AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

#InfoSec News Nuggets – 05/21/2019

This week, a user posted on Reddit about how they discovered that their Google Account's Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay. When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more.  Like the Reddit user, I do not use Google Pay. The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information. When BleepingComputer contacted Google about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads.


2 Update the Netflix App if You're Having Android Battery Issues

If your Android device has been suffering from less-than-stellar battery life over the past few weeks the culprit might be Netflix. Technology firm Mobile Enerlytics discovered this week that the Netflix app running in the background on some Android phones was causing significant battery issues. On a Nexus 6 running Android 6.0.1, for instance, the phone’s battery drained more than 20% sitting idle overnight, BGR reports. As it turns out, a number of users have been reporting similar issues from April through December of last year. The issue appears to only impact devices running Android 6.0.1, but that’s still 17% of Android users.


3 Cybercrime forum OGUsers gets hacked, attackers steal data

OGUsers, an online cybercrime forum known for selling account credentials, was hacked by attackers. The forum was breached on May 12 in what was at first reported as a case of an outage. In addition to causing the outage, attackers also stole user data in the breach. Compromised data includes usernames, email addresses, hashed passwords, private messages, and IP addresses. According to KrebsOnSecurity which reported on the hack, the breached database contained user data of around 113,000 users of the forum. A copy of the database was obtained by KrebsOnSecurity from another hacking forum ‘RaidForums’, which made the data available for free to download.


4 Gulfport casino falls victim to international cybercrime attack involving Russians, DOJ says

A Gulfport casino is among the American businesses targeted by a transnational cybercrime network that attempted to steal at least $100 million from victims around the world, according to a release from the U.S. Department of Justice. Federal authorities announced this week the dismantling of the criminal network that attempted to install viruses and gain access to personal banking accounts from tens of thousands of victims in the United States and Europe. The specific casino targeted in the attack is not identified in the 54-page indictment filed U.S. District Court in Western Pennsylvania, where several of the victims live. But it says the casino is in Gulfport, and Island View Casino is the only one in Gulfport. The Coast’s other 11 casinos are in Biloxi, D’Iberville and Bay St. Louis.


5 Illicit streaming devices are more popular than ever, and hackers are taking note

Online hackers are using illicit streaming devices — known as “Kodi boxes” or “jailbroken Fire TV sticks” — to skirt home network security measures, infect consumers with malware, and steal vital personal information like passwords and financial records. It’s time for Congress to do something about this. While on-demand subscriptions to services like Netflix and Hulu climbed to 187 million in the U.S. in 2018, millions of consumers are going outside legitimate app marketplaces to find free, pirated content to the latest shows, pre-release movies, and video games. According to a new report by the Digital Citizens Alliance, an advocacy group that specializes in internet threats to the public, Kodi boxes are readily available through online merchants like eBay or Craigslist for $75 to $100 and offer an ever-growing selection of pirated content.


6 After breach, Stack Overflow says some user data exposed

After disclosing a breach earlier this week, Stack Overflow has confirmed some user data was accessed. In case you missed it, the developer knowledge sharing site confirmed Thursday a breach of its systems last weekend, resulting in unauthorized access to production systems — the front-facing servers that actively power the site. The company gave few details, except that customer data was unaffected by the breach. Now the company said the intrusion on the website began about a week earlier and “a very small number” of users had some data exposed. “The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” said Mary Ferguson, vice president of engineering.


7 Net neutrality supporter sentenced for death threats to FCC Chairman Pai

A California man was sentenced to 20 months in prison on Friday after pleading guilty for threatening to kill the family of U.S. Federal Communications Commission Chairman Ajit Pai over the regulator’s successful effort to repeal net neutrality rules. The Justice Department said Markara Man, 33, of Norwalk, California, sent the email threats “in hopes it would cause (Pai) to reverse his position on net neutrality.” The FCC did not immediately comment after the sentencing by the U.S. District Court for the Eastern District of Virginia.


8 Millions of Instagram influencers had their contact data scraped and exposed

A massive database containing contact information of millions of Instagram  influencers, celebrities, and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour. From a brief review of the data, each record contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, if they’re verified, and their location by city and country, but also contained their private contact information, such as the Instagram account owner’s email address and phone number.


