AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/04/2023

FCC fines robocaller a record $300M after blocking billions of their scam calls

The FCC’s robocaller penalties are growing as the agency tracks down and terminates their operations — this time resulting in a record $300 million forfeiture. But whether and when that money will be paid is, as always, something of an open question. The robocaller in this case was known by a variety of names and had been scamming people since 2018, as the FCC announcement explains: This enterprise operated a complex scheme designed to facilitate the sale of vehicle service contracts under the false and misleading claim of selling auto warranties.


The Power of Password Managers

Like most people, you likely find creating, managing, and remembering all your different passwords a daunting task. It seems like every website has different password rules and many require additional security measures such as security questions. Wouldn’t it be great if there was a single solution to take care of all your password problems? There is. It’s called a password manager.


Google is making it easier to remove your private information from Search

Google has announced several updates to Search aimed at making it easier for people to control information about them that appears in results. The company released a tool last year to help people take down search results containing their phone number, home address or email. Now, the company has updated the “results about you” tool to make it more effective. A new dashboard will become available in the coming days that will let you know when such personal information pops up in Search. When you get an alert, you’ll swiftly be able to ask Google to remove those results.


Old-school hacktivism is back because it never went away

Hacktivism may have dropped off of organization radars over the past few years, but it is now very visibly coming from what is believed to be Bangladesh, thanks to a group tracked by cybersecurity firm Group-IB. Mysterious Team Bangladesh (MTB) first appeared in 2020, but didn’t really get going until mid-2022. The bulk of its activity took place after June 2022 and hit its peak (so far) in May of the same year. Group-IB found that between June 2022 and July 2023, MTB carried out 846 attacks, of which over 77 percent occurred between February and May 2023. “There are dozens of active hacktivist groups at present,” said Group-IB in a Thursday blog post. It called MTB “particularly active, notorious, and highly organized.”


How Malicious Android Apps Slip Into Disguise

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. Aleksandr Eremin, a senior malware analyst at the company, told KrebsOnSecurity they recently encountered a number of mobile banking trojans abusing a bug present in all Android OS versions that involves corrupting components of an app so that its new evil bits will be ignored as invalid by popular mobile security scanning tools, while the app as a whole gets accepted as valid by Android OS and successfully installed.


Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common techniques. In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities. 

Related Posts