AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/20/2021

Facebook bans 7 ‘surveillance-for-hire’ companies that spied on 50,000 users

The parent company of Facebook and Instagram has banned seven firms it says used its platforms to spy on some 50,000 unsuspecting targets, including human rights activists, government critics, celebrities, journalists and ordinary people in more than 100 countries. These “surveillance-for-hire” companies were linked to around 1,500 accounts on Facebook and Instagram that were used to collect information on people and try to trick them into handing over sensitive personal information so that the firms could install spyware on their devices, according to a report released on Thursday by Meta, formerly known as Facebook. “Each of these actors rely on networks of fake accounts on our platforms that are used to deceive users and mislead them,” Nathaniel Gleicher, Meta’s head of security policy, told NPR. Some firms also used Meta’s WhatsApp to infect targets’ phones with malware. The surveillance was also carried out over other internet services, from email and text messages to Twitter and YouTube.

Logistics giant warns of BEC emails following ransomware attack

Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack. The attack took place on December 9 and forced the logistics company to shut down its systems to contain the spread of the virus. However, by the time the firm’s IT team responded, the actors had already exfiltrated sensitive files from the accessed servers to be used as a pressure lever in the ransom payment negotiation stage. Through an update on its site, Hellmann Worldwide admits that the forensic investigation that followed has confirmed a data breach but are still investigating exactly what was stolen.

French privacy authority demands Clearview AI flush facial recognition data gathered within its borders

Clearview AI is again under fire for scraping personal information and pictures from the internet. This time, a French regulator is demanding that it delete all data on French nationals stored in the company’s database. The commission threatens hefty fines if Clearview does not comply. On Thursday, France’s privacy watchdog, the Commission nationale de l’informatique et des libertés (CNIL), demanded that Clearview AI delete all data it has on French citizens. The regulator alleges that the company’s data scraping practices violate the GDPR and other data accessing laws. If Clearview does not comply, the CNIL threatens the highest fines European law allows.

Rooftops for rent: Property owners should partner with 5G carriers

The race to deploy 5G infrastructure has unlocked a new use for the rooftops of restaurants, hotels, residential buildings, and even hospitals and churches. These rooftops are quickly becoming prime real estate targets for telecommunication leaders eager to establish 5G technology in highly populated areas. In fact, next-generation wireless deployments are positioned to be one of the largest allocators of lease revenue in the United States over the next five years, creating a seismic opportunity for landlords and other business owners. The Biden administration has made expanding the country’s 5G infrastructure a national priority. The $1.2 trillion bipartisan infrastructure package earmarks $65 billion in funding to expand broadband coverage to rural and underserved communities. Despite its speed and power relative to other wireless technologies, 5G has a much shorter range, only reaching up to about 1,500 feet.

Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels

A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk. Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are “extremely easy to guess.” With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which store records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.

Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google’s premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group’s Pegasus surveillance tool on iPhones. “We assess this to be one of the most technically sophisticated exploits we’ve ever seen,” Google’s Ian Beer and Samuel Groß wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. Google said it received a sample of the exploit from Citizen Lab and collaborated with Cupertino’s usually secretive Security Engineering and Architecture (SEAR) group on a technical analysis that discovered a head-scratching array of technical sophistication in an exploit platform sold to governments around the world.

Related Posts