AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/27/2020

FTC Launches New Fraud Reporting Tool for US Consumers

The US Federal Trade Commission (FTC) has launched a new cyber-fraud reporting platform, where consumers can easily report fraud, scams or bad business practices. As fraud has surged during the pandemic, the consumer protection agency has created ReportFraud.ftc.gov, a user-friendly platform providing a “streamlined experience” for people bombarded with online scams and impostor calls. “Every time you report scams or bad business practices to the FTC, you’re helping to protect your community,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “With ReportFraud.ftc.gov, it’s quicker and easier than ever to share your story, and each report helps the FTC, and other federal, state, and local law enforcement agencies, fight fraud.” The new website replaces the former FTC Complaint Assistant and provides steps for consumers to protect financial and personal information, depending on their submission.


How 30 Lines of Code Blew Up a 27-Ton Generator

EARLIER THIS WEEK, the US Department of Justice unsealed an indictment against a group of hackers known as Sandworm. Among those acts of cyberwar was an unprecedented attack on Ukraine’s power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier. The following excerpt from the book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, published in paperback this week, tells the story of that early, seminal grid-hacking experiment.


The iPhone 12 Drop Test Is Painful To Watch

With the new iPhone 12s, Apple introduced what they are calling Ceramic Shield, which is a new type of glass cover that they claim is 4x tougher than its predecessors. We’d hate to find out for ourselves if this claim is true, but the good folks at EverythingApplePro decided to put it to the test via a series of drop tests. These tests can hardly be called scientific since there are so many different scenarios that we could drop our phone, but it should still give you some idea of how tough the new iPhones are. If you don’t have the time to watch the videos, basically it seems that when it comes to the actual body of the iPhone itself, the iPhone 12 fared slightly worse compared to the iPhone 12 Pro.


The ambient audio in your video could give away its location. This intelligence agency wants to use that.

The U.S. National Geospatial-Intelligence Agency has launched a cash prize competition to find new ways to locate where audio and video files were recorded. As the primary source of geospatial intelligence, the NGA prides itself in its ability to exploit imagery in support of the intelligence community and the military. The agency’s activities cover a wide range, from using satellites to map the Arctic to using artificial intelligence for automatic detection of objects in overhead imagery. But at least one task remains elusive: Geolocating the source of video and audio recordings. That’s why the NGA is launching the Soundscapes Competition, which will award cash prizes to entrees who can find new methods for identifying a recording’s location based on ambient sound in the background. Participants will be asked to come up with methods of “identifying, analyzing, and modelling these sound and acoustic scene indicators to uniquely classify audio recordings as originating in one of nine cities,” according to the competition website.


Phishing groups are collecting user data, email and banking passwords via fake voter registration forms

Days ahead of the US Presidential Election, spam groups are hurrying to strike the iron while it’s still hot and using voter registration-related lures to trick people into accessing fake government sites and give away their personal data, sometimes with the group being so bold to ask for banking and email passwords and even auto registration information. These campaigns have been taking place since September and are still going on today, while the lures (email subject lines) are still relevant. Spotted by email security firms KnowBe4 and Proofpoint, these campaigns are spoofing the identity of the US Election Assistance Commission (EAC), the US government agency responsible for managing voter registration guidelines. Subject lines in this campaign are simple and play on the fear of US citizens that their voter registration request might have failed.


To Boldly Go Where No Internet Protocol Has Gone Before

Space exploration is hard, not least because of how difficult it is to communicate. Astronauts need to talk to mission control, ideally by video communication, and space vehicles need to send back data they gather, preferably at high speed and with little delay as possible. At first, space missions designed and carried their own distinct communications systems; that worked well enough, but it wasn’t exactly a paragon of efficiency. Then one day in 1998, the internet pioneer Vinton Cerf imagined a network that could offer a richer capacity to serve the growing number of people and vehicles in space. The dream of an interplanetary internet was born.

Related Posts