AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/21/2021

Even the Mafia is getting involved in phishing attacks now

Cybercriminals have raked in millions from phishing attacks which is why it’s not a big surprise that the Italian Mafia has adopted similar tactics in recent years. According to a new press release from Europol, the Spanish National Police with support from the Italian National Police, Europol and Eurojust have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking and property crime. However, the suspects in this case also used phishing attacks and other types of online fraud including SIM swapping and business email compromise (BEC) to defraud hundreds of victims. In the last year alone, they were able to bring in €10 million ($11.7 million) in illegal funds before laundering this money through a wide network of money mules and shell companies.

 

The spy tech that followed kids home for remote learning—and won’t leave

A week after the pandemic forced Minneapolis students to attend classes online, the city school district’s top security chief got an urgent email, its subject line in all caps, alerting him to potential trouble. Just 12 seconds later, he got a second ping. And two minutes after that, a third. In each instance, the emails warning Jason Matlock of “QUESTIONABLE CONTENT” pointed to a single culprit: Kids were watching cartoon porn. Over the next six months, Matlock got nearly 1,300 similar emails from Gaggle, a surveillance company that monitors students’ school-issued Google and Microsoft accounts. Through artificial intelligence and a team of content moderators, Gaggle tracks the online behaviors of millions of students across the U.S. every day.

 

Coinbase scraps plans for crypto lending program

Coinbase Global Inc has scrapped its plan to launch an interest-yielding USD Coin (USDC) lending program, the cryptocurrency exchange said in a blog post. The move comes days after U.S. regulators said it would sue Coinbase if it went ahead with its program allowing users to earn interest by lending digital assets. “As we continue our work to seek regulatory clarity for the crypto industry as a whole, we’ve made the difficult decision not to launch the USDC APY program,” Coinbase’s blog post said. USDC is a stablecoin that is pegged to the U.S. dollar and can be redeemed for $1 on a one-to-one basis. The crypto exchange also said it has discontinued the waitlist for its USDC APY (annual percentage yield) program, a high-yield alternative to traditional savings accounts that would have paid lenders of USDC to Coinbase a 4% APY.

 

Microsoft Azure VMs exploited to infect users with botnet malware

Unsurprisingly, threat actors have started actively exploiting the critical Azurevulnerabilities, not long after they were publicly disclosed and patched by Microsoft in the recent September Patch Tuesday release. BleepingComputer reports that the first attacks were spotted last week by security researcher Germán Fernández, before being confirmed by cybersecurity vendors GreyNoise and Bad Packets. The four privilege escalation and remote code execution vulnerabilities were discovered in the Open Management Infrastructure (OMI) software agent, which is automatically deployed inside Linux virtual machines (VM) when users enable certain Azure services.

 

Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks. All this started with a call to action made by Allan Liska, a member of Recorded Future’s CSIRT (computer security incident response team), on Twitter over the weekend. Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different software and hardware vendors. While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained. The list comes in the form of a diagram providing defenders with a starting point for shielding their network infrastructure from incoming ransomware attacks.

 

Facebook VP Disputes Reports That Company Ignored Platform-Wide Issues Harming Users

Facebook on Saturday pushed back against recent reports from the Wall Street Journal that cited a trove of leaked company documents to outline how Facebook executives have been slow to respond to known problems across its platforms that harm users. In a company blog post, Facebook’s vice president of global affairs, Nick Clegg, said the articles contained “deliberate mischaracterizations” and “conferred egregiously false motives to Facebook’s leadership and employees.” The Journal, referencing internal documents that included research reports, online employee discussions, and drafts of presentations to senior management, said Facebook’s researchers sounded alarms about “the platform’s ill effects” time and time again but they went ignored by higher-ups. The documents revealed company research showing how detrimental Instagram can be for teen mental health, that Facebook’s executives failed to address employee concern about reports of the platform being co-opted by human traffickers in developing countries, and that Facebook gives preferential treatment to certain high-profile users that flout its rules.

Related Posts