AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/1/2020

Michigan Man Charged With COVID-19-Related Wire Fraud Scheme

The United States Attorney’s Office for the Northern District of California unsealed charges today in a criminal complaint charging Rodney L. Stevenson II with wire fraud for his operation of an e-commerce website that allegedly scammed customers into paying for N95 masks that they never received. “Hospitals, healthcare providers and everyday people are understandably anxious to obtain N95 masks, N99 filters and other PPE,” said U.S. Attorney Anderson.  “The criminal element is always ready to prey on fear and uncertainty, and it is all too easy to lie over the internet.  While sheltering in place, Americans are shopping on the internet like never before.  The complaint alleges a consumer’s nightmare of fake webpages and false promises.”


ICANN votes down controversial .org sale proposal

The organization that oversees internet domain names has rejected a proposal to transfer management of the .org top-level domain from a nonprofit to a private equity group. ICANN said it wouldn’t approve the sale of .org operator Public Interest Registry because it would create “unacceptable uncertainty” for the domain, citing concerns about debt and the intentions of the for-profit firm Ethos Capital. In a blog post, ICANN’s board said the sale would have given up the current focus of PIR in favor of “an entity that is bound to serve the interests of its corporate stakeholders, and which has no meaningful plan to protect or serve the .org community.” It also noted that the sale would leave PIR with a $360 million debt that could destabilize its operation in the future.


How to Unlock Your iPhone Even Faster While Wearing a Face Mask

If you don’t have an iPhone SE, or any other older iPhone that still uses Touch ID—such as the iPhone 8—you’ve probably noticed that wearing a face mask really messes up Face ID. Well, going forward, that’s still going to be the case. Apple isn’t installing out some special workaround that recognizes your face and authenticates you into your device if you’re wearing a mask, alas. However, iOS 13.5 simplifies the process by skipping right to the passcode option if your phone detects you’re wearing a mask. You’ll still have to do a bit of tapping on your device to get in, but it’s a lot faster than waiting for Face ID to first run its scan. There’s nothing you need to do to enable this feature; it just works by default.


The Morning After: USB 4 is ready for 8K monitors

The only things that are unavoidable are death, taxes and new versions of USB. We barely knew USB 3.2 and now USB 4 is confirmed to support the DisplayPort Alternate Mode 2.0 standard, so it seems likely we’ll be plugging in 8K 60Hz HDR monitors with those USB-C cables someday. If you’re into specs, this is the news you’ve been waiting for. On high-res displays, DisplayPort 2.0 works over USB by remapping the connector’s pins to push data in one direction, turning a 40Gbps bidirectional connection to 80Gbps. Between DisplayPort and Thunderbolt support, it looks like USB is on its way to becoming the universal standard it’s always promised. Is anyone ready for this?


Investors sue LabCorp over security failures in light of data breach, ransomware attack

Investors have filed a lawsuit against LabCorp, claiming that the company’s board failed to address security problems that led to financial losses. As reported by Bloomberg Law, LabCorp’s chief executive, chief information officer, and chief financial officer are specifically named in the Delaware court case, which accuses them of ignoring “persistently deficient cybersecurity measures” that led to a data breach and malware infection. According to the lawsuit, failing to address these problems has impacted investors and resulted in financial losses due to share price changes, and therefore, damages are sought. 


Sophisticated Phishing Kit Used by Multiple Groups to Target Executives

A sophisticated phishing kit has been used by multiple cybercrime groups to target high-ranking employees in North America and other parts of the world, and researchers believe there are at least 150 victims. The campaign has been analyzed by cybersecurity company Group-IB, which tracks the operation as PerSwaysion due to its abuse of the Microsoft Sway presentation application. Some of the PerSwaysion attacks were previously detailed by Avanan, a company that provides security solutions for email and collaboration tools. According to Group-IB, the PerSwaysion campaign has been active since at least mid-2019, and the first peak was observed in September. Attacks ramped up again in late December 2019.

Related Posts