AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

#InfoSec News Nuggets – 05/20/2019

Defiant Tech Inc., the company behind the LeakedSource.com portal, pleaded guilty this week, according to a press release from the Royal Canadian Mounted Police (RCMP). The LeakedSource website launched in late 2015 and rose to infamy in 2016. Its operators gathered data from hacked companies, either from the public domain or by buying it from hackers. LeakedSource provided access to this illegally obtained information via a search form on site, to anyone willing to pay a fee. During its lifetime, it collected information such as usernames, real names, emails, home addresses, phone numbers, and even plaintext passwords.


2 Google Wants Your Phone to Protect Against Account Takeover Attacks

In a report on Friday, Google highlights the importance of linking a phone to an account when it comes to fighting hijacking attempts from automated attempts from bots, phishing, and targeted attacks. An email address is at the center of our online life, essential for creating accounts to web services and for receiving communication more or less sensitive in nature. Moreover, providers of a large host of services, like Google and Microsoft, have moved to the single sign-in system where the same username and password to access all services from the same provider. On top of this, these accounts can be used to sign up or log into third-party services. Adding a recovery phone number to the Google account seems to be an effective way to win against take-over attacks, especially if they are not targeted.


3 Google reportedly pulls Huawei’s Android license

Following the US crackdown on Chinese technology companies, Reuters reports that Google has cut off Huawei’s Android license, which would represent a huge blow to the besieged phonemaker. Reuters is reporting the news from a single anonymous source; The Verge requested comment from Google about the suspension, but did not hear back by the time of publication. If the Reuters report is accurate, Huawei could be restricted to using the Android Open Source Project (ASOP), which would cut the company off from critical Google apps that consumers outside of China expect on Android devices. Reuters says Google is still debating the details of how this sanction would work, but that Huawei would “immediately lose access to [Android] updates,” and that future smartphones would lose access to the Google Play Store and apps like Gmail.


4 >20,000 Linksys routers leak historic record of every device ever connected

This post has been updated to add comments Linksys made online, which says company researchers couldn't reproduce the information disclosure exploit on routers that installed a patch released in 2014. Representatives of Belkin, the company that acquired Linksys in 2013, didn't respond to the request for comment that Ars sent on Monday. Ars saw the statement only after this article went live. More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.


5 SHA-1 collision attacks are now actually practical and a looming danger

Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of a cheap "chosen-prefix collision attack," a more practical version of the SHA-1 collision attack first carried out by Google two years ago. What this means is that SHA-1 collision attacks can now be carried out with custom inputs, and they're not just accidental mishaps anymore, allowing attackers to target certain files to duplicate and forge. The SHA-1 hashing function was theoretically broken in 2005; however, the first successful collision attack in the real world was carried out in 2017. Two years ago, academics from Google and CWI produced two files that had the same SHA-1 hash, in the world's first ever SHA-1 collision attack — known as "SHAttered."


6 Israel Firm Linked With WhatsApp Spyware Hack Faces Lawsuit

The Israel firm linked with WhatsApp Spyware Hack to face a lawsuit filed by human rights NGO Amnesty International. The vulnerability was patched by WhatsApp last week, but still, it is not clear how many users affected by the attack. Whatsapp said that the spyware attack was specifically targeting human rights groups, a simple Whatsapp call an attacker could exploit the bug can deploy spyware in the targeted device. Amnesty submitted a lawsuit claims that “Staff of Amnesty International have an ongoing and well-founded fear they may continue to be targeted and ultimately surveilled.” Amnesty also petition that for revocation of NSO Group’s export license.


7 Public safety, civil rights groups battle over face ID tech

San Francisco is on track to become the first U.S. city to ban the use of facial recognition by police and other city agencies, reflecting a growing backlash against a technology that’s creeping into airports, motor vehicle departments, stores, stadiums and home security cameras. Government agencies around the U.S. have used the technology for more than a decade to scan databases for suspects and prevent identity fraud. But recent advances in artificial intelligence have created more sophisticated computer vision tools, making it easier for police to pinpoint a missing child or protester in a moving crowd or for retailers to analyze shoppers’ facial expressions as they peruse store shelves.


8 Indiana Pacers disclose security breach

Pacers Sports & Entertainment (PSE), the legal entity behind the Indiana Pacers and the Indiana Fever NBA and WNBA basketball teams, respectively, announced a security breach on Friday during which hackers gained access to sensitive user information. In a press release published yesterday, the company blamed the breach on a phishing campaign during which hackers managed to gain access to several PSE employee accounts. It said hackers had access to these accounts between October 15, 2018, and December 4, 2018.


9 Researcher uncovered passwordless database used for SMS bombing

A researcher uncovered a massive SMS Bombing Operation in a passwordless database that exposed the sensitive information of millions of users. Security researcher Bob Diachenko discovered an open and unprotected MongoDB instance containing a massive amount of data including MD5 hashed emails, first and last names, location data, IP address, phone number, mobile network carrier and line type (mobile or landline). The MongoDB instance was named ApexSMS index and is also the name of a SMS Bombing program with the same name that is highly advertised on hacker or black hat forums.


10 Two years after WannaCry, a million computers remain at risk

As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. Data generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark — with most of the vulnerable devices in the U.S. But that only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher. WannaCry continues to spread and occasionally still infects its targets. Beaumont said in a tweet Sunday that the ransomware remains largely neutered, unable to unpack and begin encrypting data, for reasons that remain a mystery. But the exposed NSA tools, which remain at large and able to infect vulnerable computers, continue to be used to deliver all sorts of malware — and new victims continue to appear.

Related Posts