AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/11/2022

Hurricane Ian Destroyed Their Homes. Algorithms Sent Them Money 

WHEN Hurricane Ian churned over Florida in late September, it left a trail of destruction from high winds and flooding. But a week after the storm passed, some people in three of the worst-hit counties saw an unexpected beacon of hope. Nearly 3,500 residents of Collier, Charlotte, and Lee Counties received a push notification on their smartphones offering $700 cash assistance, no questions asked. A Google algorithm deployed in partnership with nonprofit GiveDirectly had estimated from satellite images that those people lived in badly damaged neighborhoods and needed some help. 


Darkweb market BidenCash gives away 1.2 million credit cards for free 

A dark web carding market named ‘BidenCash’ has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. Carding is the trafficking and use of credit cards stolen through point-of-sale malwaremagecart attacks on websites, or information-stealing malware. BidenCash is a stolen cards marketplace launched in June 2022, leaking a few thousand cards as a promotional move. Now, the market’s operators decided to promote the site with a much more massive dump in the same fashion that the similar platform ‘All World Cards’ did in August 2021. 


US airports taken down in DDoS attacks by pro-Russian hackers 

The pro-Russian hacktivist group ‘KillNet’ is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible. The DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services. Notable examples of airport websites that are currently unavailable include the Hartsfield-Jackson Atlanta International Airport (ATL), one of the country’s larger air traffic hubs, and the Los Angeles International Airport (LAX), which is intermittently offline or very slow to respond. 


Making Workers Keep Their Webcams on Is a Human Rights Violation, According to Dutch Judge 

If you’ve ever felt like being told to turn your camera on during the Zoom meeting was a fundamental overstep of workplace boundaries and rights, a Dutch court might be on your side. A remote employee of U.S.-based software company Chetu has been awarded about €75,000 by a Dutch judge for wrongful termination, after he was reportedly fired for refusing to leave his webcam on for the entire workday, according to a court filing published earlier this month, first reported on in English by NL TimesAfter working for Chetu for about a year and a half while based in the Netherlands, the employee was ordered to take part in a period of virtual training called a “Corrective Action Program.” During that time, he was told he would have to keep his webcam on for the entire workday, along with screen sharing turned on, according to the translated court document. 


Emotet Rises Again With More Sophistication, Evasion 

The threat group behind the Emotet malware-delivery botnet has resurrected the malware-as-a-service offering with more sophisticated countermeasures to foil takedowns. According to a 68-page analysis on Oct. 10 from VMware’s Threat Analysis Unit — based on data collected from several new Emotet campaigns in early 2022 — the group has learned lessons from the 2021 law enforcement takedown of the group’s infrastructure. That includes creating more complex and subtle chains of execution, hiding its configurations, and hardening its command-and-control (C2) infrastructure. In addition, the group recently updated two of the eight modules to improve credit-card stealing functionality and its capabilities for spreading laterally through a network. 


Boston Dynamics and five other robot makers pledge not to weaponize their robots 

“We are some of the world’s leading companies dedicated to introducing new generations of advanced mobile robotics to society. These new generations of robots are more accessible, easier to operate, more autonomous, affordable, and adaptable than previous generations, and capable of navigating into locations previously inaccessible to automated or remotely-controlled technologies,” wrote the robot makers in the introduction to their pledge. They added that their robots could provide great benefit to society as co-workers in industry and companions in people’s homes but warned of the possibility of nefarious use of this technology by ill-intentioned actors. 


Toyota discloses accidental leak of some customers’ personal information 

Toyota Motor Corporation warns customers that their personal information may have been accidentally exposed after an access key was publicly available on GitHub for almost five years. The carmaker discovered recently that a portion of its T-Connect site source code was mistakenly published on GitHub. T-Connect is an app developed by the company that allows car owners to control the vehicle’s infotainment system and monitor the access of the vehicle. The code also contained an access key to the data server that stored customer info, such as email addresses and management numbers. The source code was leaked by a development subcontractor. An unauthorized third party could have had access to the details of Toyota customers between December 2017 and September 15, 2022. The number of impacted customers is 296,019, the GitHub repository was restricted in September 2022 and the keys were changed. 

Related Posts