InfoSec News Nuggets – November 20, 2018

Home / InfoSec News Nuggets / InfoSec News Nuggets – November 20, 2018

Inside the Messy, Dark Side of Nintendo Switch Piracy

The source of the leak had no chance of being traced. Someone, perhaps a professional games reviewer, had just helped dump a copy of Diablo III, a hotly anticipated Nintendo Switch game at least several days before its official launch date. The source had used a middleman who ultimately released the game for pirates to distribute among themselves.  This approach of disguising the original source of the leak by using a middleman was the right way to release games early, or ‘pre-street,’ one of the pirates chimed in, according to chat logs from a private group of a few dozen Nintendo Switch pirates obtained by Motherboard. Whoever the source was, they had released other games over the last few months, including games up to two weeks in advance of their general sale; a big win. In another instance, pirates managed to get their hands on Dark Souls: Remastered, another much-anticipated game ported to the Switch.

Most ATMs can be hacked in under 20 minutes

An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks. Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week. The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users’ bank cards (also known as skimming). Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to.

Microsoft Azure, Office 365 users hit by multi-factor authentication issue

A number of Microsoft Azure and Office 365 users have been unable to get into their accounts for most of the day on November 19. The problem: A multi-factor authentication issue which hit users worldwide and left them unable to sign into their services. The Office 365 status page noted that affected users may be unable to sign in using multi-factor authentication (two-factor authentication) and may also be unable to do self-service password resets. “A subset of users are no longer receiving prompts on their mobile devices (SMS, call or push) and (we) are investigating diagnostic logs to understand why,” the status dashboard noted.

Alphabet, Microsoft leaders named to National Security Commission on Artificial Intelligence

Two West Coast tech experts were chosen Wednesday by the Republican and Democratic leaders of the House Armed Services Committee to serve on the new National Security Commission on Artificial Intelligence. Armed Services Chairman Mac Thornberry, R-Texas appointed Eric Schmidt, technical adviser to the board of Google parent company Alphabet, while ranking member Adam Smith, D-Wash., went with Eric Horvitz of Microsoft Research Labs. The National Security Commission on Artificial Intelligence, which is independent but sits in the executive branch, was created by the National Defense Authorization Act for fiscal 2019.

City of Amarillo Employees’ Personal Information at Risk

City of Amarillo employees’ personal information has been breached. Tuesday, the city learned the company conducting a required external payroll audit lost an encrypted flash drive containing sensitive personal information. The audit is meant to make sure the city has no fraud in its payroll process, but now the personal information of city employees is at risk. City Manager Jared Miller said Connor, McMillon, Mitchell and Shennum, PLLC (CMMS), had possession of a flash drive containing city employees’ names, addresses, bank deposit information, dates of birth, and social security numbers when it was lost or stolen. Miller said all employees are aware of the breach and CMMS is offering one year of identity theft protection and credit monitoring as a result.