AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/4/2022

Microsoft Skype challenge: Can you solve this puzzle 10 times?

New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service. Tests by BleepingComputer confirmed the problematic captcha required when signing up for a Microsoft account via Skype—even after verifying your email address. However, signing up for a Microsoft account directly was much simpler. However, signing up for a Microsoft account directly was much simpler. Should you choose to sign up for a new Microsoft account via the Skype application though, Skype presents a captcha that is complex to solve and has left many frustrated. A captcha (“Completely Automated Public Turing test to tell Computers and Humans Apart”) is a challenge–response test used by websites and online services to check if they are interacting with a human user or a bot.


PulseTV discloses potential compromise of 200,000 credit cards

U.S. online store PulseTV has disclosed a large-scale customer credit card compromise. As per the notification letter shared with the Office of the Maine Attorney General, more than 200,000 shoppers have been impacted. The platform found out about a potential breach from VISA on March 8, 2021, who informed them that unauthorized credit card transactions were taking place on the site. After running some security checks and scanning for malware, PulseTV was unable to pinpoint any issues on its e-commerce website. However, the problem persisted as law enforcement contacted them a few months later regarding payment card compromises that appeared to have originated from pulsetv.com.


North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges

North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years. According to local media, US federal prosecutors believe that North Korea’s government considers cryptocurrency a long-term investment and it is amassing crypto funds through illegal activities. In a classified report cited by Chosun, the US National Intelligence Service (DNI) found that North Korea was financing its ‘priority policies’, such as nuclear and missile development, through cybercrime. Government experts noticed that nation-state actors are not immediately cashing out all the stolen crypto to create a crypto fund reserve.


BBB Scam Alert: Want a COVID-19 test? There’s a scam for that

Robocalls are sent out to consumers directing them to a website that looks like a clinic or medical supply company offering COVID-19 tests. These tests allegedly identify if a person has been infected with coronavirus – even if they’ve  recovered. Some even promise results in 10 minutes. However, to receive a test, a credit card or a form needs to be completed with personal information.   In some cases, the test involves an easy at-home testing kit. Other times, the tests are allegedly offered through a clinic. But in all versions, the person or website selling the test is short on details. They aren’t willing or able to provide any information about how the test works, where it is sourced, and what laboratory processes it. Don’t fall for it! These tests are not US Food and Drug Administration approved and will not give accurate results. In fact, requestors may never even receive an actual test kit. Either way, scammers will have made off with the money and personal information.


No puppy for Christmas: Online pet scams proliferate

The puppy was supposed to be a Christmas present for her husband, Bryan. But after Lauren Case, a registered nurse from Warren, Arkansas, plunked down $850 via a cash app for a cute teacup Yorkie named Rosy she saw online, she began to get suspicious. She had paid an initial $600 by Zelle, a payment app that she had never used before but that her bank confirmed as legitimate. But then the supposed breeder asked for another $250 for a “nanny” to hand-carry the dog to her on an airplane. Finally, Case put the website address into a search engine and found lots of complaints. “It was something I really wanted, so I ignored the little voice in my head,” she said, kicking herself for sending money before doing the checking. There will be no puppy in the Case household this Christmas.

Related Posts