AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/19/2020

Carnival Cruises into Danger After Ransomware Attack

British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing. The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15. Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on which company had been hit. “The company does not believe the incident will have a material impact on its business, operations or financial results. Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies,” it continued.


You weren’t hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It’s far simpler than that

The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks. This is according to the penetration-testing crew at Positive Technologies, which pored over the results of its 2019 client audits [PDF] and found that 71 per cent of the time – 20 out of 28 pentest contracts – its red team was able to get into their target using tools and tricks available to script kiddies and newbies. “It is not that unskilled hackers are using methods that more skilled criminals would not need,” Ekaterina Kilyusheva, head of Positive Tech’s Information Security Analytics Research Group, told The Register last night. “But in most cases, attack complexity was low, meaning that the attack was within the capabilities of a middling hacker with basic skills.”


Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing

Cybercriminals who focus on brand-spoofing attacks are setting their sights on smaller targets, including some cybersecurity companies, many of which can’t afford to mitigate these attacks. Brand spoofing, or impersonation, attacks typically target large brands. Attackers send emails pretending to come from an organization in order to trick victims into sharing credentials or sending money. A recent Check Point report found Apple was the most-spoofed brand in the last quarter; before then, criminals most often impersonated Google, Amazon, and Facebook. Now criminals have begun to target a tier of smaller companies, including cybersecurity firm Check Point, Mimecast found. Researchers discovered the online domain spoofing as part of brand exploitation protection scans, flagged it as suspicious, and notified the company. The website was designed to mimic Check Point’s official regional Indonesia website and used its brand name, trademarks, and active mail exchanger (MX) records that could be used in an email phishing attack.


Apple sets deadline in feud with Fortnite maker Epic Games

Apple has given the Fortnite developer Epic Games less than two weeks to stop breaking its payment rules or it will cut off Epic’s access to development tools on Mac and iOS. The ultimatum puts Epic’s wider business at risk if it continues the standoff it started on Friday when it unilaterally introduced its own payment mechanism to Fortnite, bypassing Apple’s requirement to pay a 30% cut of earnings to the App Store. Apple removed Fortnite from the store in response. It also threatens to limit the work of clients of the company’s Unreal Engine, a tool used in creations as diverse as Disney’s The Mandalorian, Mercedes’ vehicle prototypes and Sky Sports’ live graphics, as well as in video games including Fortnite. While the Unreal Engine will continue to work if Epic’s developer account is closed, Epic will be unable to fix or improve the Mac or iOS versions.


Trump gives nod to Oracle buyout of TikTok in US

US President Donald Trump has said tech giant Oracle would be “a great company” to take over TikTok’s US operations. It comes after Oracle was reported as a possible buyer of the Chinese social media app’s business in North America, Australia and New Zealand. Last week Mr Trump ordered TikTok’s owner ByteDance to sell its US business within 90 days or face being shut down Oracle’s chairman Larry Ellison is a supporter of Mr Trump and held a fundraising event for him in February. Mr Trump’s comments – during a speech in Yuma, Arizona – came after reports that Oracle was working on an offer for some TikTok assets with a group of ByteDance’s investors. According to those reports, Oracle was seriously considering buying TikTok’s businesses in the US, Canada, Australia and New Zealand with investment firms, including General Atlantic and Sequoia Capital.

Related Posts