization.” 


Threads—Exactly How Private Is Meta’s New Twitter Challenger? 

A week ago, most people hadn’t even heard of Threads, Meta’s new Twitter rival. Fast-forward to now and Threads is the most rapidly downloaded app ever, having reached 30 million users just 16 hours after launch. Threads collects a lot of data. According to the privacy label, which I sourced from Apple’s App store, data linked to you includes your location, health and fitness information, browsing history, “sensitive information” and search history. This also includes your contact information such as physical address, email and phone number. 


Scammers using AI voice technology to commit crimes 

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents, according to IDIQ. The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. “AI voice cloning scams are the scariest thing I have seen in the last 20 years,” said Scott Hermann, CEO of IDIQ and a cybersecurity and financial expert. 

Related Posts