AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/8/2020

‘Dramatic Rise’ in Scam Websites Mimicking Online Streaming Services

The meteoric rise in new signups to streaming services such as Netflix and Disney+ in recent weeks has given opportunistic scammers the chance to take advantage of the situation. This is evidenced by new research by the cybersecurity firm Mimecast, which revealed that some 700 scam websites have popped up on the internet between April 6 and 13, designed with the sole purpose of stealing personal data by pretending to offer online streaming.  The rise in scam websites comes at a time when Netflix predicts that it will add seven million new customers to its streaming service in the first quarter of 2020, and when Disney+ began its expansion into Europe. According to Mimecast, the increased number of scam websites leaves internet users particularly vulnerable to falling victim to online deceit, because the data harvested includes names addresses and other information that can lead to their financial loss.

 

Microsoft’s GitHub account allegedly hacked, 500GB stolen

A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned. This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories. The individual told us that they then downloaded 500GB of private projects and initially planned on selling it, but has now decided to leak it for free.

 

ART Museum lets you hang famous paintings on your wall during lockdown

Bring masterpieces from some of the world’s top museums into your own home using the power of augmented reality (AR). With [AR]T Museum, you can experience your favorite artworks from the comfort of your own home! “In light of the COVID-19 pandemic and the widespread closures of museums across the world, the necessity of creating an alternative, remote way to experience art and culture has never been greater,” said Brendan Ciecko, CEO & Founder of Cuseum. “In these unprecedented times, we’re helping people across the globe feel connected with works that bring them joy and inspiration. Just imagine experiencing your favorite artwork from the comfort of your own living room – we’re excited to make this a reality.”

 

‘Vaccines’ Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web

Fraudsters are attempting to sell fake vaccines allegedly manufactured using the blood of patients who have recovered from COVID-19. The nonsense vaccines were among a crock of utter dog wings spotted for sale on the dark web by researchers from the Australian National University’s Cybercrime Observatory. Researchers were trawling dark net markets for coronavirus-related medical products and supplies for a report released April 30 by the Australian Institute of Criminology. A survey of 20 underground markets turned up 645 listings of 222 items from 110 unique vendors across 12 sites. The total estimated value of all the items was $369,000.  While scientists around the world strive to create a proven vaccine for COVID-19, the dark net claims to have plenty available. Of the 645 items found by researchers, 6% were products falsely claiming to be effective vaccines against the deadly virus. 

 

Zoom Acquires Keybase and Announces Goal of Developing the Most Broadly Used Enterprise End-to-End Encryption Offering

We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability. This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses. Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. Keybase’s experienced team will be a critical part of this mission.

 

Coronavirus: Google ends plans for smart city in Toronto

Google’s sister firm Sidewalk Labs has scrapped a plan to build a smart city in Canada, citing complications caused by the Covid-19 pandemic. For several years it had pursued ambitions to build a digital-first city in Toronto “from the internet up”. Chief executive Dan Doctoroff blamed “unprecedented economic uncertainty” for abandoning the plan. The project had proved controversial and Sidewalk Labs had already been forced to scale back its ambitions. In a blog post, Mr Doctoroff said: “As unprecedented economic uncertainty has set in around the world, and in the Toronto real estate market, it has become too difficult to make the 12-acre project financially viable without sacrificing core parts of the plan we had developed together with Waterfront Toronto to build a truly inclusive, sustainable community.

 

Why a small Facebook bug wreaked havoc on some of the most popular iOS apps

Sometime around 6:30PM ET on May 6th, popular iOS apps from major companies like DoorDash, Spotify, TikTok, and Venmo suddenly starting crashing. The culprit didn’t remain a mystery for long. Developers on Twitter and GitHub quickly discovered the cause to be an issue with the software development kit (SDK) from Facebook, which is interwoven into the operation of countless mobile apps from companies large and small. The problem, while resolved rather quickly by Facebook, illustrates the scope of the social network’s platform and how even minor issues can have major ripple effects throughout the mobile software industry.

 

Health APIs usher in the patient revolution we have been waiting for

If you’ve ever been stuck using a health provider’s clunky online patient portal or had to make multiple calls to transfer medical records, you know how difficult it is to access your health data. In an era when control over personal data is more important than ever before, the healthcare industry has notably lagged behind — but that’s about to change. This past month, the U.S. Department of Health and Human Services (HHS) published two final rules around patient data access and interoperability that will require providers and payers to create APIs that can be used by third-party applications to let patients access their health data. This means you will soon have consumer apps that will plug into your clinic’s health records and make them viewable to you on your smartphone.

Related Posts