Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/13/2021

Olympus has been hit with another major cyberattack

Camera maker and Japanese tech giant Olympus was forced to shut down its IT systems in the US, Canada and Latin America after it recently fell victim to a cyberattack. In a statement on its website, the company said that it is currently in the process of investigating a potential cybersecurity incident which occurred on October 10 that affected its IT systems. After detecting suspicious activity on its network, Olympus mobilized a response team made up of forensic experts though it also suspended all of its affected systems to contain any potential threats. At the same time, the company is working with third parties as part of its investigation.

 

Brands must take an application-led approach to security

As Cyber Security Month gets underway, consumers are being encouraged to ‘#BeCyberSmart’ and “focus on general cyber hygiene to keep your information safe”. Without doubt, the need for all of us to think and act carefully when it comes to how we share and protect our personal data has never been greater. The use of applications and digital services has sky-rocketed since the start of 2020, as people have relied almost exclusively on digital services in almost every area of their lives. The number of applications people are using regularly has risen by a staggering 30% since the beginning of 2020, according to the recent The App Attention Index 2021. And of course, a major element of this increase is amongst people who are new to digital services, forced to use applications for the first time during lockdown to buy groceries, stay connected to friends and family and access critical services.

 

CIA Funding Arm Gave Encrypted App Wickr $1.6 Million

In-Q-Tel, a nonprofit investment firm started by the Central Intelligence Agency (CIA), recently poured more than $1.6 million into encrypted messaging platform Wickr, according to public disclosure records reviewed by Motherboard. The $1.6 million was transferred before Amazon purchased the company, but highlights Wickr’s continuing position as an end-to-end encrypted messaging app for government agencies. Beyond the In-Q-Tel investment, Wickr also has a specific product approved by the Department of Defense, and as Motherboard reported last month, a new $900,000 contract with U.S. Customs and Border Protection (CBP). Jack Poulson, executive director of Tech Inquiry, first flagged the money transfer to Motherboard. As he pointed out, one of In-Q-Tel’s Form 990s, which describes compensation paid to outside contractors, mentions a payment to a company called “W I.” That company’s address—1459 18th Street, San Francisco—is identical to that of Wickr Inc., according to other public corporate records.

 

Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha

Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack’s spread to other systems. The shut down of systems has led to widespread disruption for the bank, with ATMs no longer working and the online banking portals showing maintenance messages. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational due to a technology issue.

 

Study reveals Android phones constantly snoop on their users

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users. With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps. – Researchers.

 

Pandemic-related supply issues send US PC market into decline

It could be harder to get a new PC this holiday season, as supply chain issues continue to hinder the market. Numbers shared by analysts today show that component shortages related to the COVID-19 pandemic are still very much affecting PC supply—and demand. “The shortfall in supply of PCs is expected to last well into 2022, with the holiday season of this year set to see a significant portion of orders not met,” Ishan Dutt, senior analyst at Canalys, said in a statement.  The biggest factor slowing the growth of desktop, laptop, and workstation shipments is disruption to the global supply chain and logistics network, Dutt said. Manufacturers are dealing with restrictions and even lockdowns, especially in Asia. This situation is leading to backlogs for PC-makers and their partners.

 

How I hacked ALL displays in my high school district to play Rick Astley

On April 30th, 2021, I rickrolled my high school district. Not just my school but the entirety of Township High School District 214. It’s the second-largest high school district in Illinois, consisting of 6 different schools with over 11,000 enrolled students. This story isn’t one of those typical rickrolls where students sneak Rick Astley into presentations, talent shows, or Zoom calls. I did it by hijacking every networked display in every school to broadcast “Never Gonna Give You Up” in perfect synchronization. Whether it was a TV in a hall, a projector in a classroom, or a jumbotron displaying the lunch menu, as long as it was networked, I hacked it! In this post, I’ll be explaining how I did it and how I evaded detection, as well as the aftermath when I revealed myself and didn’t get into trouble.

Related Posts