Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nugget – July 24, 2018

Canada tackles malicious online advertising

On July 11, 2018, the Canadian Radio-television and Telecommunications Commission (CRTC) imposed sanctions against the installation of malicious software through online advertising for the first time in its history. This decision was taken under the provisions of the Canadian Anti-Spam Legislation (CASL), which came into effect on July 1, 2014. The federal agency issued Notices of Violation to Datablocks and Sunlight Media, for allegedly facilitating the installation of malware through online advertising. The companies are subject to penalties of $100,000 and $150,000, respectively.

24 Defendants Sentenced in Multimillion Dollar India-Based Call Center Scam Targeting U.S. Victims

Twenty-one members of a massive India-based fraud and money laundering conspiracy that defrauded thousands of U.S. residents of hundreds of millions of dollars were sentenced this week to terms of imprisonment up to 20 years.  Three other conspirators were sentenced earlier this year for laundering proceeds for the conspiracy, which was operated out of India-based call centers that targeted U.S. residents in various telephone fraud schemes.  This week’s sentencing hearings took place in Houston, Texas, before the Honorable David Hittner of the Southern District of Texas. “The stiff sentences imposed this week represent the culmination of the first-ever large scale, multi-jurisdiction prosecution targeting the India call center scam industry,” said Attorney General Sessions. 

Uber, Lyft driver booted after newspaper reveals he was livestreaming passengers

A St. Louis Uber and Lyft driver has been kicked off both companies’ platforms after the St. Louis Post-Dispatch reported Friday night that he had been livestreaming his passengers for months without their consent. According to the newspaper, Jason Gargac, a 32-year-old man from Florissant, Missouri, had been giving hundreds of rides since March—and he has streamed nearly all of them live under the Twitch handle “JustSmurf.” (His Twitch account has also been shuttered.) Passengers have included children, drunk college students and unwitting public figures such as a local TV news reporter and Jerry Cantrell, lead guitarist with the band Alice in Chains. First names, and occasionally full names, are revealed. Homes are shown. Passengers have thrown up, kissed, talked trash about relatives and friends and complained about their bosses in Gargac’s truck. All the while, an unseen online audience watches, evaluating women’s bodies, judging parents and mocking conversations.

Source Code for Exobot Android Banking Trojan Leaked Online

The source code of a top-of-the-line Android banking trojan has been leaked online and has since rapidly spread in the malware community, worrying researchers that a new wave of malware campaigns may be in the works. This malware’s name is Exobot, an Android banking trojan that was first spotted at the end of 2016, and which its authors mysteriously abandoned by putting its source code for sale in January this year. In day to day operations, malware authors sell monthly or weekly access to their malware in what security researchers call MaaS (Malware-as-a-Service) or CaaS (Cybercrime-as-a-Service). But when a malware author sells the malware’s entire source code, this usually means the malware author is moving to something else and doesn’t want to work on it anymore. Usually, that source code leaks online after enough people buy it.

China, EU seize control of the world’s cyber agenda

The United States is losing ground as the internet’s standard-bearer in the face of aggressive European privacy standards and China’s draconian vision for a tightly controlled Web. The weakening American position comes as the European Union, filling a gap left by years of lax U.S. regulations, imposes data privacy requirements that companies like Facebook and Google must follow. At the same time, China is dictating companies’ security practices with mandates that experts say will undermine global cybersecurity — without any significant pushback from the United States.

Bluetooth Vulnerability Allows Traffic Monitoring, Manipulation

A high severity vulnerability affecting some Bluetooth implementations can allow an attacker in physical proximity of two targeted devices to monitor and manipulate the traffic they exchange. Some of the impacted vendors have already released patches. The flaw, discovered by researchers at the Israel Institute of Technology and tracked as CVE-2018-5383, is related to the Secure Simple Pairing and LE Secure Connections features. According to the Bluetooth Special Interest Group (SIG), whose members maintain and improve the technology, Bluetooth specifications recommend that devices supporting the two features validate the public key received during the pairing process. However, this is not a requirement and some vendors’ Bluetooth products do not perform public key validation.

Google Chrome users met with ‘Not secure’ warnings when visiting HTTP sites

If you’re still running a website that is using insecure HTTP then it’s probably too late. Some of your website’s visitors are going to be greeted with a message that tells them that they can’t trust your website to be secure. That’s the message they’re going to get from Google Chrome which – in version 68 released on Tuesday 24 July 2018 – is changing its behaviour, and will start labelling all sites that continue to use unencrypted HTTP as “not secure”. And as Chrome is the world’s most widely-used browser, that’s an awful lot of visitors who might feel unsettled visiting your website from Tuesday.

Quantum computing revenue to hit $15 billion in 2028 due to AI, R&D, cybersecurity

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US power utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, and plunged America into darkness. The hackers, dubbed Dragonfly and Energetic Bear, struck in the spring of 2016, and continued throughout 2017 and into 2018, even invading air-gapped networks, it is claimed.

Related Posts