AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/23/2020

1 – FBI Warns Job Applicants of Scams Using Spoofed Company Sites

FBI’s Internet Crime Complaint Center (IC3) today issued a public service announcement to warn about scammers using spoofed company websites and fake job listings to target applicants. “Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores,” the FBI says. “While hiring scams have been around for many years, cybercriminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity.”


2 – New ‘Chameleon’ Attack Can Secretly Modify Content on Facebook, Twitter or LinkedIn

That video or picture you “liked” on social media of a cute dog, your favorite team or political candidate can actually be altered in a cyberattack to something completely different, detrimental and potentially criminal, according to cybersecurity researchers at Ben-Gurion University of the Negev (BGU). The researchers looked at seven online platforms and identified similar serious weaknesses in the management of the posting systems of Facebook, Twitter and LinkedIn. Twitter does not permit changes to posts and, normally, Facebook and LinkedIn indicate a post has been edited. But this new attack overrides that.


3 – Journalist Glenn Greenwald charged with hacking by Brazilian prosecutors

The co-founder of investigative news website The Intercept and journalist Glenn Greenwald has been accused of cybercrimes linked to hacking the phones of senior government officials in Brazil. Alongside Greenwald, six other individuals are being accused. In an official statement, the Brazilian prosecution service claimed the journalist took part and encouraged hacking of exchanges between senior government figures through messaging service Telegram that related to Operation Car Wash, Brazil’s largest corruption investigation to date.


4 – Secret Service to launch private-sector cybercrime council

The Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned. The council, which will be known as the “Cyber Investigations Advisory Board” (CIAB), will aim to “provide Secret Service’s Office of Investigations with outside strategic input for the agency’s investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques,” according to an internal Secret Service Electronic Crimes Task Force Bulletin.


5 – Greece’s major banks cancel 15,000 cards after travel website breach

Alpha Bank, Piraeus Bank, Eurobank and the National Bank of Greece – were forced to cancel 15,000 credit and debit cards after payment card data used by some of their customers on a Greek tourist services portal was hacked. The banks issued a joint statement admitting that “a few dozen” customers had been charged with transactions they never made, but decided to gradually cancel and replace all 15,000 cards which had been used on the tourist service, even if it was just once. The banks’ executives have confirmed that they immediately activated security measures which will keep the costs incurred by the breach “manageable.”


6 – House of Lords introduces private member’s bill to resurrect age verification plan

A member of the House of Lords has introduced a private member’s bill in a bid to force the government to resurrect the age verification plan for pornographic websites. The bill was introduced in a first reading yesterday as the Digital Economy Act 2017 (Commencement of Part 3) Bill by Baroness Howe of Idlicote. The government had withdrawn the plan in October following claims that its plan amounted to a “porn habit database” that could leave people wide open to blackmail should age-verification systems be compromised.


7 – India likely to force Facebook, WhatsApp to identify the originator of messages

New Delhi is inching closer to recommending regulations that would require social media companies and instant messaging app providers to help law enforcement agencies identify users who have posted content — or sent messages — it deems questionable, two people familiar with the matter told TechCrunch. India will submit the suggested change to the local intermediary liability rules to the nation’s apex court later this month. The suggested change, the conditions of which may be altered before it is finalized, currently says that law enforcement agencies will have to produce a court order before exercising such requests, sources who have been briefed on the matter said.


8 – IBM’s debating AI just got a lot closer to being a useful tool

A core technique used to help machines reason, known as argument mining, involves building software to analyze written documents and extract key sentences that provide evidence for or against a given claim. These can then be assembled into an argument. As well as helping us make better decisions, such tools could be used to catch fake news—undermining dodgy claims and backing up factual ones—or to filter online search results, returning relevant statements rather than whole documents.


9 – Jeff Bezos’ phone reportedly hacked via malicious WhatsApp message from Saudi prince

The phone of Amazon CEO Jeff Bezos was reportedly hacked in 2018 through a WhatsApp message from the personal account of Saudi Arabian Crown Prince Mohammed bin Salman. That’s according to an investigation by The Guardian, which cites multiple sources, who claim that the hack was likely behind the leak of personal photos and other information in January 2019. A Saudi link to the leak was established just months later.  The pair had reportedly exchanged their numbers at a dinner in Los Angeles during the Crown Prince’s trip to the US. “Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd,” Saudi Arabia’s US embassy said in a tweet. 


10 – India will launch a humanoid robot ahead of its first crewed space mission

Before sending its first crewed mission in late 2021, India will launch a humanoid robot called Vyommitra into space, reports The Tribune. It will take flight later this year and in 2021. According to the publication, the robot’s name is a combination of the Sanskrit words for “space” and “friend,” and as you can see from the video below, the Indian Space Research Organisation (ISRO) modeled it after a human woman — though it doesn’t feature any legs. The robot told reporters it can operate switch panels, talk to astronauts and monitor a spacecraft’s environmental and life support systems. Its primary purpose, however, is to allow ISRO to test how space flight affects the human body before the agency sends astronauts up in one of its Gaganyaan craft.


11 – Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm’s Monday announcement arrives more than six months after the company says it first detected the breach on June 28, 2019. “We have confirmed that trade secrets may have been leaked to the outside,” Mitsubishi Electric says in a statement. “To date, no damage or impact related to this case has been confirmed. “There’s irony, of course, in a company falling victim to a data breach because attackers exploited its security software.


12 – Hanna Andersson Data Breach: Hackers Compromise Website of Children’s Clothier

Portland, Oregon-based children’s clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public. The letter, obtained by SecurityWeek, has been sent via postal mail and explains that a third party had gained unauthorized access to customer information entered during online purchases between September 16 and November 11, 2019. This was only discovered after the firm was notified by law enforcement that such a breach had likely happened; although the firm gives no indication of the date they were so informed.

Related Posts