AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/21/2020

Seven ‘no log’ VPN providers accused of leaking

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet. This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon. It all came to light this week after Comparitech’s Bob Diachenko spotted 894GB of records in an unsecured Elasticsearch cluster that belonged to UFO VPN. A few days later, on July 5, the data silo was separately discovered by Noam Rotem’s team at VPNmentor, and it became clear the security blunder went well beyond UFO. It appears seven Hong-Kong-based VPN providers – UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all share a common entity, which provides a white-labelled VPN service.


Twitch shuts down the U.S. Army’s recruitment drive disguised as fake giveaways

Did you know the U.S. Army is gaming on Twitch? That’s right, you can watch livestreams of the American military playing their favorite video games. They even promote giveaways where you can win cool gaming prizes if you just fill out some personal information. Big problem, though. The giveaways aren’t real. They’re just military recruitment forms. And Twitch is telling the U.S. Army to stop doing it. “Per our Terms of Service, promotions on Twitch must comply with all applicable laws,” said a Twitch spokesperson in a statement provided to gaming outlet Kotaku. “This promotion did not comply with our Terms, and we have required them to remove it.”



Following allegations from a lawsuit filed against Walmart, authorities have concluded that the company violated the California Consumer Privacy Act, mentioning specialists in a cyber security course. In the lawsuit, the company is accused of causing “significant damage” to its customers after a data breach suffered by the company, although Walmart claims that such an incident never occurred.  The plaintiffs claim that an unidentified group of threat actors managed to access Walmart’s official website to extract user data. The case was filed in the U.S. District Court for Northern California. The lawsuit does not specify when the incident referred to occurred or the amount required by the plaintiffs.


Cloud provider stopped ransomware attack but had to pay ransom demand anyway

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company’s network and threatened to publish it online. The incident took place in May 2020, the company revealed in a press release on Thursday. Blackbaud said hackers breached its network and attempted to install ransomware in order to lock the company’s customers out of their data and servers.


McCarthy bill would sanction virus vaccine hackers

House Republican Leader Kevin McCarthy will introduce a bill Tuesday that would sanction foreign hackers attempting to steal U.S. research into coronavirus vaccine development, according to a copy of the bill obtained by Axios. The Defend COVID Research from Hackers Act comes after China, Iran and Russia have been accused of deploying military and intelligence hackers to steal information about other countries’ vaccine research and development. It also comes as the global race to develop a coronavirus vaccine is escalating, with the U.K. announcing today that a vaccine from Oxford University and AstraZeneca is showing promising results.


FBI warns cyber criminals are spoofing airport websites and Wi-Fi

The FBI is warning the community to beware of cyber actors who are creating fake website domains to spoof U.S.-based airport websites. On Wednesday, Cyber Supervisory Special Agent Conal Whetten spoke to the press about the risks these crimes pose for airports, travelers, and the aviation industry as a whole. According to Whetten, website domain spoofing is the act of creating a fake website with the intent to mislead users by assuming the identity of a legitimate group or organization, like a popular social media site or online retailer. “They do this to steal personal and business data, and U.S. airports are an attractive target for cyber actors because there is a rich environment of business and personal information,” said Whetten. “Cyber actors can capitalize on this sector by creating spoof domains and Wi-Fi networks, which can trick both passengers and airport operators into interacting with malicious websites or emails.”

Related Posts