This week in Infosec we revisit Fyodor’s gift to the infosec community Rant of the week is bad for the UK, but would be a welcome excuse in the USA to exercise your freedoms, Billy Big Balls is written in perfect English this week, Industry News brings us the latest and greatest security news stories from the around the world And Tweet of the Week is about stalkerware which refreshingly does not pretend to be anything else
This Week in InfoSec
With content liberated from the “today in infosec” twitter account
1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.
http://phrack.org/issues/51/11.html
https://twitter.com/todayininfosec/status/1300864278497558528
31st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.
https://mashable.com/archive/celebrity-nude-photo-hack
https://twitter.com/todayininfosec/status/1300537361676283905
Rant of the Week
Guntrader site hacked and plotted onto Google Maps
Billy Big Balls of the Week
Scam artists are recruiting English speakers for business email campaigns
According to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam.
If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud.
"Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.
In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000.
"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money."
Industry News
Bangkok Airways Admits Attackers Stole Passenger Data
Microsoft Cloud Databases Exposed
UK Government Considers New Regulations for Video Streaming Platforms
Indonesians Told to Delete Unsecured Tracing App
Victim of Cyber-Theft Sues Parents of Alleged Culprits
Australian Couple Admits “Serious Cyber Hacking Offenses”
WhatsApp Fined a Record €225m for GDPR Violations
Sacked Employee Deletes 21GB of Credit Union Files
UK Researchers Invent Device to Thwart USB Malware
Tweet of the Week
https://twitter.com/JackRhysider/status/1433097343692324864
https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/
"The Box" © Charlie Langford