AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/21/2023

Sysadmin and spouse admit to part in ‘massive’ pirated Avaya licenses scam

A sysadmin and his partner pleaded guilty this week to being part of a “massive” international ring that sold software licenses worth $88 million for “significantly below the wholesale price.” Brad and Dusti Pearce admitted one count of conspiracy to commit wire fraud and each face a maximum penalty of 20 years in prison. After agreeing to a plea deal, the Pearces must also forfeit at least $4 million as well as gold, silver, collectible coins, cryptocurrency, and a vehicle, and “make full restitution to their victims,” the US Department of Justice said.


T-Mobile users say other people’s account information is appearing in their app

There’s some weirdness happening over at T-Mobile this morning. Multiple T-Mobile customers on X (formerly Twitter) and Reddit have reported that they’re able to see other users’ account data — including their current credit balance, purchase history, credit card information, and home address — when signing into their own T-Mobile accounts. Some T-Mobile customers have mentioned seeing information from several other accounts, but the scale of the issue isn’t yet clear. It’s prevalent enough that the T-Mobile subreddit has asked its users to avoid posting any further information for “security reasons.”


Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. 8Base maintains a darknet website that is only reachable via Tor, a freely available global anonymity network. The site lists hundreds of victim organizations and companies — all allegedly hacking victims that refused to pay a ransom to keep their stolen data from being published.


Menacing marketeers fined by ICO for 1.9M cold calls

The UK data watchdog has penalized five businesses it says collectively made 1.9 million cold calls to members of the public, illegally, as those people had opted out of being menaced at home by marketeers. Anyone registered with the Telephone Preference Service in the UK should not receive calls from organizations, unless they’ve expressly given consent. The US equivalent is National Do Not Call Registry, and residents of Australia can use the Do Not Call Register. The Information Commissioner’s Office says it has issued a total fine of £590,000 ($726,000) to the five business that it found using pressured sales tactics to flog insurance for white goods and other household appliances.


UK targets Meta’s encryption plans over child sexual abuse concerns

On Wednesday, the UK’s Home Secretary Suella Braverman unveiled a new campaign against Meta, urging the tech giant to rethink its plan to roll out end-to-end encryption (E2EE) on Facebook Messenger and Instagram. The company aims to finalise the encryption rollout later this year, but the British government is worried that the move will hinder the detection of child sexual abuse. According to the Home Office, 800 predators are currently arrested per month and up to 1,200 children are protected from sexual abuse following the information provided by social media companies.

Related Posts