AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/11/2024

Predator spyware operation is back with a new infrastructure

Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium. In March 2024, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans. The surveillance software was also used to spy on U.S. government officials, journalists, and policy experts. The Department of the Treasury warns that the proliferation of commercial spyware poses growing risks to the United States. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. 

 

Ford seeks patent for tech that listens to driver conversations to serve ads

Ford Motor Company is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car’s historical location and other data, according to a patent application published late last month. “In one example, the controller may monitor user dialogue to detect when individuals are in a conversation,” the patent application says. “The conversations can be parsed for keywords or phrases that may indicate where the occupants are traveling to.”

 

Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says

The FBI just dropped its annual report examining the costs of crypto-related cybercrime, painting a predictably grim picture as total losses in the US exceeded $5.6 billion in 2023 – a 45 percent year-on-year increase. More than 69,000 complaints were made to the Feds’ Internet Crime Complaint Center (IC3) last year, with the bulk of these coming from those aged 60 and over, highlighting just how vulnerable the older generations are to internet scams. The conventional wisdom is that opportunistic criminals love to target older, sometimes tech-illiterate folk who barely know their way around their PC in (sometimes brutal) attempts to fleece them of their assets.

 

Data Breach at Golf Course Management Firm KemperSports Impacts 62,000

Golf course management and hospitality company Kemper Sports Management this week disclosed a data breach impacting the personal information of tens of thousands of individuals. The firm told the Maine Attorney General’s Office that it became aware of suspicious activity on its network on April 1, 2024. An investigation revealed that as part of a cyberattack a threat actor had gained access to systems storing personal information, including names and Social Security numbers. KemperSports told the AG that more than 62,000 individuals were impacted by the data breach. A notification letter sent out to impacted people indicates that the compromised data was “primarily related to certain current and former employees”.

 

Developers Under Attack Via Fake Recruiter Coding Tests

Developers are increasingly being targeted by sophisticated cybercriminals posing as recruiters. These attackers use fake coding tests to deliver malware, exploiting the trust and eagerness of job seekers. This article delves into the mechanics of these attacks, the methods used by threat actors, and the steps developers can take to protect themselves. Cybercriminals have devised a cunning strategy to infiltrate developers’ systems by masquerading as recruiters from reputable companies. They reach out to potential victims via professional networking platforms like LinkedIn, offering enticing job opportunities.

Related Posts