AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/22/2021

US regulators order banks to report cyberattacks within 36 hours

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability. Bank service providers will also have to notify customers “as soon as possible” if a cyberattack has materially affected or will likely affect the customers for four or more hours. Examples of incidents that need to be reported under the new rule include large-scale distributed denial of service attacks that disrupt customer account access to banking services or computer hacking incidents that takedown banking operations for extended periods of time.


This new Linux malware targets ecommerce sites ahead of Black Friday

Cybersecurity researchers have discovered a new Linux backdoor on compromised ecommerce servers that intercepts and exfiltrates sensitive customer information, including credit card details. The malicious agent, dubbed linux_avp is written in Golang, and was discovered by researchers at Sansec, who were approached by an affected merchant who couldn’t seem to get rid of malware from his store. “It [linux_avp] is being deployed around the world since last week and takes commands from a control server in Beijing,” note the researchers in their analysis of the malware.


Teenage hacker used SIM-swapping to steal millions in cryptocurrency

Canadian police have arrested a teenager for reportedly stealing $46 million CAD (about $36.5 million) worth of cryptocurrencies, in what is being described as a SIM swap attack. To facilitate the theft, described as the largest-ever cryptocurrency pilferage from a single individual, the teen managed to hijack the victim’s phone number, which he then used to log into the victim’s crypto wallet by intercepting the two-factor authentication requests. At the time of the arrest, police only managed to seize about $7 million CAD ($5.5 million) in stolen cryptocurrency from the teen, in Hamilton, in Ontario, Canada. 


Facebook tells LA police to stop spying on users with fake accounts

Facebook has written to the Los Angeles Police Department (LAPD), demanding that it stop setting up fake profiles to conduct surveillance on users. This comes after the Guardian revealed that the US police department had been working with a tech firm, analysing user data to help solve crimes. Facebook expressly prohibits the creation and use of fake accounts. The intent, it said, was to “create a safe environment where people can trust and hold one another accountable”. “Not only do LAPD instructional documents use Facebook as an explicit example in advising officers to set up fake social media accounts, but documents also indicate that LAPD policies simply allow officers to create fake accounts for ‘online investigative activity’,” wrote Facebook’s vice president and deputy general counsel for civil rights Roy Austin in a letter outlining Facebook’s policies.


Verizon’s Visible cell customers hacked, leading to unauthorized purchases

Numerous Visible Wireless subscribers are reporting that their accounts were hacked this week. Visible runs on Verizon’s 5G and 4G LTE networks and is owned by Verizon. Suspicions of a data breach at Visible started Monday when some customers saw unauthorized purchases on their accounts.  On the Visible subreddit, users reported seeing unauthorized orders placed from their accounts. In an email sent to customers and posted publicly yesterday, Visible shared what it believes caused the hacks. “We have learned of an incident wherein information on some member accounts was changed without their authorization. We are taking protective steps to secure all impacted accounts and prevent any further unauthorized access,” said Visible in the announcement. “Our investigation indicates that threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.”

Related Posts