AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/01/2019

1 – Scammers are now faking voicemail notifications to steal Office 365 login credentials

Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access to internal systems. A number of employees, from middle management to executive level staff employed across different verticals such as services, finance, IT services, retail, and insurance, were targeted in what the researchers call a whaling campaign.


2 – Facebook removes network of accounts linked to Russia for political meddling across eight countries

Facebook has removed a network of Russian-run accounts which it says were attempting to interfere in politics in Madagascar, Central African Republic, Mozambique, Democratic Republic of the Congo, Côte d’Ivoire, Cameroon, Sudan and Libya. The three networks of Facebook and Instagram accounts targeting African users were engaging in what the social network has described as coordinated “inauthentic” behaviour. “Each of these operations created networks of accounts to mislead others about who they were and what they were doing,” Facebook said.


3 – China-Linked Hackers Spy on Texts With MessageTap Malware

Researchers have discovered a new malware used for cyber-espionage efforts by China-linked threat group APT41. The malware intercepts telecom SMS server traffic and sniffs out certain phone numbers and SMS messages – particularly those with keywords relating to Chinese political dissidents. The espionage tool, dubbed MessageTap, was discovered by FireEye Mandiant during a 2019 investigation of a cluster of Linux servers within an unspecified telecom network; these operated as Short Message Service Center (SMSC) servers. In mobile networks, SMSCs are responsible for sending SMS messages to an intended recipient or storing them until the recipient has come online.


4 – iOS 13 is killing background apps more frequently, iPhone owners report

Apple’s iOS 13 has had a rocky start since its mid-September launch, with it being among the most buggy Apple software releases in recent memory. Now, iPhone owners are complaining of yet another issue that may be bug-related. As compiled by MacRumors, numerous iOS 13 users say the OS is killing apps in the background far too aggressively in what appears to be a memory management issue. That has resulted in some users losing progress in apps after switching to another that may be more memory intensive, like the camera or iMessage, even for just a few seconds. You can read a long list of testimonials over at MacRumors. But the takeaway is that the iPhone should be getting better at this, not worse, due to superior components and software optimizations.



A joint law enforcement operation supported by 19 countries led to the arrest of 60 people suspected of fraud. The main aim of the 2019 e-Commerce Action (eComm 2019) is to target criminal networks suspected of online fraud through coordinated law enforcement action within the European Union, followed by an awareness-raising campaign. The operation, carried out nationally, was coordinated by Europol’s European Cybercrime Centre (EC3) and received direct assistance from national law enforcement authorities and the private sector.  E-commerce fraud (electronic commerce fraud) includes illegal or false transactions made on online platforms, apps and services or over the internet: fraudsters simply use stolen card information to purchase goods on webshops. 


6 – US retirement accounts offer tempting target for cyber attacks

With nearly $6tn sitting in 401(k) plans, the US financial services industry is coming under increasing pressure to ensure that retirement savings are safeguarded from rapidly evolving cyber threats. Some 83 per cent of surveyed investment adviser groups this year ranked cyber security as their biggest compliance concern, marking the sixth consecutive year that the issue has topped the list, according to a survey by the Investment Adviser Association, a lobby group, and the ACA Compliance Group, an advisory group.


7 – New ‘unremovable’ xHelper malware has infected 45,000 Android devices

Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove. Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec). The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month. Most of these infections have been spotted in India, the US, and Russia.


8 – Cyber attack on Asia ports could cost $110 billion: Lloyd’s

A cyber attack on Asian ports could cost as much as $110 billion, or half the total global loss from natural catastrophes in 2018, a Lloyd’s of London-backed report said on Wednesday. Cyber insurance is seen as a growth market by insurance providers such as Lloyd’s, which specializes in covering commercial risks, although take-up in Europe and Asia remains far behind levels in the United States. The worst-case scenario in the report was based on a simulated cyber attack disrupting 15 ports in Japan, Malaysia, Singapore, South Korea and China. Some 92% or $101 billion of the total estimated economic costs of such an attack are uninsured, Lloyd’s said.


9 – Nevada Man Pleads Guilty to Role in Million Dollar Scheme Targeting Thousands of U.S. Servicemembers and Veterans

Fredrick Brown, 38, of Las Vegas, Nevada, a former civilian medical records administrator for the U.S. Army at the 65th Medical Brigade, Yongsan Garrison, South Korea, admitted yesterday to his role in an identity-theft and fraud scheme that victimized thousands of U.S. servicemembers and veterans. Appearing before U.S. Magistrate Judge Richard Farrer, Brown pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to launder monetary instruments.  By pleading guilty, Brown admitted that from July 2014 to September 2015, he stole personal identifying information (PII) of thousands of military members, including names, social security numbers, DOD ID numbers, dates of birth, and contact information.  Brown admitted to capturing the PII by taking digital photographs of his computer screen while he was logged into the Armed Forces Health Longitudinal Technology Application.  Brown further admitted that he subsequently provided that stolen data to co-defendant, Robert Wayne Boling Jr., so that Boling and others could exploit the information in various ways to access Department of Defense and Veterans Affairs benefits sites and steal millions of dollars. 


10 – Mongolia arrests 800 Chinese citizens in cybercrime probe

Police in the Mongolian capital of Ulaanbaatar have apprehended 800 Chinese citizens and confiscated hundreds of computers and mobile phone SIM cards as part of an investigation into a cybercrime ring, local security authorities said.  The arrests took place after police raided four locations on Tuesday, and followed two months of investigations, Gerel Dorjpalam, the head of the General Intelligence Agency of Mongolia, said at a media briefing on Wednesday. He did not go into specific details of the offences but said they involved illegal gambling, fraud, computer hacking, identity theft and money laundering. “As of this moment we suspect they are linked to money laundering,” he said. “We are looking into the matter.”


11 – Microsoft is replacing MSDN and TechNet forums with Microsoft Q&A

Microsoft has been slowly dismantling its MSDN and TechNet blogging platforms for the past year-plus. This week, Microsoft introduced something meant to replace the MSDN and TechNet forums: A preview of Microsoft Q&A.  Microsoft officials said they are making the switch because its MSDN and TechNet forums are outdated, according to a Frequently Asked Questions page about the new Q&A site. The new Q&A experience is part of the larger docs.microsoft.com platform. It is designed to offer “relevant and timely answers to your technical problems from a community of experts and Microsoft engineers.” 


12 – Discord Abused to Spread Malware and Harvest Stolen Data

Malware developers and attackers are abusing the Discord chat service by using it to host their malware, act as command and control servers, or by modifying the chat client to perform malicious behavior. As security companies shore up defenses against malware distribution and communication methods, malware developers and cyber threat actors have to evolve their tactics by abusing other services. Such is the case with the Discord chat service, which has been abused by malware developers for years.

Related Posts