AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/25/2023

City of Fort Lauderdale loses $1.2 million in phishing scam, police in Florida say

The City of Fort Lauderdale was bilked out of $1.2 million dollars in what police in South Florida are saying was a phishing scam. The city made the large payment on September 14 for what they believed was a legitimate bill from Moss Construction, according to the Fort Lauderdale Police Department. Fort Lauderdale Mayor Dean Trantalis told CNN affiliate WSVN Moss Construction is working on building a police station for the city, located 28 miles north of Miami. “It’s $144 million, so they’re in full construction mode, so it would’ve been consistent with the practice that we’ve been following,” Trantalis said, WSVN reported.


In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover

A critical vulnerability in the TeamCity CI/CD server could be exploited remotely, without authentication, to execute arbitrary code and gain administrative control over a vulnerable server. Developed by JetBrains, TeamCity is a general-purpose build management and continuous integration platform available both for on-premises installation and as a cloud service. The recently identified critical flaw, tracked as CVE-2023-42793 (CVSS score of 9.8), is described as an authentication bypass impacting the on-premises version of TeamCity. The issue can be exploited by attackers over an HTTP(S) connection and does not require user interaction for successful exploitation, code security firm Sonar Source, which identified the bug, explains.


Fake celebrity photo leak videos flood TikTok with Temu referral codes

TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore. Temu is an online shopping site offering millions of products at very low prices, most of which are shipped directly from China. There has been a lot of controversy regarding the online store since its launch in September 2022, with some thinking it’s a scam and others loving the cheap merchandise they receive. To promote the site, Temu allows customers to create referral numbers and links to be shared with family, friends, and social media to earn store credit, free gifts, or points towards their rewards system.


Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role

A Nigerian national residing in South Africa last week pleaded guilty in court in the United States to his role in a million-dollar business email compromise (BEC) fraud scheme. The man, Kosi Goodness Simon-Ebo, 29, was extradited to the US from Canada in April 2023. According to the plea agreement and other court documents, Simon-Ebo was involved in a conspiracy to commit BEC fraud and money laundering with total intended losses of close to $7 million. Simon-Ebo admitted in court to gaining unauthorized access to the email accounts of targeted individuals and organizations and to sending email messages from spoofed accounts, to trick victims into making money wire transfers to bank accounts controlled by Simon-Ebo and his co-conspirators.


How the Cult of the Dead Cow plans to save the internet

The modern internet is a terrible, no-good privacy nightmare and we should probably start over. At least that’s the argument that spawned the latest project from the Cult of the Dead Cow. While the internet is made up of more than Facebook, the app formerly known as Twitter and Google, these platforms make up the bulk of the internet as most users experience it, and the advertising-based business models of these firms means that privacy features are often a mere tool in delivering highly targeted advertising.

Related Posts