AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/14/2020

Network intruders selling access to high-value companies

Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the alias bcorp33, the network intruder appears to be collaborating with affiliates of FXMSP, the threat actor recently indicted by the U.S. Department of Justice for hacking into and selling access to over three hundred organizations. FXMSP is the same group of hackers that a little over a year ago was advertising access to networks belonging to Symantec, McAfee, and Trend Micro (official statements).

 

Why & Where You Should You Plant Your Flag

As KrebsOnSecurity observed back in 2018, many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. Postal Service, the credit bureaus or the Social Security Administration, it’s a good idea to do so for several reasons. Most importantly, the majority of the entities I’ll discuss here allow just one registrant per person/customer. Thus, even if you have no intention of using that account, establishing one will be far easier than trying to dislodge an impostor who gets there first using your identity data and an email address they control.

 

Quantum communication takes a major leap with satellite-based experiment

A team of researchers has developed a new and improved protocol for quantum communication. This new quantum method would use a low-orbit satellite to send encrypted messages to ground-based stations with greatly increased distance between the two communicating parties, compared to other methods of communication. This improved mechanism could revolutionize how we share sensitive data, protecting people’s information during a time of increasing cybersecurity threats. Quantum communication, or quantum key distribution, provides security when sending data by using the laws of physics. It allows two parties to share encrypted data that is transferred through particles, known as quantum bits or qubits. 

 

Why You Must Beware What You Ask Amazon Alexa

The same cyber team that cracked open TikTok, WhatsApp, Microsoft’s cloud and even Philips lightbulbs has just turned its attention to Amazon’s Alexa. And, unsurprisingly, it hasn’t disappointed. After “speculating” that Amazon’s 200 million devices “could be a prime entry-point for hackers,” Check Point Research has just lifted the lid to unmask “serious security flaws in Alexa.” According to the team, “in just one click, a user could have given up their voice history, home address and control of their Amazon account.” Warnings about the dangers of smart speakers and their extended families of virtual assistants are not new.

 

Scammers tell people they’re fired or may have COVID-19

Job hunters have long been warned to watch out for the fake texts from phony employers and those $30 an hour, work-from-home job descriptions that sound just too good to be true. Now, those who remain on the job must worry about the phony pink slip. As fear increasingly factors into our financial future, scammers have figured out yet another way to get people who are already on edge to quickly “click here” via a phishing email. And they’re playing up two of our biggest worries: getting sick or getting fired. Many people likely haven’t heard much about this scam yet. 

 

Epic Games v Google lawsuit filed over Fortnite delisting

Epic introduced an update to the battle royale game that added an additional payment option that would pay Epic Games directly for microtransactions instead of going through the Google Play Store or Apple App Store. The game was delisted by Apple with Google shortly following suit. Following Fortnite’s removal from the Google Play Store, Epic released a lawsuit that claims Google is “using its size to do evil upon competitors, innovators, customers and users in a slew of markets it has grown to monopolize.” Epic Games states that Google’s promise of Android being an open ecosystem isn’t accurate, claiming that “Google has deliberately and systematically closed the Android ecosystem to competitions, breaking the promises it made.”

Related Posts