AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/16/2021

Epic’s Tim Sweeney calls Google ‘crazy,’ says ‘Apple must be stopped’

Epic Games CEO Tim Sweeney has used his speech at a South Korea conference to lambast both Apple and Google, plus promote his plan for one app store for all devices. The Coalition for App Fairness’s Global Conference on Mobile App Ecosystem Fairness is taking place in South Korea. Tim Sweeney has been speaking at the conference, and also talking to local press. According to Bloomberg, Sweeney says he is working with developers and unspecified service providers to make an app store that would mean users could “buy software in one place, knowing that they’d have it on all devices and all platforms.” “Apple locks a billion users into one store and payment processor,” he said. “Now Apple complies with oppressive foreign laws, which surveil users and deprive them of political rights. But Apple is ignoring laws passed by Korea’s democracy. Apple must be stopped.” Calling Google “crazy” for its system of fees, Sweeney praised South Korea for its new App Store law. “I’m very proud to stand up against these monopolies with you,” he said. “I’m proud to stand with you and say I’m a Korean.”


These are the top-level domains threat actors like the most

Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites. Six out of the top 10 of these 25 top-level domains (TLD) are handled by authorities in developing countries, hosting a disproportionately large number of risky sites compared to their populations. These stats are revealed in an in-depth analysis from researchers at Palo Alto Networks, who took a deep dive into the TLDs commonly used by threat actors and why they are being chosen. The categories picked for analysis are malware, phishing, command and control (C2), and grayware (adware, ‘joke malware,’ spyware). Using data collected on October 7th, 2020, Palo Alto Networks analyzed domains categorized by their Advanced URL Filtering service, and that met specific criteria.


FTC shares ransomware defense tips for small US businesses

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology. The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets. “One key protective step is to set up offline, off-site, encrypted backups of information essential to your business,” the FTC said. “This isn’t something to save for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other authoritative experts.”


AMC theaters start accepting cryptocurrency payment for movie tickets

AMC announced back in August that it will start accepting cryptocurrency by the end of the year. Now, company CEO Adam Aron has revealed on Twitter that you can already use your digital coins to purchase movie tickets. And, true to the promise he made in September, AMC isn’t only accepting Bitcoin, but also Ethereum, Bitcoin Cash and Litecoin — for online purchases, that is. Aron also said that the theater chain has started accepting Apple Pay, Google Pay and PayPal payments, as well. It sounds like moviegoers are welcoming the new payment method with open arms, since it apparently already accounts for 14 percent of the company’s total online transactions. Aron also said that AMC will be adding Dogecoin next. 


Get the dog or cat instead of the scam

This has been National Adoption Week for pets, and by now, thousands of dogs and cats might have new homes in the hearts of many thousands of people. But as the holidays approach, scammers know that families are hearing about their kids’ NEED for a dog or cat. And scammers are ready to take advantage by offering up that perfect pet — for a fee. You’ll find ads offering litters of puppies, especially, on websites and listservs online. But once you pay, your supposed pet and the “breeder” will vanish, along with your cash. Here are ways to spot those puppy and pet scammers and stop them in their tracks.


Instagram, tricked into thinking its boss was dead, locked him out of his own account

In April 2020, with the Covid-19 pandemic hitting hard around the globe, Instagram announced a new feature through which users could memorialise their deceased loved ones. The social network’s memorialisation feature provided “a place to remember someone’s life after they’ve passed away.” As Instagram explained, when an account is memorialised, no more changes can be made to the account.  No-one can log into it, no-one can add new photos or videos, no-one can comment on the account’s past posts. The account is effectively frozen in time as a memorial to the deceased. What could possibly go wrong with that? Well, unfortunately, the feature can be abused by trolls and scammers to lock the accounts of others. All Instagram requests to memorialise an account is “a link to an obituary or news article,” and – you guessed it – that’s not something that’s hard for a scammer to fake. As Vice reports, one person who found himself locked out of his account by just such an attack was the Head of Instagram, Adam Mosseri.

Related Posts