AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/09/2022

Metropolitan Opera dealing with cyberattack that shut down website, box office

The Metropolitan Opera confirmed that it is dealing with a crippling cyberattack that has shut down their website and box office. The New York-based opera house said on Wednesday evening that the cyberattack impacted their network systems, including their “website, box office, and call center.” While all performances will continue as scheduled, the organization is unable to process new ticket orders or provide exchanges and refunds. 

Scammer Group Uses Business Email Compromise to Impersonate European Investment Portals

A sophisticated scammer group has stolen at least €480 million from victims in France, Belgium, and Luxembourg since 2018, according to researchers at Group-IB. The gang uses a highly detailed scam kit called “CryptosLabs,” which impersonates investment portals from more than forty major European financial entities. “Right out of the block, the victims are promised high returns on their capital,” the researchers write. “To find the ‘investors’ scammers leave messages on the dedicated investment forums or use legitimate advertising mechanisms on social media and search engines to promote the scheme. To appear trustworthy, such ads feature logos of notable banking, fin-tech, crypto, and asset management companies active in France, Belgium, and Luxembourg.”

North Korea using freelance techies to fund missiles and nukes

North Korean IT pros are using freelancing platforms to earn money that the nation’s authoritarian government uses to fund the development of missiles and nuclear weapons, according to South Korea’s government. Seoul therefore wants gig platforms to impose stricter checks to restrict its enemy’s activities. South Korea’s intelligence services, national police, and five ministries yesterday published a warning about the North’s (DPRK) tactics that opens as follows: “DPRK IT workers are located all around the world, obfuscating their nationality and identities. They earn hundreds of millions of dollars a year by engaging in a wide range of IT development work, including freelance work platforms (websites/applications) and cryptocurrency development.”

FBI Calls End-to-End Encryption ‘Deeply Concerning’ as Privacy Groups Hail Apple’s Advanced Data Protection as a Victory for Users

Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. ‌iCloud‌ end-to-end encryption, or what Apple calls “Advanced Data Protection,” encrypts users’ data stored in ‌iCloud‌, meaning only a trusted device can decrypt and read the data. ‌iCloud‌ data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.

New bot ChatGPT will force colleges to get creative to prevent cheating, experts say

After its viral launch last week, the chatbot ChatGPT was lauded online by some as a dramatic step forward for artificial intelligence and the potential future of web search. But with such praise also came concern regarding its potential usage in academic settings. Could the chatbot, which provides coherent, quirky and conversational responses to simple language inquiries, inspire more students to cheat? Students have been able to cheat on assignments using the internet for decades, giving rise to tools meant to check if their work was original. But the fear now is that ChatGPT could render those resources obsolete.

Related Posts