AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/06/2022

Samsung says customer data stolen in July data breach

U.S. electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security numbers and credit card numbers were not affected, but some customer information — name, contact and demographic information, date of birth, and product registration information — was taken.


Emergency Google Chrome Security Update For All Users As Attackers Strike

Just days after Google updated the Chrome browser to patch a total of 24 vulnerabilities, another security update has landed. This one is even more important as it concerns a zero-day vulnerability that, Google has confirmed, is already being exploited by attackers. The importance of this update cannot be stressed enough: the zero-day was only disclosed to Google on August 30, and it has prioritized an update to address this single security issue. This emergency update, which takes Chrome to version 105.0.5195.102 across Windows, Mac, and Linux platforms, is highly unusual. Especially coming so quickly on the tails of a full security update fixing other vulnerabilities.


More than 20,000 SSNs stolen during ransomware attack on San Francisco 49ers

One of the NFL’s most popular franchises — the San Francisco 49ers — began sending breach notification letters out Thursday, after more than 20,000 people’s sensitive information was accessed during a ransomware attack earlier this year.  The BlackByte ransomware gang attacked the team’s systems the week before Super Bowl Sunday, raising questions about what would have happened had the team held on to its late game lead two weeks before to make the final match. At the time of the attack, the organization confirmed to The Record that the ransomware group had encrypted its files after accessing its network. 


New ransomware hits Windows, Linux servers of Chile govt agency

Chile’s national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency. The hackers stopped all running virtual machines and encrypted their files, appending the “.crypt” filename extension. According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.


Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43

We don’t often write obituaries on Naked Security, but this is one of the times we’re going to. You might not have heard of Peter Eckersley, PhD, but it’s very likely that you’ve relied on a cybersecurity innovation that he not only helped to found, but also to build and establish across the globe. In fact, if you’re reading this article right on the site where it was originally published, Sophos Naked Security, you’re directly reaping the benefits of Peter’s work right now. If you click on the padlock in your browser [2022-09-0T22:37:00Z], you’ll see that this site, like our sister blog site Sophos News, uses a web certificate that’s vouched for by Let’s Encrypt, now a well-established Certificate Authority (CA).


Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail. Patrick McGovern-Allen of Egg Harbor Township, N.J. was arrested on Aug. 12 on a warrant from the U.S. Federal Bureau of Investigation. An FBI complaint alleges McGovern-Allen was part of a group of co-conspirators who are at the forefront of a dangerous escalation in coercion and intimidation tactics increasingly used by competing cybercriminal groups.


New Rules for Crypto Exchanges to Stop Sanctions Evaders

The UK government has updated its guidance on financial sanctions to tackle what it believes could be a digital loophole in the previous rules. Under the new sanctions regime, cryptocurrency exchanges are required to notify the Treasury if a client is on the officially designated list. It will be considered a criminal offense not to do so. According to The Guardian, concerns have been mounting that Russian individuals and businesses linked to the Putin regime may be trying to evade sanctions by using digital currencies such as Bitcoin, Ether and Tether, or non-fungible tokens (NFTs). The new guidelines, which were published by the Treasury’s Office of Financial Sanctions Implementation, will mean that exchanges now have the same legal obligations as other businesses including real estate firms, accounting practices, law firms and jewelers, the report claimed.


Hackers steal undisclosed number of customers’ personal data from KeyBank

Hackers stole personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the bank reports, in the breach of a third-party vendor that serves multiple corporate clients. The hackers obtained the information on July 5 after breaking into computers at the insurance services provider Overby–Seawell Company, according to a letter that Cleveland-based KeyBank sent to affected residential mortgage customers. KeyBank, which operates in 15 states and has close to $200 billion in assets, would not say how many of its customers were affected or answer any other questions about the breach. In a statement, it said it was notified of the data theft on Aug. 4 and KeyBank systems and operations were unaffected. Overby–Seawell did not respond to phone messages and emails sent to executives seeking comment. In the statement sent Friday to The Associated Press, KeyBank said Kennesaw, Georgia-based Overby–Seawell “suffered a cybersecurity incident that compromised data of its corporate clients.” It did not elaborate.


Related Posts