AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/18/2024

From QR to compromise: The growing “quishing” threat

Security professionals are always on the lookout for evolving threat techniques. The Sophos X-Ops team recently investigated phishing attacks targeting several of our employees, one of whom was tricked into giving up their information. The attackers used so-called quishing (a portmanteau of “QR code” and “phishing”). QR codes are a machine-readable encoding mechanism that can encapsulate a wide variety of information, from lines of text to binary data, but most people know and recognize their most common use today as a quick way to share a URL. We in the security industry generally teach people resilience to phishing by instructing them to carefully look at a URL before clicking it on their computer. However, unlike a URL in plain text, QR codes don’t lend themselves to scrutiny in the same way.

 

Redbox easily reverse-engineered to reveal customers’ names, zip codes, rentals

Since Redbox went bankrupt, many have wondered what will happen to those red kiosks and DVDs. Another question worth examining is: What will happen to all the data stored inside the Redboxes? Redbox parent company Chicken Soup for the Soul filed for Chapter 7 bankruptcy in June and is in the process of liquidating its assets. Meanwhile, stores with Redboxes are eager to remove the obsolete hardware. And tinkerers have reported getting their hands on Redbox kiosks and doing all sorts of things with them, including running Doom.

 

Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike

An Alabama man was arrested Thursday for his alleged role in the January hack of a U.S. Securities and Exchange Commission social media account that led the price of bitcoin to spike, the Justice Department said. Eric Council Jr., 25, of Athens, is accused of helping to break into the SEC’s account on X, formerly known as Twitter, allowing the hackers to prematurely announce the approval of long-awaited bitcoin exchange-traded funds. The price of bitcoin briefly spiked more than $1,000 after the post claimed “The SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges.”

 

Microsoft warns it lost some customer’s security logs for a month

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. The issue was first reported by Business Insider earlier this month, who reported that Microsoft had began notifying customers that their logging data had not been consistently collected between September 2nd and September 19th. The lost logs include security data commonly used to monitor for suspicious traffic, behavior, and login attempts on a network, increasing the chances for attacks to go undetected.

 

ESET denies it was compromised as Israeli orgs targeted with ‘ESET-branded’ wipers

ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop’s infrastructure. Kevin Beaumont blogged about an Israeli biz that said it was infected with a wiper after a staffer clicked a link in an email seemingly sent from the ESET Advanced Threat Defense Team in Israel. The email itself passed DKIM and SPF checks against ESET’s domain, said Beaumont, although according to a screenshot of it shared by one security pro, Google Workspace flagged it as malicious.

Related Posts