AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/16/2020

Twitter lost control of its internal systems to Bitcoin-scamming hackers

Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that’s growing increasingly influential. The first signs of compromise occurred around 1 PM California time when hijacked accounts—belonging to Vice President Joe Biden, Elon Musk, Bill Gates, and other people with millions or tens of millions of followers—started pumping out messages that tried to scam people into transferring cryptocurrency to attacker-controlled wallets. In a tweet issued about seven hours after the mass takeover spree began, Twitter officials said the attackers appeared to take control by tricking or otherwise convincing employees to hand over credentials.


This Secret $35 Million FBI Unit Mixes Facial Recognition With Big Data To Investigate America’s Most Horrific Crimes

In the wake of a mass shooting or terror attacks investigators can be left with hours of CCTV footage, video from witnesses, or clips from social media. Take the Boston Marathon bombing in 2013, where the FBI received over 13,000 videos and had 120 analysts probe them all for clues. As it seeks to improve its ability to sift through such abundances of video at major crime scenes, Forbes has learned that a previously-unreported forensics division within the FBI called the Multimedia Exploitation Unit (MXU) has been tasked with this role. It has cost at least $35 million since 2016 and draws on cutting-edge expertise from Mitre Corporation, a non-profit government skunkworks that receives between $1 and $2 billion a year from the U.S. government.


Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen

Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware. We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, which employs more than 16,000 people globally and banks hundreds of millions of dollars a year in sales, does not believe the lifted records have been used for fraud. Collabera could not be reached for comment, though El Reg has seen a copy of the internal memo sent to staff disclosing the details of the leak.


A hacker is selling details of 142 million MGM hotel guests on the dark web

The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.


Wattpad data breach exposes account info for millions of users

An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums. Watthpad is a web site that allows members to publish user-generated stories on a variety of different topics. The site is immensely popular and is ranked as the the 150th most visited site worldwide. Since July 7th, BleepingComputer has been tracking the rumored private sale of a Wattpad database containing over 200 million records. In an anonymous tip, BleepingComputer was told that this database was being sold by Shiny Hunters, a group known for selling company databases acquired in data breaches.


Apple’s digital CarKey feature is now available for your iPhone or Apple Watch

On 15 July, Apple rolled out CarKey as part of the WatchOS 6.2.8 update and iOS 13.6 update. The company first announced the feature at last month’s virtual-only WWDC event. It allows Apple device users to remotely lock, unlock, and start compatible vehicles and works even if their iPhone is dead. CarKey works through the Apple Wallet app on the iPhone or Apple Watch. It even allows users to share keys with up to five friends through iMessage. Users can grant varying levels of access to their friends, and if a user’s device should ever be lost or stolen, their digital keys can easily be disabled through iCloud. The thing is you need a vehicle that actually supports CarKey in order to use the feature. 

Related Posts