AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/21/2022

Australia’s Hack-Back Plan Against Cyberattackers Raises Familiar Concerns

The Australian government’s defiant proclamation recently that it would hack back against hackers that sought to target organizations in the country represents a break from the usual cautious manner in which nations have approached international cyber threats. How effective the country’s newly announced “joint standing operation against cybercriminal syndicates” will be remains an open question, as does the issue of whether other nations will follow suit. Also unclear is how far exactly law enforcement is willing to go to neutralize infrastructure that it perceives as being used in cyberattacks against Australian entities.


Wickr’s free encrypted messaging app is shutting down next year

Wickr Me, the free encrypted messaging app owned by Amazon Web Services, is shutting down on December 31st, 2023. In a post on its website, Wickr says the app will stop accepting new user registrations on December 31st, 2022 before going away completely next year. AWS acquired Wickr last year and started packaging the paid version of the secure messaging app within its offerings for businesses. This version of the app, Wickr AWS, isn’t going away, and neither is Wickr Enterprise. The shutdown only affects the consumer-facing Wickr Me, which is often used by journalists, whistleblowers, and anyone looking to keep their messages away from prying eyes.


Google looking outside the usual channels to fix security skills gap

Cybersecurity moves fast. New and bigger threats emerge all the time across an ever-expanding attack surface and there’s not enough people to fill vacant jobs. Because of this, “not every organization is hyper-focused on the subject of diversity and inclusion,” MK Palmore, a director in Google Cloud’s Office of the Chief Information Security Officer, told The Register. “We as an industry get hung up on looking for folks who have been there, done that, and want talent to jump in and hit the ground running,” he continued. “We need to slow down a bit and widen the optical on what represents new talent to bring into the field.” This requires investing money and human resources into training folks who don’t come from a traditional infosec background, but Palmore said the payoff is worth it for a couple of reasons. 


Black Friday and Cyber Monday, crooks are already at work

Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday. The experts noticed that between October 26 and November 6, the rate of unsolicited Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related messages. The experts pointed out that the majority of all Black Friday spam (by volume) (56%) received in the same period was marked as a scam. Approximately one out of four (27%) of all Black Friday spam emails (by volume) targeted online users in the US and in Ireland (24%). Most of the Black Friday-related spam (49%) originated from IP addresses in the US, followed by Germany (16%).


New ransomware encrypts files, then steals your Discord account

The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as the user or to issue API requests that retrieve information about the associated account. Threat actors commonly attempt to steal these tokens because they enable them to take over accounts or, even worse, abuse them for further malicious attacks.

Europe’s Spyware Scandal Is a Global Wakeup Call

Multiple European governments are using advanced surveillance tools to spy on their own people, according to a damning new European Parliament report. “EU Member States have been using spyware on their citizens for political purposes and to cover up corruption and criminal activity,” the report reads. “Some went even further and embedded spyware in a system deliberately designed for authoritarian rule.” The European Parliament launched this inquiry after the 2021 publication of the Pegasus Project, a spyware investigation led by 16 media outlets around the world. 

Related Posts