This Week in InfoSec

With content liberated from the “today in infosec” twitter account

1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.

http://phrack.org/issues/51/11.html

https://twitter.com/todayininfosec/status/1300864278497558528

31st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.

https://mashable.com/archive/celebrity-nude-photo-hack

https://twitter.com/todayininfosec/status/1300537361676283905  

Rant of the Week

Guntrader site hacked and plotted onto Google Maps

Billy Big Balls of the Week

Scam artists are recruiting English speakers for business email campaigns

According to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam. 

If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud. 

"Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.

In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000. 

"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money."

Industry News

Bangkok Airways Admits Attackers Stole Passenger Data

Microsoft Cloud Databases Exposed

UK Government Considers New Regulations for Video Streaming Platforms

Indonesians Told to Delete Unsecured Tracing App

Victim of Cyber-Theft Sues Parents of Alleged Culprits

Australian Couple Admits “Serious Cyber Hacking Offenses”

WhatsApp Fined a Record €225m for GDPR Violations

Sacked Employee Deletes 21GB of Credit Union Files

UK Researchers Invent Device to Thwart USB Malware

Tweet of the Week

https://twitter.com/JackRhysider/status/1433097343692324864

https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/

"The Box" © Charlie Langford

Come on! Like and bloody well subscribe!