AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/22/2020

Tech Firms Begin to Abandon Hong Kong Over Security Law

China’s sweeping national security law has forced technology firms to reconsider their presence in Hong Kong. The nimblest among them — the city’s startups — are already moving data and people out or are devising plans to do so. Beijing’s polarizing law, which took effect this month, upended Hong Kong’s tech scene just as it seemed on a path to becoming a regional hub. Entrepreneurs now face a wave of concern from overseas clients and suppliers about the implications of running data and internet services under the law’s new regime of vastly expanded online policing powers. Many are making contingency plans and restructuring their operations away from Hong Kong. Their actions may foreshadow similar decisions from internet giants like Facebook Inc., Alphabet Inc.’s Google and Twitter Inc., all of which confront the same set of uncertainties. 


Mac Cryptocurrency Traders Targeted by Trojanized Apps

Mac users are being targeted by trojanized cryptocurrency trading apps, which once downloaded actually drain victims’ cryptocurrency wallets, researchers warn. The four fake applications in question, Cointrazer, Cupatrade, Licatrade and Trezarus, claim to be rebranded copies of an actual cryptocurrency trading application offering called Kattana. The actors behind the campaign used websites that copy Kattana’s legitimate website to convince unwitting cryptocurrency enthusiasts to download the fake apps. The bogus websites include a download button, with a link to a ZIP archive containing the trojanized application bundle.


US claims two Chinese hackers targeted defense companies, dissidents, and coronavirus research

The US Justice Department has charged two alleged Chinese hackers with stealing trade secrets and other valuable data from companies worldwide, including firms working on COVID-19 treatments and vaccines. Prosecutors claim some of the hacks were carried out on behalf of China’s Ministry of State Security, while others were done for personal profit. The pair are currently wanted by the Federal Bureau of Investigation. Li Xiaoyu (who goes by the handle “Oro01xy”) and Dong Jiazhi have allegedly been active since 2009. The Justice Department says it encountered the hackers after they compromised computers at the Department of Energy’s Hanford Site, which is home to a decommissioned nuclear production facility. In addition to this breach, they’re accused of infiltrating a wide swathe of software, defense, gaming, and biotech companies, often seeking proprietary data. At least one case saw them attempting to extort a company by threatening to publish its source code online.


Crooks have acquired proprietary Diebold software to “jackpot” ATMs

Diebold Nixdorf, which made $3.3 billion from ATM sales and service last year, is warning stores, banks, and other customers of a new hardware-based form of “jackpotting,” the industry term for attacks that thieves use to quickly empty ATMs. The new variation uses a device that runs parts of the company’s proprietary software stack. Attackers then connect the device to the ATM internals and issue commands. Successful attacks can result in a stream of cash, sometimes dispensed as fast as 40 bills every 23 seconds. The devices are attached either by gaining access to a key that unlocks the ATM chassis or by drilling holes or otherwise breaking the physical locks to gain access to the machine internals.


Twitter cracks down on QAnon conspiracy group, including a ban on 7,000 accounts

Twitter just announced an crackdown on QAnon, the far-right wing conspiracy theory movement, by banning 7,000 accounts and taking several specific actions that could prevent the spread of their propaganda from as many as 150,000 more, reports NBC News. The company confirmed the numbers to The Verge. In addition to flagging QAnon-specific content for bans under its existing rules (see embedded Tweets below), Twitter says it will block QAnon-related links from even being shared on Twitter and no longer recommend QAnon-related accounts. It will also no longer promote the accounts in search or conversations and will cease highlighting them as trending topics.

Related Posts