AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/14/2021

Ukraine arrests 51 for selling data of 300 million people in US, EU

Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. “As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized,” the Cyberpolice Department of the National Police of Ukraine said. “The seized databases contained information on more than 300 million citizens of Ukraine, Europe and the United States”. Following this large-scale operation, Ukrainian police also shut down one of the largest sites used to sell personal information stolen from both Ukrainians and foreigners (the site’s name was not revealed in the press release).

 

Security company offers Log4j ‘vaccine’ for systems that can’t be updated immediately

For those unable to patch the Apache Log4Shell vulnerability, cybersecurity firm Cybereason has released what they called a “fix” for the 0-day exploit. Cybereason urged people to patch their systems as soon as possible, but for those who cannot update their systems or do so immediately, they have created a tool they are calling “Logout4shell.” It is freely available on GitHub and Cybereason said it “is a relatively simple fix that requires only basic Java skills to implement.” “In short, the fix uses the vulnerability itself to set the flag that turns it off. Because the vulnerability is so easy to exploit and so ubiquitous—it’s one of the very few ways to close it in certain scenarios,” said Yonatan Striem-Amit, CTO of Cybereason. 

 

Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans

Kronos Private Cloud has been hit by a ransomware attack. The company, also known as Ultimate Kronos Group (UKG), provides timekeeping services to companies employing millions of people across the world. Emails sent by Kronos to its corporate customers, seen by The Register, confirm the firm has pulled its private cloud services offline following a ransomware attack. It is advising customers to deploy “alternative business continuity protocols” – a move with potential implications for Britons’ Christmas pay packets. Kronos’ timekeeping products are used by companies in the UK including supermarket chain Sainsburys, Boots the Chemist and Jaguar Land Rover, and large outfits in the US including Clemson Uni in South Carolina, USA; Winthrop University Hospital in Long Island, New York; and US state and local government customers such as Santa Clara County.

 

Apple releases Tracker Detect – an AirTags app for Android to protect your privacy

In June, Apple announced that it was planning to release an app for Android that would help Android users see if someone is using AirTags to track their whereabouts. Apple has delivered on its promise and just published Tracker Detect, an Android app that allows users to check if someone is using AirTags to track them. Tracker Detect works by searching for nearby AirTags or other tracking devices that are compatible with Apple’s Find My Network. To start scanning for nearby devices with Tracker Detect, open the app and press the Scan button. If the app finds a device or AirTag that is registered to another owner, it will display that the device is unknown.

 

Phishing attacks use QR codes to steal banking credentials

A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process. The actors are using a range of tricks to bypass security solutions and convince their targets to open the messages and follow the instructions. The relevant report comes from researchers at Cofense, who sampled several of these messages and mapped the actors’ tactics in detail. The phishing emails are carefully crafted, featuring bank logos, well-structured content, and a generally coherent style. Their topics vary, from asking the user to consent to data policy changes implemented by the bank or requesting them to review new security procedures.

 

Volvo finally confirms “potential” theft of R&D data

Swedish automaker Volvo confirmed today a security breach and the theft of research and development (R&D) data from one of its file storage repositories. The company’s admission comes after it initially played down the incident describing it in emails to The Record as a “potential cyberattack” and refused to comment despite its data having been leaked online since November 30. But in a statement today, Volvo said the incident was more than potential and might be worse than it initially appeared. While the company did not elaborate on the details, Volvo said “there may be an impact on the company’s operation.” The company’s disclosure today is related to an entry on the dark web portal managed by Snatch, a hacking group known to steal data and engage in extortion attempts. On November 25, Snatch published an entry listing Volvo Cars as one of its victims, which it updated on November 30 to add sample files they stole from Volvo’s network as proof of their claims.

 

Amazon Web Services explains outage and will make it easier to track future ones

Amazon Web Services on Friday published an explanation for an hours-long outage earlier this week that disrupted its retail business and third-party online services. The company also said it plans to revamp its status page. The problems in Amazon’s large US-East-1 region of data centers in Virginia began at 10:30 a.m. ET on Tuesday, the company said. “An automated activity to scale capacity of one of the AWS services hosted in the main AWS network triggered an unexpected behavior from a large number of clients inside the internal network,” the company wrote in a post on its website. As a result, devices connecting an internal Amazon network and AWS’ network became overloaded. Several AWS tools suffered, including the widely used EC2 service that provides virtual server capacity. AWS engineers worked to resolve the issues and bring back services over the next several hours. The EventBridge service, which can help software developers build applications that take action in response to certain activities, didn’t bounce back fully until 9:40 p.m. ET.

 

Deepfake anyone? AI synthetic media tech enters perilous phase

“Do you want to see yourself acting in a movie or on TV?” said the description for one app on online stores, offering users the chance to create AI-generated synthetic media, also known as deepfakes. “Do you want to see your best friend, colleague, or boss dancing?” it added. “Have you ever wondered how would you look if your face swapped with your friend’s or a celebrity’s?” The same app was advertised differently on dozens of adult sites: “Make deepfake porn in a sec,” the ads said. “Deepfake anyone.” How increasingly sophisticated technology is applied is one of the complexities facing synthetic media software, where machine learning is used to digitally model faces from images and then swap them into films as seamlessly as possible.

Related Posts