AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/26/2021

Chinese auto-maker accused of altering data after fatal autonomous car accident

Police are investigating an electrical vehicle company in China following claims that car data was tampered with following a fatal collision. On August 12, 31 year old Lin Wenqin was using the driver assistance feature on his Nio ES8 when he was involved in a fatal car crash. Chinese state-owned media Global Times reported Lin’s car had collided with a construction vehicle on the Shenhai Expressway. On August 17th, Lin’s family reported the data from the crashed vehicle had been tampered with by representatives of the car manufacturer, Nio. The family gave police audio and video recordings of the EV company’s employees admitting to having contact with the seven-seater SUV after the crash. According to Sina Tech, the Sanjiangkou Police in the eastern Chinese city of Putian are now investigating the EV company for assisting in the destruction and forgery of evidence.


Mitre’s new deception framework: one part strategy, one part conversation

Mitre unveiled the “beta version” of Engage, the new framework for implementing deception into defense earlier this month. The concept, say its makers, is to deliver not just a better information source, but a way to “engage” with the philosophy of an underutilized concept.”Deception is a process, not just a bag of tricks,” said Maretta Morovitz, Engage lead at Mitre. Engage is Mitre’s second framework for deception. The first was Shield, released in December. While the two contain a lot of the same information, they are not conceptualized in the same way. Shield was more of a knowledge database than a planning aid; a matrix of eight columns of “tactics” defenders might want to pursue, each containing a list of “techniques.” It was not built to determine when they would pick any tactic or technique. Engage is streamlined from Shield with more deliberately chosen language (gone are tactics and techniques, wording that caused confusion with the ATT&CK Framework, and in are “approaches” and “activities.”) But above all else, Engage is more oriented towards creating plans than Shield. Mitre hopes that use will follow usability.


Conservative pranksters face $5 million proposed fine over robocalls

On Tuesday, the Federal Communications Commission proposed an over $5 million fine against conspiracy theorists and conservative activists John Burkman and Jacob Wohl for making hundreds of robocalls spreading 2020 election misinformation. In its proposal, the FCC said that the agency is weighing a $5,134,500 fine against Burkman and Wohl for making over 1,100 robocalls in violation of the Telephone Consumer Protection Act, or TCPA. The violating pre-recorded calls told voters that their personal information would be “part of a public database” that would be used by “police departments to track down old warrants and be used by credit card companies to collect outstanding debts” if they chose to vote by mail in the 2020 election. It’s the largest TCPA fine the FCC has ever proposed, according to a press release from the agency Tuesday.


Fake OpenSea support staff are stealing cryptowallets and NFTs

OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs. Over the past week, threat actors have been lurking in OpenSea’s Discord server, pretending to be official support representatives for the site. These fake support reps provide private “support” to OpenSea users needing help, which invariably leads to the loss of cryptocurrency and NFT collectibles stored in the victim’s MetaMask wallets. When an OpenSea user needs support, they can request help at OpenSea’s help center or via the site’s Discord server. When a user joins the Discord server and posts a request for help, scammers lurking on the server start sending private messages to the user. These messages include an invite to an ‘OpenSea Support’ server to receive support, as shown below.


Critical F5 BIG-IP bug impacts customers in sensitive sectors

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month’s delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices. Of the thirteen high-severity flaws that F5 fixed, one becomes critical in a configuration “designed to meet the needs of customers in especially sensitive sectors” and could lead to complete system compromise. The issue is now tracked as CVE-2021-23031 and affects BIG-IP modules Advanced WAF (Web Application Firewall) and the Application Security Manager (ASM), specifically the Traffic Management User Interface (TMUI).

Related Posts