InfoSec News Nuggets – December 10, 2018

InfoSec News Nuggets
Amazon robot sets off bear repellant, putting 24 workers in hospital  Twenty-four employees at an Amazon warehouse inNew Jersey were taken to hospital after a robot accidentally punctured a can of bear repellant. The 255g can containing concentrated capsaicin, a compound in chilli peppers, was punctured by an automated machine after it fell off a shelf, according to local media. The incident happened on Wednesday at a warehouse in Robbinsville, New Jersey, on the outskirts of Trenton. Arrest of Tech Exec Signals Tougher US Stand on China Tech Firms  The arrest of a top executive of tech giantHuawei at the request of US authorities signals a toughening stand in Washington on dealing with Chinese tech firms amid longstanding concerns over cyberespionage. Meng Wanzhou, Huawei's chief financial officer, was detained this…
Read More

InfoSec News Nuggets – 11/27/2018

InfoSec News Nuggets
City of Valdez, Alaska admits to paying off ransomware infection Officials from the city of Valdez, Alaska have admitted last week to paying $26,623.97 to hackers after the city's IT network was crippled by a ransomware infection in July. "Valdez Police Department[...] reached out through our law enforcement channels for assistance with addressing the ransom demand," said Bart Hinkle, Valdez police chief and operations section chief for the cyber incident response, in a press release last week. "Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia," Hinkle added. "The firm anonymously contacted the attackers on the City's behalf to investigate and possibly negotiate ransom terms." Walmart, Target, Best Buy take steps to curb gift card fraud The…
Read More

InfoSec News Nuggets – November 20, 2018

InfoSec News Nuggets
Inside the Messy, Dark Side of Nintendo Switch Piracy The source of the leak had no chance of being traced. Someone, perhaps a professional games reviewer, had just helped dump a copy of Diablo III, a hotly anticipated Nintendo Switch game at least several days before its official launch date. The source had used a middleman who ultimately released the game for pirates to distribute among themselves.  This approach of disguising the original source of the leak by using a middleman was the right way to release games early, or ‘pre-street,’ one of the pirates chimed in, according to chat logs from a private group of a few dozen Nintendo Switch pirates obtained by Motherboard. Whoever the source was, they had released other games over the last few months, including…
Read More

SANS 2018 Talk – Devon Ackerman

Uncategorized
A planned methodology for developing and implementing a forensically sound incident response plan in Microsoft’s Office 365 cloud environment must be thoroughly researched and re-evaluated over time as the system evolves, new features are introduced, and older capabilities are deprecated. This presentation will walk through the numerous forensic, incident response, and evidentiary aspects of Office 365. The presentation is based on two years’ worth of collection of forensics and incident response data in Microsoft’s Office 365 and Azure environments. It combines knowledge from more than a hundred Office 365 investigations, primarily centered around Business Email Compromise (BEC) and insider threat cases. https://www.youtube.com/watch?v=CubGixACC4E
Read More

InfoSec News Nuggets – October 11, 2018

InfoSec News Nuggets
Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd. (Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won't be able to tell that they're using a hackable device because the company doesn't sell any products with its name on them, but ships all equipment as white label products on which other companies put their logo on top. Security researchers from EU-based SEC Consult say they've identified over 100 companies that buy and re-brand Xiongmai devices as their own. Security researcher source…
Read More

InfoSec News Nuggets – October 1, 2018

InfoSec News Nuggets
Facebook Security Breach Exposes Accounts of 50 Million Users Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users. The breach, which was discovered this week, was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them. Three software flaws in Facebook’s systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram…
Read More

InfoSec News Nuggets – September 26, 2018

InfoSec News Nuggets
Beware of Hurricane Florence Relief Scams If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc.). Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information…
Read More

InfoSec News Nuggets – September 25, 2018

InfoSec News Nuggets
Credit Freezes are Free: Let the Ice Age Begin A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file). And because each credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score, which is what most lenders use to…
Read More

InfoSec News Nuggets – September 24, 2018

InfoSec News Nuggets
Google responds to lawmaker concerns over Gmail scanning In July, Senators John Thune (R-SD), Roger Wicker (R-MS) and Jerry Moran (R-KS) sent Google a letter that sought information on Google's practice of allowing third-party app developers access to its users' emails. While Google stopped scanning Gmail messages for ad-targeting purposes earlier this year, it still offers access to others if users give their consent. Now, Google has replied to the lawmakers' letter. In it, Susan Molinari, Google's VP of public policy and government affairs, confirmed that Google does allow third parties to access Gmail data, a practice the company described in a blog post earlier this year. "Before a developer can access a Gmail user's data, they must obtain consent from the user," she wrote. "And they must have a…
Read More

InfoSec News Nuggets – September 11, 2018

InfoSec News Nuggets
US government releases post-mortem report on Equifax hack The Government Accountability Office (GAO) has published a report to detail how the Equifax hack went down and how the credit reporting company answered during and after the incident. The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens. Some of the details included in the report were already known and previously reported, but there was also some new information. Chrome 69 Removing WWW and M subdomains From the Browser's Address Bar With the release of Chrome 69, Google has decided to strip the "www" and "m" subdomains from the URL displayed in Chrome's address bar. For…
Read More