9 Faulty database script brings Salesforce to its knees

Salesforce is going through one of its biggest outages ever after the company was forced to shut down large chunks of its infrastructure earlier today. At the heart of the outage was a change the company made to its production environment that broke access permission settings across organizations and gave employees access to all of their company's files. According to reports on Reddit, users didn't just get read access, but they also received write permissions, making it easy for malicious employees to steal or tamper with a company's data. In a status update, the company blamed the issue on "a database script deployment that inadvertently gave users broader data access than intended."


10 Huawei responds to Android ban with service and security guarantees, but its future is unclear

Huawei has finally gone on the record about a ban on its use of Android,  but the company’s long-term strategy on mobile still remains unclear. In an effort to appease its worried customer base, the embattled Chinese company said today that it will continue to provide security updates and after-sales support to its existing lineup of smartphones, but it’s what the company didn’t say that will spark concerns. Huawei was unable to make guarantees about whether existing customers will continue to receive Android software updates, while its statement is bereft of any mention of whether future phones will ship with the current flavor of Android or something else.


11 Brave browser concerned that Client Hints could be abused for tracking

The people at privacy-focused browser, Brave, have criticised an industry proposal it says would make it easier for websites to identify a browser using a passive, cookie-less technique called fingerprinting. Called HTTP Client Hints, the proposal provides a standard way for a web server to ask a browser for information about itself. It comes from the Internet Engineering Task Force (IETF). This organization works with industry members to create voluntary standards for internet protocols, and it has a lot of power. It standardized TCP and HTTP, two of the internet’s foundational protocols. HTTP already offers a technique called proactive negotiation, which lets a server ask a browser about itself. This technique makes the browser describe its capabilities every time it sends a request, though. That takes too much bandwidth, says the IETF.


12 Dark web user gets 42 months in prison for buying child abuse imagery with Bitcoin

A man in the US has been sentenced to 42 months in federal prison for purchasing, downloading, and concealing child abuse imagery he got on the dark web and paid for with Bitcoin. $BTC2.91%. According to court documents, starting in May 2017, Stephen P. Langlois, Jr. used Bitcoin to subscribe to an overseas child pornography website from which he downloaded over 100 child pornography videos. Langlois, who aside from the prison sentence will be subject to a subsequent supervision of 10 years after he’s released, pleaded guilty to possession of child pornography in US District Court in Providence on January 2, 2019. He will also have to pay a mandatory assessment of $5,000 as provided for in the Justice for Victims Trafficking Act.


13 U.S. eases some restrictions on China's Huawei to keep mobile networks operating

The U.S. government on Monday eased some restrictions imposed last week on China’s Huawei, a sign of how the prohibitions on the telecommunications company may have far-reaching and unintended consequences. The U.S. Commerce Department will allow Huawei Technologies Co Ltd to purchase American-made goods in order to maintain existing networks and provide software updates to existing Huawei handsets. The company is still prohibited from buying American parts and components to manufacture new products without license approvals that likely will be denied. The roll back, which is in effect for 90 days, suggests changes to Huawei’s supply chain may have immediate, far-reaching and unexpected consequences.


14 Hacked Florida counties could disclose their identities — if they wanted to

Local election officials in the two unnamed Florida counties where Russian agents hacked voter rolls in 2016 are able to publicly disclose whether they had been attacked. But the bureaucrats are clamming up instead. And voters in those counties have no right to know that information, according to the FBI. Nor is the state’s governor or its congressional delegation allowed to tell the public the names of those counties. That’s because the FBI made the governor sign a non-disclosure agreement in order to receive a classified briefing about the hack, along with the members of Congress. Some lawmakers are outraged at what they see as bizarre reasoning from the agency.


15 Most hacker-for-hire services are frauds

Hacker-for-hire services available online are what we thought they were — scams and ineffective — new research published last week by Google and academics from the University of California, San Diego, reveals. "Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing," researchers said. "These victims in turn were 'honey pot' Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner)."

Related Posts