AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/14/2024

Meta says risk of account theft after phone number recycling isn’t its problem to solve

Meta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t qualify for its bug bounty program and is a matter for telecom companies to sort out. The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period – at least 45 days in the US. That can become a problem because many online services require a phone number to identify users and/or send one-time passwords for two-factor authentication. Users who abandon a number, and forget to update their new number, are therefore at risk of malicious account reset attempts by whoever gets access to their old numbers. Account takeovers are a common consequence.


US offers $10 million reward for info on Hive ransomware gang members

The U.S. State Department announced a $10 million reward for information leading to the identification or location of key members of the Hive ransomware gang. The gang’s operations were disrupted by the FBI almost exactly one year ago, shutting the ransomware group’s infrastructure after a seven-month operation. On Thursday, the State Department said that in addition to the $10 million for information on those holding key leadership positions in the gang, they are offering $5 million “for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in Hive ransomware activity.”


200,000 Facebook Marketplace user records leaked on hacking forum

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. BleepingComputer verified some of the leaked data by matching the email addresses and phone numbers on random records within the sample data shared by IntelBroker, the threat actor who leaked the data online.


DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Shortcut Files (.URL). “In this attack chain, the threat actor leveraged CVE-2024-21412 to bypass Microsoft Defender SmartScreen and infect victims with the DarkMe malware,” the cybersecurity firm said in a Tuesday report.


‘World’s biggest casino’ app exposed customers’ personal data

The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings. The app is developed by a Nevada software startup called Dexiga.

Related Posts