Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/23/2020

Quibi is shutting down

Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the business, return cash to our shareholders, and say goodbye to our colleagues with grace,” the announcement reads. There is any number of factors that can be pointed to in unpacking Quibi’s demise: the launch of a mobile-only streaming service at the height of a global pandemic when users were stuck at home; the lack of any real breakout content that was compelling enough to tempt subscribers; or the fact that shortform video content has a nearly infinite amount of free competition in the form of YouTube, TikTok, and other platforms.

 

FBI, CISA: Russian hackers breached US government networks, exfiltrated data

The US government said today that a Russian state-sponsored hacking group has targeted and successfully breached US government networks. Government officials disclosed the hacks in a joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). US officials identified the Russian hacker group as Energetic Bear, a codename used by the cybersecurity industry. Other names for the same group also include TEMP.Isotope, Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala. Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Companies in the aviation industry were also targeted, CISA and FBI said.

 

Credential-Stuffing Attacks Plague Loyalty Programs

Loyalty programs that attract consumers with free coffee, gas, airline miles, hotel stays, and more if they spend enough with their preferred brands are under full-scale assault by cyberattackers. A new report out from Akamai this week shows cybercriminals are targeting rewards programs with impunity, reaping significant profits on the Dark Web by reselling account access, points, and other rewards fraudulently siphoned from loyalty accounts. Loyalty program accounts are easy pickings for credential stuffing because “many consumers don’t think of them as high risk and are more likely to use weak passwords or mirror accounts they’re using with another organization,” explains report co-author and Akamai editorial director Martin McKeay. Additionally, consumers don’t watch their loyalty program accounts as fastidiously as they would, say, a bank account. According to a report from Forter and the Loyalty Security Association, 45% of loyalty programs accounts are inactive.

 

New Chrome 0-day Under Active Attacks – Update Your Browser Now

Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers. Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome. Without revealing technical details of the vulnerability, the technical lead for Google’s Project Zero Ben Hawkes warned on Twitter that while the team has only spotted an exploit targeting Chrome users, it’s possible that other projects that use FreeType might also be vulnerable and are advised to deploy the fix included in FreeType version 2.10.4. Although the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to “Help → About Google Chrome” from the menu.

 

Scams that start on social media

Scammers are hiding out on social media, using ads and offers to market their scams, according to people’s reports to the FTC and a new Data Spotlight. In the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media. People sent money to online sellers that didn’t deliver, to romance scammers, and for phony offers of financial help. The biggest group of reports were about online sellers that didn’t deliver the goods. They were more than one-quarter of all reports about scams that started on social media in the first half of 2020. Next came reports of romance scams: about half of all romance scams reported since 2019 started on social media, usually on Facebook or Instagram. People also told the FTC about social media messages that pretended to offer grants and other financial relief because of the pandemic — but were really trying to get money, personal information or both.

 

Dark Pathways Into Cybercrime: Minding The Threat Actor Talent Gap

 As you might imagine, most cybercriminals are generally reluctant to allow many details of their personal lives to shine through. The examples we provided in the blogs mentioned above show that threat actors will occasionally allow personal information to slip through or raise an issue to obtain personal validation or comfort. But operational security (OPSEC) is always at the forefront of these individuals’ minds, and any expressions of personality mustn’t threaten to expose their real-life identities. For this reason, it’s hard to find concrete details of how threat actors honed their craft and entered the underground scene. We often see forum users discussing their previous experiences on cybercriminal sites to prove their legitimacy and increase the likelihood of successful sales — effectively providing a “cybercriminal résumé”, if you will. But, understandably, threat actors discussing their pathways to crime is not widespread. We dug around the forums, though, to find nuggets of intelligence that might help form a picture of some common routes to the underground. 

Related Posts