AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/27/2022

Ukraine warns of ‘massive cyberattacks’ coming from Russia on critical infrastructure sites

The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday. The Russians are also planning to “increase the intensity of the DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic state,” the country’s Defense Intelligence agency said in a statement posted to a Ukrainian government website.

 

Windows 11 now warns when typing your password in Notepad, websites

Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites. Windows login credentials are valuable to threat actors as they allow them to access internal corporate networks for data theft or ransomware attacks. These passwords are commonly acquired through phishing attacks or by users saving their passwords in insecure applications, such as word processors, text editors, and spreadsheets.

 

Samsung Sued Over Recent Data Breaches

Represented by Clarkson Law Firm, two Samsung users have filed a class action lawsuit against the electronics manufacturer over the two data breaches the company has suffered in 2022. The 43-page complaint filed with the Federal District Court for the Northern District of California claims that Samsung unnecessarily collected user data and then stored and sold it without proper security protections, which led to two back-to-back data breaches. The lawsuit claims that Samsung intentionally disabled specific functions and features of its electronics products, including TVs and printers, and required users to submit personally identifiable information such as home addresses and dates of birth.

 

Australia Thinking About Tougher Cybersecurity Laws

The Australian government says that it’s considering adopting tougher cybersecurity laws for companies in the telecommunication sector following the recent Optus data breach, where the data of 9.8 million former and current customers was leaked. Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. that the hack was “an unprecedented theft of consumer information in Australian history.” Optus, the second-largest wireless carrier in Australia, was recently the victim of one of the biggest cybersecurity attacks in the country’s history. The threat actors were able to obtain the details of 9.8 million former and current customers, out of Australia’s population of 26 million.

 

What happens with a hacked Instagram account – and how to recover it

A friend – let’s call her Ellie – recently called me with a devastated tone in her voice. Her Instagram account had been hacked and she was locked out. Her panic was evident as she told me her password had been changed and that the hackers had added two-factor authentication (2FA) to the account. She went on to ask me if I knew of any tips to regain control. I had heard of both good and bad outcomes in similar situations, online, but I had never attempted it first-hand. If I’m honest, I was actually a little excited at the opportunity to test Instagram’s recovery methods to see if I could learn anything. Ellie is quite computer savvy and understands technology; however, she is also very busy with her small business and young children. As a result, she has simply “put off” adding extra security layers to her social media and email accounts. At any rate, when she called, I refrained from “I told you so!” and asked her what had happened.

Related Posts