AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/06/2022

Former Uber security chief convicted of covering up 2016 data breach 

A former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016. Joe Sullivan was found guilty of obstructing justice for hiding the breach from the Federal Trade Commission, which had been probing Uber’s privacy protections at the time, and of actively hiding a felony. The verdict ended a dramatic case that pitted Sullivan, a prominent security expert who was an early prosecutor of cybercrimes for the San Francisco U.S. attorney’s office, against his former government office. In between prosecuting hackers and being prosecuted, Sullivan served as the top security executive at Facebook, Uber and Cloudflare. 

 

FBI warns of “Pig Butchering” cryptocurrency investment schemes 

The Federal Bureau of Investigation (FBI) warns of a rise in ‘Pig Butchering’ cryptocurrency scams used to steal ever-increasing amounts of crypto from unsuspecting investors. The warning was issued as a Private Industry Notification from the FBI Miami Field Office in coordination with the Internet Crime Complaint Center (IC3) yesterday to raise awareness among cryptocurrency investors who are increasingly being targeted by these types of scams. Pig Butchering is a relatively new social engineering scam where fraudsters contact people (the “Pigs”) on social media and build trust by engaging in long-term communication, establishing the idea of a fabricated friendship or romantic partnership. Sometimes, the scammers impersonate real friends of the target. 

 

CISA: Multiple government hacking groups had ‘long-term’ access to defense company 

Several U.S. agencies said it is likely that multiple government hacking groups had “long-term” access to the network of a defense company. In a report from the Cybersecurity and Infrastructure Security Agency (CISA), FBI and National Security Agency (NSA), the agencies said some of the hackers exploited Microsoft Exchange vulnerabilities on the unnamed organization’s server to gain access remotely and compromise legitimate company accounts to access emails, meetings, and contacts belonging to other employees. CISA said it initially discovered the issues while responding to hacker activity on the defense company’s network from November 2021 to January 2022. During their investigation, CISA uncovered that likely multiple advanced persistent threat (APT) groups compromised the organization’s network, and some APT actors had long-term access to the environment.  

 

Developer account body snatchers pose risks to the software supply chain 

Software supply chain attacks, once the exclusive province of sophisticated state-sponsored attackers, have been gaining popularity recently among a broader range of cyber criminals. Attackers everywhere have realized that software supply chain attacks can be very effective, and can result in a large number of compromised victims. Software supply chain attacks more than tripled in 2021 when compared with 2020. Why are software supply chain attacks so effective? Organizations that possess solid cyber defenses may be difficult to attack directly. However, these same organizations are likely vulnerable to a software supply chain attack because they still regularly run/build software obtained from vendors who are trusted. 

 

Glut of Fake LinkedIn Profiles Pits HR Against the Bots 

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including BiogenChevronExxonMobil, and Hewlett Packard. 

 

19-Year-Old Hacker Arrested for Using Leaked Optus Breach Data in SMS Scam 

The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for fraudulent activities. The source of the data, the agency said, was a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named “optusdata,” before taking it down. Details of the scam were previously shared by 9News Australia reporter Chris O’Keefe on September 27, 2022. 

Related Posts