AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/29/2021

GoDaddy Breach Widens to Include Reseller Subsidiaries

The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s largest domain registrar confirmed to researchers at Wordfence that several of these brands’ customers were affected by the security incident (and Wordfence provided breach-notification notices from two of them in a Tuesday posting). “The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost,” Dan Rice, vice president of corporate communications at GoDaddy, told Wordfence. “A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”


Microsoft Failed to Correctly Fix a Zero-Day and Now Every Version of Windows Is at Risk

Every version of Windows is at risk due to a scary zero-day vulnerability after Microsoft failed to properly patch a similar flaw, a cybersecurity researcher claims. The newly discovered exploit is currently a proof-of-concept, but researchers believe ongoing small-scale testing and tweaking is setting the stage for a wider-reaching attack. “During our investigation, we looked at recent malware samples and were able to identify several [bad actors] that were already attempting to leverage the exploit,” Nic Biasini, Cisco Talos’ head of outreach, told BleepingComputer. “Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns.” The vulnerability takes advantage of a Windows Installer bug (tracked as CVE-2021-41379) that Microsoft claims to have patched earlier this month. 


More than 1,000 arrests and USD 27 million intercepted in massive financial crime crackdown

An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly USD 27 million of illicit funds, underlining the global threat of cyber-enabled financial crime. Taking place over four months from June to September 2021, Operation HAECHI-II brought together specialized police units from 20 countries, as well as from Hong Kong and Macao, to target specific types of online fraud, such as romance scams, investment fraud and money laundering associated with illegal online gambling. In total, the operation resulted in the arrest of 1,003 individuals and allowed investigators to close 1,660 cases. In addition 2,350 bank accounts linked to the illicit proceeds of online financial crime were blocked. More than 50 INTERPOL notices were published based on information relating to Operation HAECHI-II and 10 new criminal modus operandi were identified.


Apple Sues NSO Group Over iPhone Pegasus Spyware

There is a lot of malware out there targeting mobile devices, but it seems that there is one particular type of malware that Apple isn’t too happy with and that comes in the form of the NSO Group’s Pegasus spyware that has been used by governments to spy on certain groups of people. This included activists, journalists, and critics of governments that have been found to routinely suppress political dissent. In fact, Apple has recently announced that they will be suing the NSO Group hoping to make them be held accountable for creating spyware that can be used to spy on users of its products, like the iPhone. They are also looking to ban the company from using any of Apple’s products for future research purposes. According to Craig Federighi, Apple’s senior vice president of Software Engineering, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”


It’s 2021, and Tokyo Authorities Are Finally Phasing Out Floppy Disks

Floppy disks, once the backbone of any office in the ‘80s and ‘90s, are a relic of years past. A thin magnetic disk used to keep data, floppy disks were once the primary storage device for personal computers. But as technology advanced, the disks were replaced by CDs and flash drives. Floppies have been out of production for more than a decade. Yet in Japan, the birthplace of these disks, government offices are just now phasing them out, an effort led by several administrative regions in the Japanese capital Tokyo including the Meguro district. Done in part to cut storage costs, the transition is also meant to help modernize Japan’s government systems. (A single stack of 3½-inch floppy disks as tall as the Eiffel Tower is just enough for a handful of 4K movies.)


Lush quits Facebook, Instagram, TikTok and Snapchat over safety concerns

Lush has announced it is closing its accounts on Facebook, Instagram, Snapchat and TikTok until the social media sites do a better job of protecting users from harmful content. The campaigning beauty retailer said it had “had enough” after the allegations of the Facebook whistleblower Frances Haugen, who claims the company puts profit ahead of the public good. The Lush chief digital officer, Jack Constantine, said the company would not ask customers to “meet us down a dark and dangerous alleyway”, adding that some social media platforms were “beginning to feel like places no one should be encouraged to go … Something has to change.”

Related Posts