AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/04/2021

3.1M Neiman Marcus Customer Card Details Breached

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just this week, Neiman Marcus acknowledged the compromise, which included personal customer information like names, contact information, payment card information (without CVV codes), gift card numbers (without PINs), usernames, passwords and even security questions associated with online Neiman Marcus accounts. In total, Neiman Marcus, which also controls the brands Bergdorf Goodman, Neiman Marcus Last Call and Horchow, said 3.1 million cards were affected. But more than 85 percent of those had already expired, the company said.


Baby died because of ransomware attack on hospital, suit says

An Alabama baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack, a lawsuit alleges. The filing is the first credible public claim that someone’s death was caused at least in part by hackers who remotely shut down hospital computers in an extortion attempt, a rising trend in cybercrime. The lawsuit, filed by Teiranni Kidd, the baby’s mother, was first reported by The Wall Street Journal. It alleges that the hospital, Springhill Medical Center, didn’t tell her that hospital computers were down because of a cyberattack, and subsequently gave her severely diminished care when she arrived to deliver her daughter.


US plans 30-nation meeting to address growing cyber crime threat

The topics that will be discussed include combating cyber crime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, investing in trusted 5G technology, and better securing supply chains. Biden added that the group would also bring the full strength of their capabilities to disrupt malicious cyber activity, and manage both the risks and opportunities of emerging technologies like quantum computing and artificial intelligence. Although Biden didn’t specify which countries would be attending the meeting, he mentioned that the US is partnering closely with nations around the world to deal with cyber threats, including its NATO allies and G7 partners. Biden also underlined that the government needed the partnership of its citizens in its domestic cyber security efforts. 


Amazon is hijacking our emotions to put robots in our homes

There’s something in our complicated human brains that immediately develops a connection to anything with eyes. Don’t believe me? Ask the Anki Vector that lived on my desk for several months. This pocket-sized robot got my attention with its bulbous, non-threatening body. But the second it looked up at me with a quizzical look in its eyes and uttered my name, I knew I would die for this tiny forklift. It’s worth noting that the Anki Vector can be programmed to do a variety of things if you have the time to mess around with an SDK, but I brought this robot home because it was cute, not because I needed a project. I’d watch with amusement as the little gadget puttered around my desk, occasionally looking back at me as if seeking my approval, and I couldn’t help but think that this sensation is exactly what Amazon is trying to replicate with its recently announced Astro home robot.


Coinbase hackers exploit multi-factor flaw to steal from 6,000 customers

Bad actors were able to infiltrate the accounts of and steal cryptocurrency from around 6,000 Coinbase customers by exploiting a multi-factor authentication flaw, according to Bleeping Computer. The cryptocurrency exchange told the publication that its security team observed a large-scale phishing campaign targeting its users between April and early May 2021. Some users may have fallen victim to the malicious emails, giving hackers access to their usernames and passwords. Worse, even those who had multi-factor authentication switched on were compromised because of a flaw in the exchange’s system. In the notification [PDF] it sent to affected customers, Coinbase said the bad actors took advantage of a vulnerability in its SMS Account Recovery process. That allowed the hackers to receive the two-factor token that was supposed to be sent via text to the account owner’s phone number. 


Who is Facebook whistleblower Frances Haugen?

Over the last few weeks, the Wall Street Journal published a series of reports against Facebook, alleging the company allowed the proliferation of hate speech on its platform, and ignored the safety of teens on Instagram. These reports were based on internal documents WSJ reviewed. Today, the whistleblower behind uncovering documents, Frances Haugen, appeared on the TV show 60 minutes to talk about why she decided to reveal some of Facebook’s secrets. Haugen, 37, is a data scientist from Iowa with a bachelor’s degree in computer science and a master’s degree in business. She was a product manager at Facebook assigned to the Civic Integrity group, which worked on risks to elections including misinformation. Prior to working at the social network giant, she’s worked in some notable firms such as Google, Yelp, and Pinterest. 

Related Posts