AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/15/2022

Period tracking app Flo rolls out ‘Anonymous Mode’ on iOS, Android launch coming next month

Period tracking app Flo has released a new “Anonymous Mode” setting that gives users the option to access the app without their name, email address, and technical identifiers being associated with their health data. Flo promised to release the mode shortly after the Supreme Court overturned Roe v. Wade. The company launched the new Anonymous Mode setting on Wednesday for all iOS users. Android users will get access to the new setting next month, Flo says. Following the Supreme Court’s reversal, activists and privacy advocates warned users of period tracking apps to be wary of the possibility that their health data could be used against them if they were to seek abortion services. Flo’s new Anonymous Mode setting is a direct response to these fears.


Hackers now use ‘sock puppets’ for more realistic phishing attacks

An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation. The attackers send an email to targets while CCing another email address under their control and then respond from that email, engaging in a fake conversation. Named ‘multi-persona impersonation’ (MPI) by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of “social proof” to obscure logical thinking and add an element of trustworthiness to the phishing threads. TA453 is an Iranian threat group believed to be operating from within the IRGC (Islamic Revolutionary Guard Corps), previously seen impersonating journalists to target academics and policy experts in the Middle East.


Breach of software maker used to backdoor ecommerce servers

FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig’s systems to carry out a supply chain attack that infected customer systems using FishPig’s fee-based Magento 2 modules with Rekoobe, a sophisticated backdoor discovered in June. Rekoobe masquerades as a benign SMTP server and can be activated by covert commands related to handling the startTLS command from an attacker over the Internet. Once activated, Rekoobe provides a reverse shell that allows the threat actor to remotely issue commands to the infected server.


User Alert as Phishing Campaigns Exploit Queen’s Passing

Threat actors are using the death of Queen Elizabeth II as a lure to phish for users’ Microsoft credentials, experts have warned. A screenshot posted by Proofpoint yesterday revealed an email spoofed to appear as if sent from the tech giant. With the headline “In Memory of Her Majesty Queen Elizabeth II,” it claimed that Microsoft is launching an “interactive AI memory board” in her honor and needs “the assistance of our users” to make it work. To take part in the ‘Elizabeth II Memory Board’ the recipient is urged to click on a button embedded in the email, which will take them to a page prompting them to enter their email credentials. It also features a capability to bypass multi-factor authentication (MFA), Proofpoint warned.


China’s most advanced AI image generator already blocks political content

China’s leading text-to-image synthesis model, Baidu’s ERNIE-ViLG, censors political text such as “Tiananmen Square” or names of political leaders, reports Zeyi Yang for MIT Technology Review. Image synthesis has proven popular (and controversial) recently on social media and in online art communities. Tools like Stable Diffusion and DALL-E 2 allow people to create images of almost anything they can imagine by typing in a text description called a “prompt.” In 2021, Chinese tech company Baidu developed its own image synthesis model called ERNIE-ViLG, and while testing public demos, some users found that it censors political phrases. Following MIT Technology Review’s detailed report, we ran our own test of an ERNIE-ViLG demo hosted on Hugging Face and confirmed that phrases such as “democracy in China” and “Chinese flag” fail to generate imagery. Instead, they produce a Chinese language warning that approximately reads (translated), “The input content does not meet the relevant rules, please adjust and try again!”

Related Posts