InfoSec News Nuggets – August 9, 2018

Uncategorized
EXTORTIONISTS INCREASINGLY USING RECIPIENTS' PERSONAL INFORMATION TO INTIMIDATE VICTIMS The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties. Extortion attempts vary widely, but there are a few common indicators of the scam. The following list of commonalities is not exhaustive, but intended as examples of red flags. It is import to remember these extortion scams change to take advantage of current events such as high profile breaches or new trends involving the Internet to add authenticity. Medical Records of 90 Million People Left Vulnerable to Critical Security Flaws Security researchers have found more than 20…
Read More

InfoSec News Nuggets – August 8, 2018

Uncategorized
Ex-Tesla Worker Accused of Hacking Seeks $1M in Counterclaim A former Tesla Inc. employee at the electric car maker's battery plant in Nevada is seeking at least $1 million in defamation damages after it accused him of sabotage, hacking into computers and stealing confidential information leaked to the media. Lawyers for Martin Tripp filed a counterclaim in federal court this week alleging any damages Tesla incurred were caused or contributed to by Tesla's "own negligence, acts or omissions." Tripp alleges that between $150 million and $200 million worth of battery module parts for Tesla's Model 3 vehicle were incorrectly handled as scrap earlier this year. He said more than 700 dented and/or punctured battery modules were not discarded and instead were being shipped or were in the process of being…
Read More

InfoSec News Nuggets – August 6, 2018

InfoSec News Nuggets
Pence Calls on Senate to Create New Cyber Agency at DHS Vice President Mike Pence told the DHS Cybersecurity Summit in New York on Tuesday that “this critical issue requires more than new funding.” “America also needs a central hub for cybersecurity,” he said. “And today we call on the United States Senate to follow the lead of the House of Representatives and, before the end of this year, enact legislation to create a new agency under the authority of DHS. The time has come for the Cybersecurity and Infrastructure Security Agency to commence.” Pence said the agency “will bring together the resources of our national government to focus on cybersecurity.” Lawyers can no longer certify web domain ownership Lawyers will no longer be allowed to certify someone's ownership of…
Read More

InfoSec News Nuggets – August 1, 2018

InfoSec News Nuggets
Steam game Abstractism pulled after cryptomining accusations Valve has pulled a game from its online Steam store after allegations were made that it was exploiting players’ computer resources to mine for cryptocurrency. Warning bells rang for players of the game, a simple and minimalist platformer called “Abstractism”, because it was consuming so much processing power from their CPUs and GPUs. When you see the very-basic game in action, it’s hard to believe that it could have any legitimate need to stretch the abilities of a typical gaming PC. If things weren’t suspicious enough already, the game was also accused of duplicating expensive items from other video games, and attempting to sell the fake goods at inflated prices in Steam’s Community Market. BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters…
Read More

InfoSec News Nugget – July 24, 2018

InfoSec News Nuggets
Canada tackles malicious online advertising On July 11, 2018, the Canadian Radio-television and Telecommunications Commission (CRTC) imposed sanctions against the installation of malicious software through online advertising for the first time in its history. This decision was taken under the provisions of the Canadian Anti-Spam Legislation (CASL), which came into effect on July 1, 2014. The federal agency issued Notices of Violation to Datablocks and Sunlight Media, for allegedly facilitating the installation of malware through online advertising. The companies are subject to penalties of $100,000 and $150,000, respectively. 24 Defendants Sentenced in Multimillion Dollar India-Based Call Center Scam Targeting U.S. Victims Twenty-one members of a massive India-based fraud and money laundering conspiracy that defrauded thousands of U.S. residents of hundreds of millions of dollars were sentenced this week to terms…
Read More

InfoSec News Nuggets – July 16, 2018

InfoSec News Nuggets
Engineer Found Guilty of Stealing Navy Secrets via Dropbox Account A jury trial found a former engineer at a Navy contractor guilty of stealing trade secrets regarding Navy projects by uploading the files to his personal Dropbox account. The man, Jared Dylan Sparks, 35, of Ardmore, Oklahoma, worked as an electrical engineer for LBI, Inc., a company authorized to build unmanned underwater vehicles (drones) for the US Navy's Office of Naval Research, and weather data-gathering buoys for the National Oceanic and Atmospheric Administration (NOAA). According to an indictment obtained by Bleeping Computer, LBI accused Sparks of uploading over 5,000 files containing information about LBI's work on Navy contractors to his personal Dropbox account, right before he quit his job in December 2011. Some files he sent via email. The woman…
Read More

InfoSec News Nuggets – July 12, 2018

InfoSec News Nuggets
Russian company had access to Facebook user data through apps A Russian internet company with links to the Kremlin was among the firms to which Facebook gave an extension which allowed them to collect data on unknowing users of the social network after a policy change supposedly stopped such collection. Facebook told CNN on Tuesday that apps developed by the Russian technology conglomerate Mail.Ru Group, were being looked at as part of the company's wider investigation into the misuse of Facebook user data in light of the Cambridge Analytica scandal. The FBI’s 10 Most-Wanted Black-Hat Hackers – #1 In completion of our countdown, the FBI’s most wanted black-hat hacker is Nicolae Popescu. On December 20, 2012, the United States District Court, Eastern Division of New York, Brooklyn indicted Popescu on…
Read More

InfoSec News Nuggets – July 2, 2018

InfoSec News Nuggets
A massive cache of law enforcement personnel data has leaked A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned. The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University. The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection. ZDNet obtained a copy of the database, which was first found by a New…
Read More

InfoSec News Nuggets – June 28, 2018

InfoSec News Nuggets
Cyber Researchers Don’t Think Feds or Congress Can Protect Against Cyberattacks The federal government doesn’t understand cybersecurity and won’t be able to respond to a digital disaster such as a destructive hack aimed at the energy or financial sector, according to a survey of cybersecurity researchers released Tuesday. Only 13 percent of researchers “believe that Congress and the White House understand cyber threats and will take steps for future defenses,” according to the poll of attendees at the Black Hat cybersecurity conference. Only 15 percent of the researchers believe the U.S. government and private industry are prepared to respond to a major breach of critical infrastructure. When asked about the greatest cyber threats to critical infrastructure, 43 percent of researchers cited a cyberattack by another nation, while 16 percent cited…
Read More

InfoSec News Nuggets – June 27, 2018

InfoSec News Nuggets
FireEye Denies Hacking Back Against Chinese Cyberspies In his latest book, New York Times correspondent David Sanger describes how cybersecurity firm Mandiant hacked into the devices of Chinese cyberspies during its investigation into the threat group known as APT1. Mandiant, now owned by FireEye, published its famous report on APT1 back in 2013 when it was led by CEO Kevin Mandia. The company at the time released information apparently showing that the Chinese military had been conducting sophisticated cyber-espionage operations. In a statement published on Monday, FireEye admitted that Sanger was given access to the methods used by Mandiant to gather evidence of APT1’s ties to the Chinese military, but claims the reporter’s description “resulted in a serious mischaracterization of our investigative efforts.” Wi-Fi Alliance introduces WPA3 and Wi-Fi Easy…
Read More