AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/05/2021

Company That Routes Billions of Text Messages Quietly Says It Was Hacked

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”


Over 1.5 billion Facebook records possibly for sale on a hacker forum

According to a report from Privacy Affairs, a hacker is selling the private information of more than 1.5 billion Facebook users. The data was purportedly stolen in a hack earlier this year and is nothing to do with the outage Facebook was suffering from on Monday. The person claiming to have the data said the records were scraped from Facebook this year and that 100% of the records contain an email address and phone number. The user in question has received several requests for samples from others on the website and is giving away 100 records to those who ask to preview the data. Some of the people commenting on the thread have expressed doubts about the offer but the original poster has said they will submit a review once someone buys the data. The fields which are included are email addresses, names, user IDs, location, gender, phone numbers, and cities. Luckily, no passwords were stolen but it should remind everyone to review their Facebook settings to ensure that their details are not public-facing as anyone can grab them and sell them.


Crypto platform mistakenly gives $90M to users, asks for refund

In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform’s founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder. Compound is an Ethereum-based money market protocol that enables users to earn interest or borrow assets against collateral. Lenders can provide assets to Compound’s liquidity pool and start earning compounding interest, with interest rates dictated automatically by supply and demand. Yesterday, due to an erroneous upgrade process, the decentralized finance (DeFi) platform ended up spilling out Ethereum assets worth $90 million to its users. Compound’s “Comptroller” contract’s transaction history shows where all the Ethereum tokens went. Compound’s founder Robert Leshner urged users who received these Compound tokens in error to return the assets to the platform’s Timelock contract. To incentivize users, Leshner stated that for their “white-hat” behaviour they may keep 10% as a reward. 


FCC orders phone carriers to enforce unlawful robocall blocking

The Federal Communications Commission (FCC) announced earlier this week that phone companies are now required to filter calls from providers who haven’t complied with a deadline to block illegal robocalls that expired on September 28th. They can only accept calls from voice service providers registered in the Robocall Mitigation Database who have implemented caller ID authentication technology for calls carried made over Internet Protocol (IP) networks or filed a robocall mitigation plan with the FCC. “This technology is critical to protecting Americans from scams using spoofed robocalls because it erodes the ability of callers to illegally spoof a caller ID, which scammers use to trick Americans into answering their phones when they shouldn’t,” the FCC explains.


Apple makes it easier to report bad apps and scams

Following reports that revealed that a significant percentage of top App Store apps were scams, Apple is allowing users to report such behavior, according to The Verge. As part of iOS 15, the latest App Store update lets you “report a scam or fraud” for both free, in-app purchase (IAP) and paid apps, provided you’ve installed the app in question. The feature, detailed by Kosta Eleftheriou and Richard Mazkewich on Twitter, goes even farther than the previous “Report a Problem” feature. You can now signal a scam or a fraud and not just “Report suspicious activity,” “Report a quality issue,” “Request a refund” or “Find my content” as before. Previously, you would have also needed to make an in-app purchase before you could highlight a scam or fraud, but that’s no longer the case. 


BBB Scam Alert: Watch out for blackmailers on dating sites

You meet someone you are interested in on a dating app. The person sends you explicit photos of themselves and asks you to reply with your own revealing pictures. The FTC reports that this particular scam is especially common on LGBTQ+ dating apps, such as Grindr and Feeld. If you send the images or videos, the scammer then begins to blackmail you. Scammers use your phone number or social media profile to look up names of your friends, family members, and even your workmates or boss. Then, they threaten to send those pictures to your contacts. According to one BBB Scam Tracker report, after a compromising video call, a woman began “blackmailing me, [threatening] to release the video footage on social media and send it to my friends and family. [Then] a guy took over blackmailing. They were demanding a sum of $3000.”

Related Posts