AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/26/2023

Mint Mobile discloses new data breach exposing customer data 

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator (MVNO) owned by T-Mobile, offering budget, pre-paid mobile plans. The company began notifying customers on December 22nd via emails titled “Important information regarding your account,” stating that they suffered a security incident and a hacker obtained customer information. 

 

Brushing Scams on Amazon: What They Are and How to Handle Them 

The internet is a place full of fraud, with new schemes popping up every day. One of the strangest frauds that have popped up lately are brushing scams. Imagine this. You come home one day after a long day of work to find a random package from Amazon at your doorstep. You don’t remember ordering anything, so you know there must have been some kind of mix-up. You pick up the package and check the label. Wait— that’s your name right there. And the correct address. Maybe this package is yours. You take the package inside and open it up. It’s a phone charger. And it works for your phone! You didn’t need one, but it’s nice to have! You then continue on with your day, blissfully unaware of the dangers that that free phone charger has potentially brought you. 

 

Insomniac Addresses Ransomware Hack, Marvel’s Wolverine Development Will Continue As Planned 

Earlier this week, ransomware group Rhysida released more than a terabyte of data it illegally obtained by hacking Marvel’s Spider-Man 2 developer, Insomniac Games. The hacked data comprised of more than 1.3 million files, for a total of 1.67 terabytes of data, including information about Marvel’s Wolverine, future Insomniac Games titles, release schedules, private employee information like tax and employment forms, internal studio messages, and more. Insomniac has now publicly addressed the hack in a new statement, stating that development on Marvel’s Wolverine will continue as planned. 

 

Ransomware Leak Site Victims Reached Record-High in November 

After a quieter month in October, ransomware groups seemed to return with a vengeance in November, with the highest number of listed victims ever recorded, according to Corvus Insurance. In a report published on December 18, 2023, Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39.08% increase from October and a 110.43% increase compared with November 2022. 

 

NASA Spearheads Cybersecurity in Space to Secure Global Missions 

NASA has released its comprehensive Space Security Best Practices Guide in an effort to fortify space missions against cyber threats. This is an unprecedented and pioneering initiative that defines a visible shift in the approach of the agency to secure space missions at a time when digital vulnerabilities may jeopardize astronomical operations. Meant for both public and private missions, the new guide demonstrates the proactive stance of NASA in addressing growing cybersecurity concerns in exploring space. 

 

Hackers stole $2 billion in crypto in 2023, data show 

For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms.This year, hackers stole around $2 billion dollars in crypto across dozens of cyberattacks and thefts, according to De.FI, the web3 security firm that runs the Rekt leaderboard. The site ranks the worst-ever crypto hacks, from the breach of the Ronin network in 2022, where hackers stole more than $600 million in crypto in what stands as the largest incident in history, to the hack against Mixin Network this year, which netted the hackers around $200 million.  

Related Posts