AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/11/2020

Hackers steal data on Pfizer Covid-19 vaccine

The manufacturers of one of the leading Covid-19 vaccines has admitted that it has been targeted in an apparent cyberattack. US firm Pfizer and its German partner BioNTech, which collectively have developed the first Covid vaccine to achieve approval in the West, confirmed that documents related to the vaccine’s development had been “unlawfully accessed.” Little information is known about the attack, including likely instigators, or when and how the attack occurred. Personal information connected to participants in the vaccine trial is not believed to have been compromised, however. It is likely that information related to the Covid-19 vaccine could prove hugely valuable to other corporations and governments looking to create a vaccine of their own. Alternatively, the breach could be used to spread misinformation about the vaccine and the virus itself – something that has become commonplace in the months since the pandemic took hold.


Scammers spoof Target’s gift card balance checking page

It’s the giving season, and cybercriminals are more actively looking to steal gift cards. One of the most popular brands in their sight is giant retailer Target. A trick that crooks are currently pulling is to lure victims to fake sites that check the balance on the gift card. Retail and gaming brands are at the top of scammers’ list of preferences these days as gift card sales register a sharp growth. According to online fraud prevention company Bolster, November saw new websites related to gift card fraud at a rate of more than 220 per day.  Bolster’s research team note that online scams involving gift cards are predominantly impersonating Target’s balance checking pages. Some attempts are more credible than others.


The Internal Revenue Service expands identity protection to all taxpayers

In an effort to battle various flavors of tax fraud and tax-related identity theft, the U.S. Internal Revenue Service (IRS) announced that, as of January 2021, it will be expanding its Identity Protection PIN Opt-In Program to all taxpayers , assuming they can properly verify their identities. Previously, the Identity Protection PINs (IP PIN) were issued to eligible taxpayers who had experienced tax refund fraud or had been proven victims of identity theft. The IP PIN is a six-digit code issued by the IRS that prevents someone else beyond the holder to file a tax return in their stead using their social security number. The IRS uses the IP PIN to verify the taxpayer’s identity when accepting their paper or electronic tax return. The PIN itself is always valid only for the calendar year in which it was issued, with the taxpayer having to get a new IP PIN each January. “The fastest way to get an Identity Protection PIN is to use our online tool but remember you must pass a rigorous authentication process. We must know that the person asking for the IP PIN is the legitimate taxpayer,” explained IRS Commissioner Chuck Rettig in a press statement announcing the program. 


Apple responds to WhatsApp’s criticism on privacy labels

Facebook and its family of apps are clearly unhappy with Apple. Every few weeks, there’s some criticism on Apple by either Facebook, Instagram or WhatsApp. Yesterday, WhatsApp called out Apple’s new app privacy label and how it was unfair. According to a report by Axios, WhatsApp said that the app privacy label was anti-competitive as Apple’s own messaging service iMessage didn’t need it as it came pre-loaded on iPhones. “We think labels should be consistent across first and third party apps,” a WhatsApp spokesperson told Axios. “While providing people with easy to read information is a good start, we believe it’s important people can compare these ‘privacy nutrition’ labels from apps they download with apps that come pre-installed, like iMessage.” Apple has now responded to this criticism and made it clear that privacy labels will be applicable for its own apps as well. Apple told Axios, “The new rules apply equally to all iOS apps, including all Apple‘s built-in apps like Messages. For iOS apps that don’t have dedicated product pages on the App Store, like Messages, they will still have the same privacy information be made available to users on Apple’s website.”


Spotify resets passwords after a security bug exposed users’ private account information

Spotify  said it has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners. In a data breach notification filed with the California attorney general’s office, the music streaming giant said the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners, but added that Spotify “did not make this information publicly accessible.” Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12. But like most data breach notices, Spotify did not say what the vulnerability was or how user account data became exposed.


4 major browsers are getting hit in widespread malware attacks

An ongoing malware campaign is blasting the Internet with malware that neuters the security of Web browsers, adds malicious browser extensions, and makes other changes to users’ computers, Microsoft said on Thursday. Adrozek, as the software maker has dubbed the malware family, relies on a sprawling distribution network comprising 159 unique domains with each one hosting an average of 17,300 unique URLs. The URLs, in turn, host an average of 15,300 unique malware samples. The campaign began no later than May and hit a peak in August, when the malware was observed on 30,000 devices per day. The attack works against the Chrome, Firefox, Edge, and Yandex browsers, and it remains ongoing. The end goal for now is to inject ads into search results so the attackers can collect fees from affiliates. While these types of campaigns are common and represent less of a threat than many types of malware, Adrozek stands out because of malicious modifications it makes to security settings and other malicious actions it performs.

Related Posts