Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/7/2020

Smartphone Apps Are Now a Weapon in International Disputes

IN THE IPHONE age, your smartphone home screen can be a geopolitical battleground. Earlier this month, 20 Indian soldiers died in a skirmish with Chinese troops on the countries’ contested Himalayan border. Monday, India struck a blow in the digital realm of its own citizens’ mobile devices. The country’s Ministry of Information Technology banned 59 mobile apps, all Chinese, for allegedly endangering data security and privacy. They include China’s dominant messaging app WeChat and the wildly popular video-sharing service TikTok, owned by Bytedance, which has been downloaded more than 600 million times in India, according to app tracker Sensor Tower. By banning the apps, India adds to a swelling global pushback on China’s technology sector in a way that brings consumers more directly into the conflict.

 

Sodinokibi gang begins dark web celebrity data auctions

The first dark web auction of legal data stolen from a celebrity law firm by the Sodinokibi/REvil cyber crime gang has begun, with a starting price of $600,000 (€528,000/£476,000) for each of three lots of data relating to pop stars Mariah Carey and Nicki Minaj, and basketball player LeBron James.  The ransomware group compromised the systems of New York City-based Grubman, Shire, Meiselas and Sacks in May 2020 and stole data relating to a number of its clients, including Lady Gaga, Madonna and, allegedly, Donald Trump. A previously scheduled auction of data relating to Madonna did not go ahead, although the group did release some material publicly as proof of its intentions. It said this was because it had been auditing the data.

 

Instagram star flaunted lavish lifestyle but was actually conspiring to launder hundreds of millions of dollars, US prosecutors say

A Nigerian man nicknamed “Ray Hushpuppi” who flaunted his Rolls Royces, fancy watches and designer clothing on Instagram faces money laundering conspiracy charges in the United States, according to the Department of Justice. Ramon Olorunwa Abbas appeared in a federal court in Chicago on Friday. He is accused of conspiring to launder hundreds of millions of dollars through cybercrime schemes. According to a federal affidavit, one of the alleged victims was the client of a New York-based law firm that lost nearly a million dollars in 2019. Abbas was arrested last month by law enforcement officials in the United Arab Emirates and transferred to the US this week by the FBI. Prosecutors allege Abbas is one of the leaders of a global network that uses computer intrusions, business email compromise (BEC) schemes and money laundering capers to steal hundreds of millions of dollars.

 

Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn

A former Yahoo engineer was sentenced to five years of probation and home confinement for hacking into the personal accounts of more than 6,000 Yahoo Mail users to search for sexually explicit images and videos. Reyes Daniel Ruiz, 34, of Tracy, California, will only be allowed to leave his home for work, religious activities, medical appointments, or court-related obligations. The judge also ordered Ruiz to pay a $5,000 fine and $118,456 in restitution to Yahoo (now Oath), according to court documents obtained by ZDNet. Ruiz committed his crimes while working at Yahoo as a reliability engineer and in other roles between 2009 and July 2019.

 

Home router warning: They’re riddled with known flaws and run ancient, unpatched Linux

Germany’s Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling. The FKIE study found that 46 routers hadn’t got a single security update within the past year and that many routers are affected by hundreds of known vulnerabilities. It also found that vendors are shipping firmware updates without fixing known vulnerabilities, meaning that even if a consumer installs the latest firmware from a vendor, the router would still be vulnerable. FKIE assessed that ASUS and Netgear do a better job on some aspects of securing routers than D-Link, Linksys, TP-Link and Zyxel, but it argues the industry needs to do more to secure home routers. 

Related Posts