AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/24/2020

Vishing Becomes Suspect in Recent Social Media Breach for Major Influencers

The ZeroFOX Alpha Team has been assisting industry and threat-sharing partners in tracking a large-scale vishing (voice phishing) campaign targeting financial institutions, cryptocurrency exchanges, telecommunication companies and single-sign-on (SSO) providers. The actors target employees of a company and do an extensive amount of research on the employees and the company to build a convincing persona of an IT contractor working with the victim company. The actors call the victims using this information to serve a phishing site that is tailored for the company, including the company’s SSO portal. Once the victim logs into the phishing portal, the actors attempt to access corporate VPN to gain access to internal tools and dashboards. Alpha Team, alongside industry partners, assess that it’s probable that the major social media breach involving high-profile celebrities, politicians and business figures may have been due to a targeted vishing attack, resulting in an internal administrative panel being abused to take over these influencer accounts.

 

Sick of political campaign spam? Resist hitting unsubscribe—it could lead to identity theft

You know all those political emails clogging your inbox as Election Day looms? Believe it or not, most of them aren’t even making their way to you. More than 21 percent of legitimate presidential campaign messages were filtered as spam by Gmail in a recent study conducted by Twilio, a San Francisco-based cloud communications company.  Even more shocking, though, was the 74.8 percent of presidential emails that landed in the well-hidden ‘Promotions’ subfolder, reserved for second-rate commercial emails. That left a grand total of 3.8 percent of campaign emails which arrived at their intended destination: your primary inbox. 

 

Researchers Just Set a New Record For The Fastest Internet Speed Ever

The internet has transformed most areas of our lives over the last few decades, and the technology keeps improving: researchers just set a new record for data transmission rates, logging an incredible speed of 178 terabits per second (Tbps). That’s around a fifth faster than the previous record, set by a team of researchers in Japan, and roughly twice as fast as the best internet available today. With 4K movies about 15GB in size, you could download about 1,500 of them in a single second at the new speed. This could be more than just a super-fast lab experiment too – the technology used to reach the 178 Tbps record can be added to existing optical fibre pipes relatively easily, according to the scientists behind the project.

 

Blockchain could help colleges like ASU provide better, more secure online education

Online education was gaining significant momentum with colleges and universities, even before the coronavirus pandemic. But as dozens and dozens of schools, like USC, Harvard, Rutgers, George Washington University, and UNC at Chapel Hill, take all or some of their Fall 2020 semester online in response to COVID-19, technology is playing an increasingly important role in higher education, both in term of the classroom and student administration. Tasks that were once conducted face-to-face, now have to be accomplished remotely. Blockchain could help schools perform some of these administrative tasks with more security and transparency.

 

WeChat users sue White House to fight executive order banning the app

A group of WeChat users filed a lawsuit against the Trump administration on Friday, in an attempt to put a stop to an executive order that would effectively ban the app from use in the United States. Filed in the US District Court in San Francisco, the lawsuit aims to end an executive order issued by Donald Trump on August 7, that would prevent US-based companies from performing transactions with ByteDance and Tencent, the owners of TikTok and WeChat respectively. If enacted, the ban would have basically ended the use of both apps on September 20, but a later executive order extended TikTok’s deadline from 45 to 90 days, to assist ByteDance’s bid to divest its holdings in the service. The lawsuit, reported by The Wall Street Journal claims the executive order is unconstitutional, including violating the right to free speech for WeChat users, as well as issues with due process and equal protection under law. It is also claimed the ban is illegally targeting Chinese-Americans who may use the app to communicate with Chinese citizens.

 

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

Freepik, a website dedicated to providing access to high-quality free photos and design graphics, has disclosed today a major security breach. The company made it official after users started grumbling on social media this week about receiving shady-looking breach notification emails in their inboxes. ZDNet reached out to the Freepik Company on Thursday, and while we have not heard back before this article’s publication, the company formally disclosed a security breach today, confirming the authenticity of the emails it’s been sending to registered users for the past few days. According to the company’s official statement, the security breach occurred after a hacker (or hackers) used an SQL injection vulnerability to gain access to one of its databases storing user data.

Related Posts