AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/01/2021

This malware pretends to be Amnesty International protection from Pegasus

Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International. According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists. Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides an antivirus tool that they claim can be used to protect against Pegasus. While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.

 

FCC proposes new rules to combat SIM swapping scams

SIM swapping scams have been on the rise these past couple of years, and since most online services these days are tied to people’s phone numbers, the technique has the potential to ruin victims’ lives. Now, the Federal Communications Commission is seeking to create new rules that would help prevent SIM swapping scams and port-out fraud, both of which are techniques designed to hijack people’s phone numbers and identities. The commission said it has received numerous complaints from consumers “who have suffered significant distress, inconvenience and financial harm” as a result of both hijacking methods. SIM swapping is a technique wherein a bad actor convinces a wireless carrier to transfer a victim’s service to a phone they control. When a bad actor successfully transfers the victim’s service and number to another carrier, that’s called port-out fraud.

 

This dangerous mobile Trojan has stolen a fortune from over 10 million victims

An Android Trojan has now achieved a victim count of over 10 million in at least 70 countries. According to Zimperium zLabs, the new malware has been embedded in at least 200 malicious applications, many of which have managed to circumvent the protections offered by the Google Play Store, the official repository for Android apps. The researchers say that the operators behind the Trojan have managed to infect so many devices that a stable cash flow of illicit funds, “generating millions in recurring revenue each month,” has been established. Believed to have been in operation since November 2020, the “GriftHorse” campaign relies on victims being duped into handing over their phone number, which is then used to subscribe them to premium SMS messaging services.

 

Around the world with the NSA’s cyber chief

The head of the National Security Agency’s cyber branch on Wednesday warned that the number of digital threats has proliferated. “Almost every nation in the world now has a cyber exploitation program,” Rob Joyce, director of the NSA’s Cybersecurity Directorate, said during the Aspen Cyber Summit in Colorado. “The vast majority of those are used for espionage and intelligence purposes, but… there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” added Joyce, who has served in a number of roles at the nation’s top electronic spy agency and was a special assistant to the president and cybersecurity coordinator in the National Security Council in 2018. There are some “high-end, sophisticated small actors, but they’re confined to whatever that national interest is that they’re aimed at so we see less of them.”

 

CISA AND GIRLS WHO CODE ANNOUNCE PARTNERSHIP TO CREATE CAREER PATHWAYS FOR YOUNG WOMEN IN CYBERSECURITY AND TECHNOLOGY

The Cybersecurity and Infrastructure Security Agency (CISA) announced a new partnership today with Girls Who Code (GWC) to develop pathways for young women to pursue careers in cybersecurity and technology. This partnership will seek to tackle diversity disparities by working to heighten the awareness of cybersecurity and technology careers, and working with employers to build tangible pathways for young women, especially young women of color, to get hands-on experience in the private sector, the non-profit sector, or government. Through this partnership, CISA and Girls Who Code will establish collaborative opportunities that will provide awareness, training, and pathways into cybersecurity careers for girls, women and those who identify as nonbinary. “One of my top priorities at CISA is to inspire more women and girls to pursue careers in cybersecurity and technology,” said CISA Director Jen Easterly. “The gender gap that exists in the cybersecurity workforce contributes to the overall cyber workforce shortage that persists in the United States and globally, which ultimately makes us less prepared to deal with the threats of today and tomorrow. I couldn’t be more excited about our partnership with Girls Who Code to help build the next generation of cyber talent where young women, everywhere, can see themselves in cyber.”

 

Google just patched these two Chrome zero-day bugs that are under attack right now

For the second time this month, Google has patched two previously unknown or ‘zero-day’ security flaws in Chrome that are already being exploited by attackers. Google has released a stable channel Chrome update for Windows, Mac and Linux machines to address two zero-day flaws affecting the most popular browser on the web. The update pushes Chrome up to version 94.0.4606.71. Due to the attacks, it’s prudent for organizations and consumers to update as soon as it becomes available. Google says it will roll out in the “coming days/weeks”. The update includes four security fixes for Chrome, including the two zero-days. One of them, a high-severity flaw tracked as CVE-2021-37975, stems from Google’s hard-to-protect V8 JavaScript engine that was reported by an anonymous researcher. Another medium-severity flaw, tracked as CVE-2021-37976, is an “information leak in core” and was reported by Google’s Threat Analysis Group (TAG) with assistance from Google Project Zero security researchers.     

Related Posts