The Solarwinds supply chain compromise and Sunburst malware are still dominating the cybersecurity news cycle. If you haven’t found a few hours worth of reading, or viewing, then you haven’t been connected to the Internet. I’ll offer two excellent articles for this week:
Recorded Future - Solarwinds: What the intelligence tells us
Checkpoint Software - Best Practices: Identifying and Mitigating the Impacts of Sunburst
For you home gamers still playing in the Bitcoin market - the digital currency crossed the 28K price point for the first time on Sunday and now has a 500 Billion market cap!
Cellebrite V. Signal
In a case of “Yes, we can…No, you can’t”, digital device forensic company Cellebrite made the claim they had broken the encryption scheme of Signal messenger application. Signal responded forcefully and Cellebrite pulled their initial blog post and published a revised claim. I use Signal and it really is a great messenger app. And the encryption is a bonus. I believe Signal in this catty dispute.
Digging deeper on TikTok
OSINT provider Skopenow published a fantastic tutorial on how to gather more information on TikTok posts. TikTok will soon have 1 Billion regular users and if you do any social media investigations you are already familiar with it. A really good tip in the article is how to use Google advanced search to query usernames since TikTok itself doesn’t have a search function.
GoDaddy goes phishing, with spoiled bait!
Internet services provider GoDaddy sparked absolute Internet breaking outrage this week after it was learned they conducted an internal phishing test using the promise of a Christmas bonus as bait. Over 500 employees fell for the ruse and clicked the links inside the email message. Only to learn they aren’t getting a bonus, but remedial training. I think there are some teachable lessons, for both sides of the debate, and I’ll be writing a full length piece in the future.
FinCEN proposes new rules on digital currency wallets
The Financial Crimes Enforcement Network (FinCEN) has proposed new rules that would be applicable to banks and money service providers dealing with digital currencies. The rules concern the way to handle unhosted wallets. These are wallets that digital currency users self host on their own devices and are not associated with an existing bank or exchange such as Coinbase, Kraken, or Gemini.
The Rest…
A San Francisco area group defrauded investors out of almost 250 Million Dollars in a fraudulent real estate scheme. A crazy story that reinforces why investors must do their due-diligence and research firms and projects before they invest.
The two owners of a New York area pharmacy chain where indicted for running a health care fraud scheme and money laundering. The couple was defrauding the Medicare system for charges related to Covid-19 pandemic. Wouldn’t have selling out to Walgreen’s been just as profitable… and keep you out of jail?
Bleeping Computer details an active spam/phishing campaign targeting Chase Bank users. Chase is the largest bank in the United States with 2.8 trillion dollars in assets and hundreds of thousands of account holders. The chances of hitting an inbox of a Chase account holder is pretty good.
Joker’s Stash, the largest and most popular site offering credit card accounts, recently sustained a setback when the FBI and Interpol took custody of several of their domains. Intelligence firm Intel471 explains why this will be little more than annoyance to the illicit marketplace.
Cool Tool
Mara Photo Editor - an online photo editor that does quick and dirty edits for free.
Cool Job
Senior Investigator of Insider Trading - FINRA
Your made it to the end. Thank You so much for your attention!
Best Wishes to you for the new year!