AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/26/2024

French police shut down chat website reviled as ‘den of predators’

French law enforcement has shut down the chat website Coco, which authorities said has allowed offenders to coordinate child sexual abuse, rapes, homicides and other serious crimes. As of Tuesday, the website is no longer available and only displays a seizure notice from the French national police. According to a statement by the Paris prosecutor’s office, the investigation into Coco’s operation was initiated in December 2023. France collaborated with law enforcement from Bulgaria, Germany, Lithuania, the Netherlands and Hungary.

 

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are more than 300, in quantities at or above a certain threshold. These chemicals could be dangerous if they fell into the wrong hands, and could be used for things like explosives and weapons. Essentially, it’s used to determine which facilities are deemed high risk under Chemical Facility Anti-Terrorism Standards regulations. In normal circumstances, only facility members who have passed the Chemical-terrorism Vulnerability Information training and certification are allowed to access the portal. 

 

Neiman Marcus confirms data breach after Snowflake account hack

Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks. In a data breach notification filed with the Office of the Maine Attorney General, the company says that the breach impacted 64,472 people. “In May 2024, we learned that, between April and May 2024, an unauthorized third party gained access to a database platform used by Neiman Marcus Group. Based on our investigation, the unauthorized third party obtained certain personal information stored in the database platform,” warns Neiman Marcus in a data breach notification.

 

Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan

The FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens. Between February 2023-2024, scammers were kicking US victims while they were already down, preying on their financial vulnerability to defraud them for a second time in what must be seen as a new low, even for that particular breed of dirtball. It’s the latest update from the FBI’s Internet Crime Complaint Center (IC3) on the ongoing issue which was first publicized in August last year.  The Reg heard there was a rise in these fake companies cropping up, which claim to help recover stolen crypto in exchange for fees that would never be returned, but this is the first time IC3 has put a monetary value to the crime.

 

Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. So, you can imagine that everyone was anticipating the end of the countdown that signalled the release of the stolen data with bated breath. However, when that deadline passed and the data was released, people who looked at the data found it did not, in fact, belong to the Federal Reserve but instead to a particular financial organization: Evolve Bank & Trust.

 

Related Posts