AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/13/2020

Scrabble fans slam ‘sparkly abomination’ new app

Scrabble Go, a new game which will replace the existing official Scrabble mobile app made by Electronic Arts (EA) has sparked hundreds of complaints. Its vivid colours, treasure-style rewards and in-app purchase model has angered long-time players. The EA game will be discontinued on 5 June because the official franchise is now owned by games firm Scopely. Scrabble Go was launched on 5 March and had been downloaded more than 10 million times by the end of April. At that time, it had 2.5 million daily players, who spent an average of 100 minutes of game time, Reuters reported. It has a four-star rating on the Google Play store, but also hundreds of recent negative comments, with many complaining that the design is too distracting.


Hackers’ private chats leaked in stolen WeLeakData database

Ironically, the database for the defunct hacker forum and data breach marketplace called WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site. WeLeakData.com was a hacker forum and marketplace that primarily focused on discussing, trading, and selling databases stolen during data breaches and combolists that are used in credential stuffing attacks. At the end of April, WeLeakData.com mysteriously shut down, and rumors began circulating that the operator may have been arrested and that the forum database had been stolen or sold to another member.


Slack now strips location data from uploaded images

Slack  has started to strip uploaded photos of their metadata. What may seem like an inconsequential change to how the tech giant handles storing files on its servers, it will make it far more difficult to trace photos back to their original owners. Almost every digital file — from documents on your computer to photos taken on your phone — contains metadata. That’s data about the file itself, such as how big the file is, when it was created, and by whom. Photos and videos often include the precise coordinates of where they were taken. But that can be a problem for higher-risk Slack users, like journalists and activists, who have to take greater security precautions to keep their sources safe. 


Hackers sell stolen user data from HomeChef, ChatBooks, and Chronicle

Three more high-profile databases are being offered for sale by the same group claiming the Tokopedia and Unacademy breaches, and the more recently reported theft of Microsoft’s private GitHub repositories. Going by the name Shiny Hunters, the group is now selling user records from meal kit delivery service HomeChef, from photo print service ChatBooks, and Chronicle.com, a news source for higher education. Together, the three databases count user records and passwords from 26 million accounts. The ask prices are between $1,500 and $2,500. In a conversation with BleepingComputer, the hackers said that they have more databases from other breached websites. They plan on selling them in the near future.


FBI, DHS to go public with suspected North Korean hacking tools

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned. Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors. The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government.

Related Posts