AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/21/2024

FBI takes control of notorious BreachForums cybercrime website

BreachForums, one of the most popular clearnet forums for sharing stolen data, malware, and other warez, is thought to have been shutdown by the Federal Bureau of Investigation (FBI), with its backend seized, and one of its key operators allegedly arrested. As reported by BleepingComputer, clearnet (publicly accessible internet) domains belonging to BreachForums were, as of Wednesday evening, displaying the usual message from the FBI, stating the website was now under the control of law enforcement.

Commission opens formal proceedings against Meta under the Digital Services Act related to the protection of minors on Facebook and Instagram

Today, the Commission has opened formal proceedings to assess whether Meta, the provider of Facebook and Instagram, may have breached the Digital Services Act (DSA) in areas linked to the protection of minors. The Commission is concerned that the systems of both Facebook and Instagram, including their algorithms, may stimulate behavioural addictions in children, as well as create so-called ‘rabbit-hole effects’. In addition, the Commission is also concerned about age-assurance and verification methods put in place by Meta. Today’s opening of proceedings is based on a preliminary analysis of the risk assessment report sent by Meta in September 2023, Meta’s replies to the Commission’s formal requests for information (on the protection of minors and the methodology of the risk assessment), publicly available reports as well as the Commission’s own analysis.

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday. The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said.

Nissan North America data breach impacts over 53,000 employees

Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company’s external VPN and shut down systems to receive a ransom. The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees. “As shared during the Nissan Town Hall meeting on December 5, 2023, Nissan learned on November 7, 2023, that it was the victim of a targeted cyberattack. Upon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain, and successfully terminate the threat,” the company said in a notification to impacted individuals.

Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea

The Justice Department unsealed charges, seizures, and other court-authorized actions to disrupt the illicit revenue generation efforts of the Democratic People’s Republic of Korea (DPRK or North Korea). The charges include prosecutions of an Arizona woman, Ukrainian man, and three unidentified foreign nationals who allegedly participated in schemes to place overseas information technology (IT) workers—posing as U.S. citizens and residents—in remote positions at U.S. companies.  As alleged in the court documents, DPRK has dispatched thousands of skilled IT workers around the world, who used stolen or borrowed U.S. persons’ identities to pose as domestic workers, infiltrate domestic companies’ networks, and raise revenue for North Korea. The schemes described in court documents involved defrauding over 300 U.S. companies using U.S. payment platforms and online job site accounts, proxy computers located in the United States, and witting and unwitting U.S. persons and entities. This announcement includes the largest case ever charged by the Justice Department involving this type of IT workers’ scheme.

How I upgraded my water heater and discovered how bad smart home security can be

The hot water took too long to come out of the tap. That is what I was trying to solve. I did not intend to discover that, for a while there, water heaters like mine may have been open to anybody. That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly. That’s just how it happened. Let’s take a step back. My wife and I moved into a new home last year. It had a Rinnai tankless water heater tucked into a utility closet in the garage. The builder and home inspector didn’t say much about it, just to run a yearly cleaning cycle on it. Because it doesn’t keep a big tank of water heated and ready to be delivered to any house tap, tankless water heaters save energy—up to 34 percent, according to the Department of Energy. But they’re also, by default, slower. Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it’s needed.

Slack under attack over sneaky AI training policy

On the heels of ongoing issues around how big tech is appropriating data from individuals and businesses in the training of AI services, a storm is brewing among Slack users upset over how the Salesforce-owned chat platform is charging ahead with its AI vision. The company, like many others, is tapping its own user data to train some of its new AI services. But, it turns out that if you don’t want Slack to use your data, you have to email the company to opt out. And the terms of that engagement are tucked away in what appears to be an out-of-date, confusing privacy policy that no one was paying attention to. That was the case with Slack, until a miffed person posted about them on a community site hugely popular with developers, and then that post went viral…which is what happened here.

SEC: Financial orgs have 30 days to send data breach notifications

The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to consumers. These rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against anticipated threats. The new amendments adopted earlier this week impact financial firms, such as broker-dealers (funding portals included), investment firms, registered investment advisers, and transfer agents.

American Radio Relay League cyberattack takes Logbook of the World offline

The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. ARRL is the national association for amateur radio in the United States, representing amateur radio interests to government regulatory bodies, providing technical advice, and promoting events and educational programs for enthusiasts around the country. On Thursday, the ARRL announced that it suffered a cyberattack that disrupted its network and systems, including various online services hosted by the organization.

Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices. The tech giant published a sharp statement Monday warning of “long-standing risk to public-sector organizations using the same vendor for operating systems, email, office software, and security tooling” and called on the government to mitigate risks from a Microsoft-centric monoculture. “This approach raises the risk of a single breach undermining an entire ecosystem,” Google said of Microsoft’s dominant market share in government, enterprise and consumer ecosystems.

Related Posts