AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/06/2020

New feature lets you easily fact-check WhatsApp messages

After addressing those who just mindlessly forward messages to all their contacts, the company is now targeting those who want to be responsible and fact-check WhatsApp messages before forwarding them. We’re piloting a simple way to double check these messages by tapping a magnifying glass button in the chat. Providing a simple way to search messages that have been forwarded many times may help people find news results or other sources of information about content they have received. This feature works by allowing users to upload the message via their browser without WhatsApp ever seeing the message itself. Search the web is being rolled out starting today in Brazil, Italy, Ireland, Mexico, Spain, UK, and US for those on the latest versions of WhatsApp for Android, iOS and WhatsApp Web.


Cyber-Criminals Ease Off Travel Industry

Cyber-criminals are redirecting their attacks from the travel and hospitality industry to the computer and IT sector.  According to new research by Specops Software, four in five businesses in the computer and IT industry have seen an increase in cybercrime threats since COVID-19 made working from home the new normal. The percentage of businesses attacked in this sector was higher than that found to exist in any other field. While cyber-attacks against the travel and hospitality sector have gone up since the global health pandemic began, the increase was the smallest one experienced by any industry. The findings were the result of a survey that asked 2043 business owners across 11 different sectors how many cybercrime threats or attempts they had experienced since making the switch to remote working.


Ahead of US election, Google bans ads linking to hacked political content

Ahead of this year’s US presidential election, Google announced on Friday a new policy for its advertising platform, banning ads that promote hacked political materials. The new rule is set to enter into effect on September 1, 2020, Google said in a support page announcing the new rule. Once the rule comes into effect, third-party entities won’t be able to purchase ad space inside the Google Ads platform that link directly or indirectly to hacked content that was obtained from a political entity. Ads linking to news articles or other pages discussing the hacked political content are allowed, as long as the article or page to which the ad links does not link itself to the hacked political content.


YouTube is experiencing an egregious bitcoin hack that no one is fixing

Overnight, a Bitcoin scam livestreamed on Front Page Tech reached over 100,000 viewers, likely faked through botting to push the video onto people’s frontpages. As noted by Rene Ritchie, at one point YouTube was recommending the video to users. Jon Prosser has confirmed that the channel’s 2FA was “bypassed”, possibly by a sim swap, and that hackers had made $4,000 in Bitcoin so far. At about 7pm ET, Prosser Tweeted noting that all the videos on Front Page Tech had been deleted, a couple of hours later, the entire channel had gone from YouTube. It is unclear at this time whether the channel has been deleted maliciously, or taken down by YouTube to prevent further disruption and to stop the attack. A direct message from TeamYouTube on Twitter shared by Prosser asked him to fill out a form, but that it “may take a few weeks to hear back with concrete next steps.” Following our original story, other creators, including Chilling Tales for Dark Nights came forward stating their own storytelling/audiobook channel, with 339k subs was attacked in this way on 7/29 and that they were “still waiting for YouTube to do anything about it.”


Instagram Reels Has Now Launched Worldwide

At the moment, TikTok’s fate hangs in the balance. US President Donald Trump had previously sought to ban the app outright, but later had a slight change of heart where he gave the app 45 days to seek a buyer from the US to save itself. Last we heard, Microsoft is the forerunner as one of the companies that could acquire them. While we wait to see what happens, in the meantime it seems that Instagram is gearing up to potentially fill that void as they have since announced a TikTok competitor in the form of Reels. Now, Reels was actually launched back in 2019 but it was limited to a handful of countries. However, this announcement has revealed that Reels will now be available worldwide, including in the US.


Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th. However, the final status update was strange as it mentions that while data was lost, “there was no leak of image data.”  This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.

Related Posts