AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/27/2024

Microsoft to shut down 50 cloud services for Russian businesses

Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news of these impending suspensions was first reported by the Softline Group of Companies, one of Russia’s largest remaining IT service providers.


The Not-so-True People-Search Network from China

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Responding to a reader inquiry concerning the trustworthiness of a site called TruePeopleSearch[.]net, KrebsOnSecurity began poking around. The site offers to sell reports containing photos, police records, background checks, civil judgments, contact information “and much more!” According to LinkedIn and numerous profiles on websites that accept paid article submissions, the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Ariz.


UN Says North Korea Steals Billions In Crypto To Fund Doomsday Weapons

The United Nations (UN) Security Council has disclosed findings from an investigation into North Korea’s sanction evasion tactics, revealing a significant portion of the country’s foreign currency earnings — approximately 50% — stem from cyberattacks on cryptocurrency-related firms. These cyber operations have inflicted an estimated $3 billion in damages, spotlighting the regime’s reliance on digital theft as a major revenue source. From July 2023 to January 2024, a panel of experts delved into North Korea’s adherence to international sanctions, uncovering sophisticated strategies to bypass these restrictions.


Police Bust Multimillion-Dollar Holiday Fraud Gang

Police in Romania and Spain have struck a blow against a sophisticated cyber-fraud gang that tricked victims out of millions of dollars through fake ads and business email compromise (BEC) scams. Law enforcement authorities conducted 22 house searches in Sibiu and Vâlcea, Romania, where the gang was located – although it had operations internationally, including in Spain. They seized over €174,000 ($188,000) and 41,000 Romanian leus ($8000) in cash, 55g of gold, electronic devices including 135 mobile phones, 29 laptops, five tablets, 23 memory sticks, and 326 SIM cards, among other items.


GitHub Developers Hit in Complex Supply Chain Cyberattack

An unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization as well as individual developers in order to inject malicious code into the code ecosystem. The attackers infiltrated trusted software development elements to compromise developers. They hijacked GitHub accounts with stolen cookies, contributed malicious code via verified commits, established a counterfeit Python mirror, and released tainted packages on the PyPi registry.


Apple, Meta, and Google targeted by EU in DMA non-compliance investigations

The European Commission is opening five non-compliance investigations into how Apple, Google, and Meta are complying with its new Digital Markets Act antitrust rules, the regulator announced today. “We suspect that the suggested solutions put forward by the three companies do not fully comply with the DMA,” the EU’s antitrust chief Margrethe Vestager said in a statement. “We will now investigate the companies’ compliance with the DMA, to ensure open and contestable digital markets in Europe.”

Related Posts