AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/23/2024

Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim 

Five people have been accused of pulling off a “brazen” scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more. Mark Angarola, Allison Angarola, Jose Garcia, Michelle Cox, and Lisa Mincak were all arrested and charged in the US with one count each of wire fraud and wire fraud conspiracy, both of which carry a maximum sentence of 20 years in prison. Additionally, Mark Angarola, Cox, and Garcia have been charged with tax evasion and failing to report their true income to the IRS, including proceeds from the alleged embezzlement scheme. 


Subway’s data torpedoed by LockBit, ransomware gang claims 

The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data. LockBit’s post to its leak blog, published on January 21, suggests one of its affiliates breached Subway’s database, stealing sensitive data on “all financial aspects” of the fast food franchise. “The biggest sandwich chain is pretending that nothing happened,” the criminals said, highlighting the silence from the company’s official channels. Full details of the incident are just a matter of speculation at present. The company hasn’t responded to our orders for a fresh statement, but has told the wider media that it’s currently investigating the legitimacy of the claims. No public disclosures had been made at the time of writing either. 


Meta will let EU users unlink their Instagram, Facebook, and Messenger info ahead of DMA 

EU users will be able to unlink their Instagram and Facebook accounts, as well as other Meta services ahead of the bloc’s new Digital Markets Act (DMA) coming into force in March, the company has announced. The changes will apply in the European Union, European Economic Area, and Switzerland, and notifications informing users of the change will appear in the coming weeks. The changes mean that EU users will be able to use many of Meta’s services without their information being shared between them.  


Tech companies could do ‘heaps more’ to protect users from fraud 

Technology companies could be doing “heaps more” to protect users against fraud, a senior official at the National Crime Agency (NCA) told a parliamentary committee on Wednesday. Fraud is the most common crime in England and Wales, according to government statistics, with millions of incidents reported annually and potentially millions more going unreported. James Babbage, the director general for threats at the NCA, told the Home Affairs Committee’s new inquiry on fraud that more than 80% of these crimes were taking place online. “We have to be focusing on what more the technology companies can do — and in general there is heaps more they can do,” Babbage said. 


iOS 17.3 is out, adding Stolen Device Protection for your iPhone 

iOS 17.3 is out, and it comes with a new security feature that’s supposed to prevent thieves from taking your iPhone and quickly taking over access to anything stored in iCloud as well as other important accounts like your bank or email. Instead of relying on your lock screen passcode for security (as thieves have learned to trick people into entering it in front of them before they take off with the phone), Stolen Device Protection requires you to scan your fingerprint or use Face ID when performing certain actions, such as viewing saved passwords or applying for a new Apple Card. 


SEC confirms X account was hacked in SIM swapping attack 

The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC’s X account was hacked to issue a fake announcement that the agency had finally approved Bitcoin ETFs on security exchanges. ronically, the SEC approved Bitcoin ETFs in a legitimate announcement the following day. However, at the time, it was not clear how the account was breached, with the SEC stating that they would provide updates on their investigation as it became available. Today, the SEC has confirmed that a cell phone account associated with the X account suffered a SIM-swapping attack. 


Related Posts