AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/02/2021

One Simple Step to Securing Your Accounts

Does it seem like cyber criminals have a magic wand for getting into your email or bank accounts and there’s nothing you can do to stop them? Wouldn’t it be great if there was one single step you could take that would help protect your from cyber criminals and let you securely make the most of technology? While no sole step will stop all cyber criminals, one of the most important steps you can take is to enable something called two-factor authentication (sometimes called 2FA, two-step verification, or multi-factor authentication) on your most important accounts. When it comes to protecting your accounts, you are most likely already using some type of password. There are several ways to authenticate yourself into an account: something you have, something you know, something you are, somewhere you are. When you employ more than one method of authentication, you are adding an additional layer of protection from cyber criminals – even if they crack one method, they’d still need to bypass the additional factor(s) to access your account. Passwords prove who you are based on something you know. The danger with passwords is that they are a single point of failure. If a cybercriminal can guess or compromise your password, they can gain access to your most important accounts. In addition, cyber criminals are developing faster and better techniques at guessing, compromising, or bypassing passwords. Fortunately, you can fight back with two-factor authentication. 


Cybersecurity Is Dead — What Now?

As one of the executives I work with recently said to me: Nobody pays attention until we’re pumping gas into plastic bags. The past few months have exposed what many of us have been anticipating for the past decade: widespread, successful cyber attacks aimed at disrupting critical infrastructure, supply chains, basic systems of food production, transportation, banking, energy and health care delivery. We need to stop pretending the cybersecurity “war” is ongoing: It’s not. The bad guys have won. Cybersecurity as we know it has failed. At best, we’re attempting an organized retreat in a lopsided conflict with an enemy we can’t see or stop. At worst, we’re completely overrun and occupied — and we just can’t admit it. What does our collective defeat look like? When cybercrime includes nation-state subsidies and logistical support, supply chains, subcontractors, multitier competitive differentiation, integrated marketing, sophisticated revenue sharing, reusable tooling, robust technical support and professional recruiting and career development programs — it’s no longer accurate to call it “cybercrime.” It’s a global industry.


All AMD CPUs Found Harboring Meltdown-Like Security Flaw

When news began to break three and a half years ago regarding a pair of new security flaws, Meltdown and Spectre, it quickly became apparent that plenty of eyeballs were laser-focused on Intel’s security implementations. There was nothing wrong with this, as such — CPU security deserves to be scrutinized — but in many cases, far more attention was being given to Intel over AMD. The question of whether AMD CPUs were more secure than Intel CPUs was widely debated in the enthusiast community, but to no clear conclusion. While far more vulnerabilities were found in Intel chips, the researchers investigating these flaws often acknowledged that they either did not have access to AMD hardware to test or that the limited tests they had run on AMD kit using techniques known to disrupt Intel processors had not worked.


This devious cyberattack might be selling off your internet bandwidth

In a novel unseen trend, cybersecurity researchers have flagged a new malwarefamily that’s siphoning off the bandwidth of their victims, in pretty much the same fashion as cryptomining malware attempt to monetize the CPU cycles of the victims. According to new research by Cisco’s Talos intelligence group, threat actors have begun abusing internet-sharing apps, commonly referred to as proxyware, like Honeygain, Nanowire, and others. Proxyware are legitimate apps that help users monetize their unused bandwidth. The platform typically installs an app that forks the spare bandwidth to a network pool operated by the service provider. 


Coinbase seeds panic among users with erroneous 2FA change alerts

Coinbase, the world’s second-largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings. As the crypto exchange revealed over the weekend in a Twitter thread, it accidentally alerted roughly 125,000 customers that their 2FA settings had have been changed on August 28, between 1:45 pm PST and 3:07 pm PST. In a Friday incident report, Coinbase explained that the notifications were sent in error and that customers are not required to take any action to restore their 2FA settings. “We are aware a large number of customers have received notifications (email/SMS) that 2FA settings were changed. This appears to have been sent in error. We are still investigating why this message was sent, but no action is required at this time,” Coinbase said. “We’ve verified no security settings were changed unintentionally, and the notifications were sent in error. Full functionality is restored, and we’re continuing to monitor to be safe.”


Scam artists are recruiting English speakers for business email campaigns

Native English speakers are being recruited in their droves by criminals trying to make Business Email Compromise (BEC) more effective. BEC schemes can be simple to execute and among the most potentially devastating for a business, alongside threats such as ransomware.  A BEC scam will usually start with a phishing email, tailored and customized depending on the victim. Social engineering and email address spoofing may also be used to make the message appear to originate from someone in the target company — such as an executive, the CEO, or a member of an accounts team — in order to fool an employee into making a payment to an account controlled by a criminal. In some cases, these payments — intended to pay an alleged invoice, for example — can reach millions of dollars. In 2020, US companies alone lost roughly $1.8 billion to these forms of cyberattack. 

Related Posts