AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/05/2022

In 2023, Google can notify you if personal info pops up in search

Starting “early next year,” Google will be able to notify you if your personal info, such as your phone number, email, or home address, shows up in search results as part of its “results about you” tool. The announcement comes as Google has officially started rolling out the tool, which lets people easily create takedown requests for results with their personal info. The tool started showing up for some people last week. In a tweet, the company says the notification system will be opt-in. Ideally, it’s not something that most people will have to turn on; however, it will be nice to have the option, especially for those in high-profile positions or who find themselves targeted by harassment campaigns.


Georgia man who laundered millions from romance scams, Business Email Compromises, and other online fraud receives 25-year sentence

Elvis Eghosa Ogiekpolor has been sentenced to 25 years in federal prison for money laundering and conspiracy to commit money laundering after being convicted at trial. Ogiekpolor opened and directed others to open at least 50 fraudulent business bank accounts that received over $9.5 million dollars from various online frauds, including romance frauds and business email compromise scams (“BECs”). He then laundered the fraud proceeds using other accounts, including dozens of accounts overseas.


Landmark US-UK Data Access Agreement Begins

A first-of-its-kind agreement between the US and UK governments came into force this week, promising to streamline digital investigations for British law enforcers. The Data Access Agreement technically allows each country’s investigators to benefit from faster access to data stored by service providers in the other country, although in practice it will mainly benefit UK cops requesting information from US social media and other companies. Because of local legal restrictions on US providers sharing their data with foreign governments, investigators were previously forced to lodge requests via Mutual Legal Assistance Treaties (MLATs), which was a slow, painful and error-prone process. The Data Access Agreement will speed things up considerably, forcing cloud storage companies, social media providers, messaging platforms and other digital service providers to reply to overseas production orders (OPOs) within seven days, according to law firm Cooley.


Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year. In-the-wild attacks abusing the shortcomings have chained the two flaws to gain remote code execution on compromised servers with elevated privileges, leading to the deployment of web shells. The Windows maker, which is yet to release a fix for the bugs, has acknowledged that a single state-sponsored threat actor may have been weaponizing the flaws since August 2022 in limited targeted attacks.


Threat actors use YouTube to distribute ‘poisoned’ Tor browser installer

Kaspersky researchers noticed a rather clever way threat actors are deceiving users in China into downloading a malicious Tor browser installer that can be used to track the history and location of its victims. The website for the Tor browser is banned in China, so users often resort to using third-party sites to download the contraband browser. In this case, the Kaspersky researchers say their telemetry detected the malicious installers via a link on a popular Chinese-language YouTube channel devoted to anonymity on the internet that has over 180,000 subscribers. The video with the link to the malicious installer first appeared on the YouTube channel in January, with victims starting to appear in March; it has been viewed over 64,000 times.

Related Posts