Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/21/2020

REvil Ransomware found buyer for Trump data, now targeting Madonna

The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna. The hackers breached the network of Grubman Shire Meiselas & Sacks (GSMLaw), a law firm representing a huge number of A-list celebrities, stealing everything they considered of value before encrypting the data. After unfruitful negotiations with the law firm, REvil, published an archive “with the most harmless information” on Donald Trump, a collection of more than 160 emails.

 

Cell-tower attacks by those who claim 5G spreads COVID-19 reportedly hit US

The Department of Homeland Security is reportedly issuing alerts to wireless telecom providers and law enforcement agencies about potential attacks on cell towers and telecommunications workers by 5G/coronavirus conspiracy theorists. The DHS warned that there have already been “arson and physical attacks against cell towers in several US states.” The preposterous claim that 5G can spread the coronavirus, either by suppressing the immune system or by directly transmitting the virus over radio waves, led to dozens of tower burnings in the UK and mainland Europe. Now, the DHS “is preparing to advise the US telecom industry on steps it can take to prevent attacks on 5G cell towers following a rash of incidents in Western Europe fueled by the false claim that the technology spreads the pathogen causing COVID-19,” The Washington Post reported last week.

 

Your Equifax settlement $125 isn’t coming, but banks get their $5.5M

Back in 2017, Equifax infamously suffered a data breach that exposed devastating levels of personal and financial information of about 147 million Americans. Its punishment was a $575 million settlement with the Federal Trade Commission and a pinkie promise to go forth and sin no more. Individual consumers who were wronged were supposed to be able to claim $125 each from the settlement—until, that is, the FTC and Equifax remembered the wronged were still 144 million strong and the settlement fund didn’t have enough cash. Even so, though, individuals should be getting something—so where is it?

 

Chrome 83 adds DNS-over-HTTPS support and privacy tweaks

After delays to Chrome version 81 in March, and the scrapping of version 82 a month later, this week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned. As browser updates go, it’s a lot to take in although some of them are more tweaks to existing features than anything radically new. It’s hard to pick out a single big feature, although for some it will be upgraded support for DNS-over-HTTPS (DoH), a privacy technology that makes it much harder for third parties (ISPs, the Government, malevolent parties) to see which web domains someone is visiting. See our previous coverage for more explanation of the benefits of DoH (and forthcoming support for it in Windows 10) but be aware that Google still doesn’t make using this as easy as it should be.

 

Apple and Google roll out their new exposure notification tool. Interest seems limited.

The Apple-Google exposure notification tool, announced on April 10, is one step closer to being launched. The two companies released software that will help public health authorities build apps that incorporate their exposure notification tool. Apple, specifically, rolled out a software update to iOS devices that some users could download immediately. This big public unveiling raises a couple very important questions: Will any government agencies actually build those apps? And will anybody use them?

Related Posts