InfoSec News Nuggets – August 27, 2018

InfoSec News Nuggets
New facial recognition tech catches first impostor at D.C. airport Facial recognition technology caught an impostor trying to enter the U.S. on a fake passport that may have passed at face value with humans, federal officials said Thursday. And the groundbreaking arrest came on just the third day the biometric technology has been used at Washington Dulles International Airport. The 26-year-old man arrived Wednesday on a flight from Sao Paulo, Brazil, and presented a French passport to the customs officer, according to the U.S. Customs and Border Protection (CBP). Using the new facial comparison biometric system, the officer determined the unidentified traveler did not match the passport he presented. Spyware firm SpyFone leaves customer data, recordings exposed online it appears that an oversight by spyware developer SpyFone has led to…
Read More

InfoSec News Nuggets – August 22, 2018

InfoSec News Nuggets
Kaspersky Ban Draws Few Public Comments How concerned are government and industry about a new law requiring federal agencies and contractors to rid themselves of any trace of Kaspersky anti-virus software? Not very concerned, by the looks of two calls for public comments on implementing the law, which responds to intelligence community concerns that the Russian company’s software could be used as a Kremlin spying tool. The main call for comments on a joint rule implementing the law by the General Services Administration, Defense Department and NASA closed Aug. 14 with only three comments. The three comments were: a complaint from an alleged Pentagon employee that there was no government point of contact to help implement the rule; a request, seemingly from industry, for more specificity about how broadly the…
Read More

InfoSec News Nuggets – August 21, 2018

InfoSec News Nuggets
Google: To be clear, this is how we track you even with Location History turned off Google has updated its help page about turning Location History on or off to more accurately reflect that it actually does sometimes store the places you go even with the setting toggled to off. Though Google originally said its help page was clear and correct, the updated page now clarifies that turning off the setting can still allow location data to be stored in apps like Search and Maps. "This setting does not affect other location services on your device, like Google Location Services and Find My Device," the page reads. "Some location data may be saved as part of your activity on other services, like Search and Maps. When you turn off Location…
Read More

InfoSec News Nuggets – August 9, 2018

InfoSec News Nuggets
EXTORTIONISTS INCREASINGLY USING RECIPIENTS' PERSONAL INFORMATION TO INTIMIDATE VICTIMS The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties. Extortion attempts vary widely, but there are a few common indicators of the scam. The following list of commonalities is not exhaustive, but intended as examples of red flags. It is import to remember these extortion scams change to take advantage of current events such as high profile breaches or new trends involving the Internet to add authenticity. Medical Records of 90 Million People Left Vulnerable to Critical Security Flaws Security researchers have found more than 20…
Read More

InfoSec News Nuggets – August 8, 2018

InfoSec News Nuggets
Ex-Tesla Worker Accused of Hacking Seeks $1M in Counterclaim A former Tesla Inc. employee at the electric car maker's battery plant in Nevada is seeking at least $1 million in defamation damages after it accused him of sabotage, hacking into computers and stealing confidential information leaked to the media. Lawyers for Martin Tripp filed a counterclaim in federal court this week alleging any damages Tesla incurred were caused or contributed to by Tesla's "own negligence, acts or omissions." Tripp alleges that between $150 million and $200 million worth of battery module parts for Tesla's Model 3 vehicle were incorrectly handled as scrap earlier this year. He said more than 700 dented and/or punctured battery modules were not discarded and instead were being shipped or were in the process of being…
Read More

InfoSec News Nuggets – August 6, 2018

InfoSec News Nuggets
Pence Calls on Senate to Create New Cyber Agency at DHS Vice President Mike Pence told the DHS Cybersecurity Summit in New York on Tuesday that “this critical issue requires more than new funding.” “America also needs a central hub for cybersecurity,” he said. “And today we call on the United States Senate to follow the lead of the House of Representatives and, before the end of this year, enact legislation to create a new agency under the authority of DHS. The time has come for the Cybersecurity and Infrastructure Security Agency to commence.” Pence said the agency “will bring together the resources of our national government to focus on cybersecurity.” Lawyers can no longer certify web domain ownership Lawyers will no longer be allowed to certify someone's ownership of…
Read More

InfoSec News Nuggets – August 1, 2018

InfoSec News Nuggets
Steam game Abstractism pulled after cryptomining accusations Valve has pulled a game from its online Steam store after allegations were made that it was exploiting players’ computer resources to mine for cryptocurrency. Warning bells rang for players of the game, a simple and minimalist platformer called “Abstractism”, because it was consuming so much processing power from their CPUs and GPUs. When you see the very-basic game in action, it’s hard to believe that it could have any legitimate need to stretch the abilities of a typical gaming PC. If things weren’t suspicious enough already, the game was also accused of duplicating expensive items from other video games, and attempting to sell the fake goods at inflated prices in Steam’s Community Market. BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters…
Read More

InfoSec News Nugget – July 24, 2018

InfoSec News Nuggets
Canada tackles malicious online advertising On July 11, 2018, the Canadian Radio-television and Telecommunications Commission (CRTC) imposed sanctions against the installation of malicious software through online advertising for the first time in its history. This decision was taken under the provisions of the Canadian Anti-Spam Legislation (CASL), which came into effect on July 1, 2014. The federal agency issued Notices of Violation to Datablocks and Sunlight Media, for allegedly facilitating the installation of malware through online advertising. The companies are subject to penalties of $100,000 and $150,000, respectively. 24 Defendants Sentenced in Multimillion Dollar India-Based Call Center Scam Targeting U.S. Victims Twenty-one members of a massive India-based fraud and money laundering conspiracy that defrauded thousands of U.S. residents of hundreds of millions of dollars were sentenced this week to terms…
Read More

InfoSec News Nuggets – July 16, 2018

InfoSec News Nuggets
Engineer Found Guilty of Stealing Navy Secrets via Dropbox Account A jury trial found a former engineer at a Navy contractor guilty of stealing trade secrets regarding Navy projects by uploading the files to his personal Dropbox account. The man, Jared Dylan Sparks, 35, of Ardmore, Oklahoma, worked as an electrical engineer for LBI, Inc., a company authorized to build unmanned underwater vehicles (drones) for the US Navy's Office of Naval Research, and weather data-gathering buoys for the National Oceanic and Atmospheric Administration (NOAA). According to an indictment obtained by Bleeping Computer, LBI accused Sparks of uploading over 5,000 files containing information about LBI's work on Navy contractors to his personal Dropbox account, right before he quit his job in December 2011. Some files he sent via email. The woman…
Read More

InfoSec News Nuggets – July 12, 2018

InfoSec News Nuggets
Russian company had access to Facebook user data through apps A Russian internet company with links to the Kremlin was among the firms to which Facebook gave an extension which allowed them to collect data on unknowing users of the social network after a policy change supposedly stopped such collection. Facebook told CNN on Tuesday that apps developed by the Russian technology conglomerate Mail.Ru Group, were being looked at as part of the company's wider investigation into the misuse of Facebook user data in light of the Cambridge Analytica scandal. The FBI’s 10 Most-Wanted Black-Hat Hackers – #1 In completion of our countdown, the FBI’s most wanted black-hat hacker is Nicolae Popescu. On December 20, 2012, the United States District Court, Eastern Division of New York, Brooklyn indicted Popescu on…
Read More