AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/19/2021

UK and US join forces to strike back in cyber-space

The US and UK are joining forces to “impose consequences” on their shared adversaries who conduct malicious cyber-activities. The combined action would address “evolving threats with a full range of capabilities”, they said. The shared adversaries were not named but the announcement follows increasing concern over Russia-based ransomware. The plan was discussed last week at an annual meeting of intelligence chiefs, in the US. Gen Sir Patrick Sanders and Government Communications Headquarters (GCHQ) director Sir Jeremy Fleming and US Cyber Command head Gen Paul Nakasone “reaffirmed” their commitment to jointly disrupt and deter new and emerging cyber-threats.


US states investigate Instagram for ‘wreaking havoc’ on teens’ mental health

A bipartisan coalition of US state attorneys general has opened an investigation into Facebook for promoting Instagram to children despite the company’s own awareness of its potential harms. The investigation, which involves at least eight states, comes as Facebook faces increasing scrutiny over its approach to children and young adults. Documents leaked by a former employee turned whistleblower recently revealed the company’s own internal research showed the platform negatively affected the mental health of teens, particularly regarding body image issues. The investigation will cover whether the company violated consumer protection laws and put young people at risk and will be led by a coalition of attorneys general from California, Florida, Kentucky, Massachusetts, Nebraska, New Jersey, Tennessee and Vermont.


California Pizza Kitchen spills over 100,000 employee Social Security numbers

California Pizza Kitchen (CPK) has revealed a data breach that exposed the Social Security numbers of more than 100,000 current and former employees. The U.S. pizza chain, which has more than 250 locations across 32 states, confirmed the incident in a data breach notification posted this week. The company said it learned of a “disruption” to its systems on September 15 and moved to “immediately secure” its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs. While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees. (TechCrunch contacted CPK for more but did not immediately hear back.)


TikTok phishing threatens to delete influencers’ accounts

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers. Abnormal Security researchers who spotted the attacks, observed two activity peaks while observing the distribution of emails in this particular campaign, on October 2, 2021, and on November 1, 2021, so a new round will likely start in a couple of weeks. In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.


Robinhood Reveals Hackers Stole ‘Several Thousand’ Phone Numbers

More than a week after popular investment and trading platform Robinhood revealed that hackers had obtained access to a “limited amount” of its customers’ personal information, the company has now stated that some of the stolen information included thousands of phone numbers. In a Tuesday blog update, Robinhood said that the list obtained by the hackers—which contained email addresses for about five million people and full names for a different group of roughly two million people—included “several thousand entries” with phone numbers. Although the company did not reveal how many phone numbers were on the list, Motherboard reported that it’s about 4,400. Motherboard got a copy of the stolen phone numbers “from a source who presented themselves as a proxy for the hackers.” In a statement to the outlet, Robinhood did not confirm whether the phone numbers Motherboard had obtained were authentic but did acknowledge that the stolen information included thousands of phone numbers.


What can a cyber criminal learn about you using your mobile number?

How often do you stop to think before you give out your phone number? Depending on who’s asking, it might not ever occur to you that, when you hand it over, you’re giving away the key to a huge amount of information about yourself. Information that could be dangerous in the wrong hands. In this article, we’re going to look at the many types of personal information that can be accessed with nothing more than a mobile phone number. Then we’ll explore how that data can be used to build “spear smishing” attacks—highly-targeted phishing that uses SMS rather than email—in record time.


Linux has a serious security problem that once again enables DNS cache poisoning

As much as 38 percent of the Internet’s domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com. The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site. The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs.

Related Posts