AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/17/2022

Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity

A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm. South Staffordshire Water says it has been the “target of a criminal cyber attack” which is causing disruption to its corporate IT network, but hasn’t affected the company’s ability to provide safe drinking water to customers. “This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis,” the company said in a statement. 

 

US bans export of tech used in 3nm chip production on security grounds

The United States is formally banning the export of four technologies tied to semiconductor manufacturing, calling the protection of the items “vital to national security.” Announced Friday [PDF] by the US Commerce Department’s Bureau of Industry and Security (BIS) and enacted today, the rule will ban the export of two ultra-wide bandgap semiconductor materials, as well as some types of electronic computer-aided design (ECAD) technology and pressure gain combustion (PGC) technology. In particular, the BIS said that the semiconductor materials gallium oxide and diamond will be subject to renewed export controls because they can operate under more extreme temperature and voltage conditions. The Bureau said that capability makes the materials more useful in weapons.

 

The Security Pros and Cons of Using Email Aliases

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website.

 

Threat in your browser: what dangers innocent-looking extensions hold for users

Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular. Chrome, Safari, Mozilla — these and many other major Web browsers — have their own online stores to distribute thousands of extensions, and the most popular plug-ins there reach over 10 million users. However, extensions are not always as secure as you might think — even innocent-looking adds-on can be a real risk.

 

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download. On August 3, 2022, someone using the alias “Holistic-K1ller” posted on Breached a thread selling data allegedly stolen from Grupo Financiero Banorte, Mexico’s second-biggest financial institution by total loans. Holistic-K1ller said the database included the full names, addresses, phone numbers, Mexican tax IDs (RFC), email addresses and balances on more than 10 million citizens.

 

House leaders demand law enforcement agencies provide details on use of private data

House leaders sent a letter to U.S. law enforcement agencies on Tuesday probing their purchases of private data sets to circumvent warrant requirements. The letter follows a House Judiciary hearing last month in which witnesses testified about the rampant use of private databases by federal agencies in law enforcement investigations. “Rather than focusing on particular suspects, data policing tools are dragnets, sifting through all of our data,” House Judiciary Committee Chair Jerrold Nadler, D-N.Y., and House Homeland Security Committee Chair Bennie G. Thompson, D-Miss., wrote in a letter to leaders of the Justice Department, Department of Homeland Security, Customs and Border Protection, Immigration and Customs Enforcement and Bureau of Alcohol, Tobacco, Firearms and Explosives.

Related Posts