AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/13/2024

Europe’s largest caravan club admits wide array of personal data potentially accessed 

The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can’t figure out whether members’ data was stolen. According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the data that definitely wasn’t, but remained firmly on the fence as to whether any theft actually took place. “The cyber security team conducting the forensic investigation cannot confirm that any member data has been accessed, stolen, or is being used in an unauthorized manner,” said Nick Lomas, director general at the CAMC. 


Feds Want to Ban the World’s Cutest Hacking Device. Experts Say It’s a ‘Scapegoat’ 

The government of Canada has its sights set on banning the Flipper Zero, an adorable handheld hacking device that is cherished by security researchers and hobbyist hackers and has gained a sizable following on TikTok. The device is modeled and named after the virtual dolphin from the movie Johnny Mnemonic, and it’s essentially a Tamagotchi you can use to hack stuff. Flipper can scan radio frequencies and clone key fobs, control infrared-based devices, and is generally a kind of Swiss Army knife for security researchers, who actually use it to improve device security. It’s also used by hobbyists who like playing around with computers,  and more generally it’s just really adorable. But there’s a lot of misinformation floating around about its capabilities due to bombastic—and often staged—videos on TikTok and other social media platforms. 


Account Takeover Campaign Hits Execs in Microsoft Azure 

A still-active phishing campaign using individualized phishing lures is targeting senior corporate accounts in Microsoft Azure environments, said researchers from Proofpoint. The campaign, which may be financially motivated, frequently targets sales directors, account managers and finance managers as well as individuals with titles such as “vice president, operations” or “president & CEO,” Proofpoint said in a Monday blog post. 


Identity Theft: Preventing, Detecting, and Responding 

In today’s digital age, your personal information is more valuable than ever. Unfortunately, this also makes it a prime target for identity theft. Understanding this threat, detecting it, and knowing how to protect yourself are essential elements in safeguarding your online digital life. Identity theft occurs when someone unlawfully obtains your personal information – your name, identification numbers like your Social Security or passport number, or credit card details, for example – to commit fraud or other crimes. 


FCC orders telecom carriers to report PII data breaches within 30 days 

Starting March 13th, telecommunications companies must report data breaches impacting customers’ personally identifiable information within 30 days, as required by FCC’s updated data breach reporting requirements. FCC’s final rule follows several proposals published in January 2024, one year earlier in January 2023, and first circulated in January 2022, focused on modernizing the commission’s breach notification rules so that telecom carriers have to notify customers of security breaches as fast as possible. The updated data breach reporting rules aim to ensure that “providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised.” 


Bank of America warns customers of data breach after vendor hack 

Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year. Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals’ names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas. Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries. 

Related Posts