AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/4/2020

Ransomware gang says it breached one of NASA’s IT contractors

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA’s IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to the company’s press releases, DMI’s customer list includes several Fortune 100 companies and many government agencies, among them NASA [1, 2]. The thing that appears to be clear is that they got their hands on NASA-related files, suggesting they breached DMI’s NASA-related infrastructure.

Zoom won’t add encryption to free calls so it can work with law enforcement

Zoom’s decision not to fully encrypt free users’ calls keeps the door open for law enforcement cooperation, CEO Eric Yuan told analysts in a Tuesday conference call, as previously reported by Bloomberg. “Free user, for sure, we don’t want to give that because we also want to work together with FBI, with local law enforcement, in case some people use Zoom for a bad purpose,” Yuan said. End-to-end encryption, which the videoconferencing company is currently working on, will be only enabled on paid accounts because the “vast majority of harm comes from self-service users with fake identities,” Zoom security consultant Alex Stamos noted in a tweet on Tuesday.

Office 365 phishing baits remote workers with fake VPN configs

Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home. The phishing emails impersonating VPN configuration update requests sent by their company’s IT support department have so far landed in the inboxes of up to 15,000 targets according to stats from researchers at email security company Abnormal Security. These phishing messages are a lot more dangerous because of the huge influx of employees working remotely and using VPNs to connect to company resources from home for sharing documents with their colleagues and accessing their orgs’ servers.

5 Ways to Clean Up Our Digital Lives

Spring has always been synonymous with cleaning — warmer weather and longer days work as a stimulant encouraging people to become more active. After months of cooler climates and — more recently, shelter-in-place — there’s no time like the present to tend to those over-cluttered closets, garages, basements, etc. This spring is also a particularly good time to spruce up our digital resources. The pandemic has kept us all indoors longer than usual, and the technology that’s been serving as our lifeline to the world outside could use some attention. After dealing with the junk and the dirt, doing a quick scrub of our accounts and devices can help us operate more efficiently and do a better job protecting ourselves from hacks. Here are five ways to clean up our digital lives. 

iPhone looters find devices disabled, with a warning they’re being tracked

Along with other retailers big and small, Apple Stores have been subject to looting by opportunists amid the ongoing protests around the United States. In response, Apple has again closed all of its stores in the US. Stores had only recently reopened after closures related to the COVID-19 pandemic. But looters who brought stolen iPhones home, or people who end up buying those phones in person-to-person transactions, are in for what may be a surprise: it appears that the stolen iPhones don’t work and may even be tracked by Apple or authorities. This could pose a challenge for regular consumers who buy second-hand iPhones—as well as repair shops—in the coming weeks and months.

Hackers Target California University Leading Covid-19 Research

A group of hackers with a history of targeting healthcare organizations executed a successful ransomware attack this week on the University of California, San Francisco. UCSF confirmed it was the target of an “illegal intrusion” but declined to explain which portion of its IT network may have been compromised. Researchers at the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments, including a recent study on anti-malarial drugs touted by President Donald Trump as a possible remedy, then refuted by scientists.

Related Posts