AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/9/2024

Colombia’s Petro calls for investigation into Pegasus software purchase

Colombia’s President Gustavo Petro on Wednesday asked the attorney general’s office to investigate the $11 million purchase of Pegasus spy software, which he said could have been used to spy on opposition politicians during the previous administration. Spyware technology, including Pegasus, has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

 

Musician charged with $10M streaming royalties fraud using AI and bots

North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. According to court documents, Smith fraudulently inflated music streams on digital platforms between 2017 and 2024 with the assistance of an unnamed music promoter and the Chief Executive Officer of an AI music company. He acquired hundreds of thousands of songs generated through artificial intelligence (AI) from a coconspirator and uploaded them to these streaming platforms. He then used automated bots to stream the AI-generated tracks billions of times.

 

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords

Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. The operation, discovered by Veriti Research, constitutes a characteristic example of the blurred lines between being a predator or prey in the world of cybercrime, where ironic twists and backstabs are abundant. OnlyFans is an extremely popular subscription-based adult content platform where creators can earn money from users (referred to as “fans”) who pay for access to their content.

 

Car rental giant Avis discloses data breach impacting customers

American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted customers on Wednesday and filed with California’s Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5.

 

White House’s new fix for cyber job gaps: Serve the nation in infosec

The White House has unveiled a new strategy to fill some of the hundreds of thousands of critical cybersecurity vacancies across the US: Pitch cyber as a national service. The Office of the National Cyber Director announced its Service for America campaign yesterday, a two-month “sprint” that aims to connect Americans looking for decent careers with work in the cybersecurity industry.  “Throughout our history, generation after generation of Americans have stepped up to meet the challenges of their day,” National Cyber Director Harry Coker Jr wrote in a blog post announcing the campaign. “Today, we face a new challenge and with it a new opportunity to serve: defending cyberspace.”

Related Posts