AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/16/2021


If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam

Rogue QR code antics have been back in the news recently. They’re not exactly a mainstay of fakery, but they do tend to enjoy small waves of popularity as events shaped by the real world remind everyone they still exist. The most notable example where this is concerned is of course the pandemic. With the spread of Covid-19, people and organizations naturally wanted to move away from physical contact. Contactless cards were in, and so too were QR codes. This was fertile ground for scammers to move back into a pact they may have long since abandoned. Even outside of scams, the use of QR codes as a safe way to do important things is questionable. The problem with QR codes stems from how easy they are to use. Point your smartphone’s camera at a QR code and your phone will happily read it, convert it to a URL, and then open the URL in your browser. Very trusting.


Exclusive: Apple’s child protection features spark concern within its own ranks -sources

A backlash over Apple’s move to scan U.S. customer phones and computers for child sex abuse images has grown to include employees speaking out internally, a notable turn in a company famed for its secretive culture, as well as provoking intensified protests from leading technology policy groups. Apple employees have flooded an Apple internal Slack channel with more than 800 messages on the plan announced a week ago, workers who asked not to be identified told Reuters. Many expressed worries that the feature could be exploited by repressive governments looking to find other material for censorship or arrests, according to workers who saw the days-long thread. Past security changes at Apple have also prompted concern among employees, but the volume and duration of the new debate is surprising, the workers said. Some posters worried that Apple is damaging its leading reputation for protecting privacy.


Mobile threat detection: Why a robust BYOD policy is required

Mobile threat detection remains an essential cyber security function as bring your own device (BYOD) policies evolve and the hybrid workplace puts added pressure on mobile device management. A comprehensive policy governing mobile workers using their own devices is essential to help mitigate against threats and risks to the business environment—everything from phishing to unsecured Wi-Fi usage to excessive permissions in apps. Your BYOD policy should work with mobile device management solutions to help reduce complications that arise during a breach while also drawing a clear line between employee privacy and what the company is allowed to view on a personal device. Allowing employees to use their own personal smartphones, tablets, and laptops has driven the deployment of mobile device management solutions as well as BYOD policies. Together they enable more robust mobile threat detection. To address the concerns of both employer and employees, a BYOD policy must be well-crafted.


Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed “ProxyShell.” At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center. “Started to see in the wild exploit attempts against our honeypot infrastructure for the Exchange ProxyShell vulnerabilities,” NCC Group’s Richard Warren tweeted, noting that one of the intrusions resulted in the deployment of a “C# aspx webshell in the /aspnet_client/ directory.”


This ‘unique’ phishing attack uses Morse code to hide its approach

Microsoft has revealed the inner-workings of a phishing attack group’s techniques that uses a ‘jigsaw puzzle’ technique plus unusual features like Morse code dashes and dots to hide its attacks. The group is using invoices in Excel HTML or web documents to distribute forms that capture credentials for later hacking efforts. The technique is notable because it bypasses traditional email filter systems. “The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments,” Microsoft Security Intelligence says. “In effect, the attachment is comparable to a jigsaw puzzle: on their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions. Only when these segments are put together and properly decoded does the malicious intent show,” it said.


Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business

It might be time to update the obituary of one of the web’s most notorious marketplaces for hacking tools and drugs. Four years after the FBI shut down AlphaBay, which registered a reported $1 billion in transactions, a scammer is touting the launch of a new version of the illicit marketplace, according to threat intelligence firm Flashpoint. In an online posting earlier this week, someone claiming to be one of the original moderators of AlphaBay said the marketplace was coming back into business, Flashpoint researchers noted. Among the offerings on the revamped AlphaBay, according to the posting, will be the source code of a hacking tool that steals banking credentials, and money, from victims. U.S. and European law enforcement agencies have in the last year conducted a series of crackdowns on popular dark-web forums. But the alleged resurrection of AlphaBay, dubbed the Amazon.com of the dark web, shows how difficult it can be for law enforcement agencies to keep some cybercrime venues shuttered.


Labor Department pumps $240 million into unemployment system to fight ‘terrifying’ fraud

The Labor Department is pumping $240 million into the nation’s unemployment system to fight ongoing fraud, part of a broader effort to fix flaws in the system exposed by the Covid pandemic. Criminals have targeted unemployment benefits at a high rate since spring 2020, after federal lawmakers significantly expanded the safety net for the jobless.  They continue to do so — and frequently use new tactics to try to steal money, according to Michele Evermore, a senior policy advisor for unemployment insurance at the Labor Department. “What we’re seeing now is really terrifying,” she said. “Fraud has gotten so big.” It’s unclear exactly how much money has been lost to theft. The Labor Department’s Office of Inspector General estimates about $87 billion in benefits may ultimately be paid improperly, a significant portion due to fraud, while pandemic-era programs are intact. Those programs are slated to end Sept. 6.

Related Posts