Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/20/2019

Documents reveal how Russia taps phone companies for surveillance

In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country’s largest phone and internet companies. These boxes, some the size of a washing machine, house equipment that gives the Russian security services access to the calls and messages of millions of citizens. This government surveillance system remains largely shrouded in secrecy, even though phone and web companies operating in Russia are forced by law to install these large devices on their networks.



The Financial Services Information Sharing and Analysis Center (FS-ISAC) and Europol’s European Cybercrime Centre (EC3) today announced a partnership to combat cybercrime within the European financial services sector. The purpose of the MOU will be to facilitate and enhance the law enforcement response to financially motivated cybercriminals targeting banks and other financial institutions through a symbiotic intelligence-sharing network.


Patch now: 1,300 Harbor cloud registries open to attack

A critical vulnerability has been found in a popular open source cloud system that can permit attackers to take over registries by giving themselves administrative rights. On Wednesday, researchers from Palo Alto Networks’ Unit 42 said the bug was uncovered during the analysis of projects connected to the Cloud Native Computing Foundation (CNCF). The vulnerable software is Harbor, open source cloud registry software for storing, signing, and scanning container images for security issues. The software is compatible with Docker Hub, Docker Registry, and Google Container Registry, among others. 


IRS Emails Promise a Refund But Deliver Botnet Recruitment

U.S. taxpayers are being offered fake refunds in the latest wave of phishing emails, which ultimately deliver an payload that adds the target machine to the multifunctional Amadey botnet. Amadey is a relatively new botnet, first noted late in Q1 of 2019, according to Milo Salvia, security researcher at Cofense, writing in an analysis this week. He added that “threat groups like TA505 [the organized crime gang] have been known to leverage the Amadey botnet as recently as July 2019 to deliver secondary malware like FlawedAmmy RAT and email stealers.”


Crypto-mining malware saw new life over the summer as Monero value tripled

Malware that mines cryptocurrency has made a comeback over the summer, with an increased number of campaigns being discovered and documented by cyber-security firms. The primary reason for this sudden resurgence is the general revival of the cryptocurrency market, which saw trading prices recover after a spectacular crash in late 2018. Monero, the cryptocurrency of choice of most crypto-mining malware operations, was one of the many cryptocurrencies that were impacted by this market slump. The currency also referred to as XMR, has gone down from an exchange rate that orbited around $300 – $400 in late 2017 to a meager $40 – $50 at the end of 2018.


The FBI Tried to Plant a Backdoor in an Encrypted Phone Network

The FBI tried to force the owner of an encrypted phone company to put a backdoor in his devices, Motherboard has learned. The company involved is Phantom Secure, a firm that sold privacy-focused BlackBerry phones and which ended up catering heavily to the criminal market, including members of the Sinaloa drug cartel, formerly run by Joaquín “El Chapo” Guzmán.


International students in UK targeted by visa scammers

A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years. The scam works by presenting a threat to students’ immigration status and uses various techniques to extract sizable payments from the victims. In the worst cases, it also embroils them in money mule scamsand that’s a bad result for the students. Many of these attacks target specific regions in the UK with a high density of overseas students, and because all manner of immigration-related statistics are published regularly in the UK, it’s an open-source goldmine for people wishing to create a list of targets.


Twitter expands its “hide reply” test to the US and Japan

It’s no secret that Twitter has a trolling problem, and one that the site has let spiral out of control. The difficulty Twitter has had in the past is balancing its free speech philosophy against moderation rules that are actually effective. One early experiment has, according to the site, seen encouraging enough results to expand further. Earlier this year, Twitter allowed users to hide replies to their tweets in a test in Canada, and now the feature has rolled out to the USA and Japan.

Related Posts