AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 06/13/2019

Drone delivery may be taking off slowly in the U.S. thanks to strict FAA oversight, but drones have become a key tool for inspection in many industries. Now, that includes the insurance sector, where damage assessments are frequently performed by drones equipped with machine vision and AI. That fact was driven home with an announcement from Kespry, a drone-based aerial intelligence company, which has teamed up with Grinnell Mutual, a leading property casualty insurance company and the nation's largest primary reinsurer of farm mutual companies, to help with residential and commercial roof inspections.


2 The CBP Theft Is Exactly What Privacy Experts Said Would Happen

U.S. Customs and Border Protection announced yesterday afternoon that hackers had stolen an undisclosed number of license-plate images and travelers’ ID photos from a subcontractor. Privacy and security activists have long argued that as law enforcement vacuums up more data without legal limits, the damage of a possible breach scales up. The lack of restrictions on data collection is why, for many experts, this hack feels like an inevitability. “I would be cautious about assuming this data breach contains only photo data,” said Chad Loder, the CEO of Habitu8, a cybersecurity firm that trains other companies on security awareness. The full scope of the breach may be much larger than what CBP revealed in its original statement, he said. In recent years, CBP has asked travelers for fingerprints, facial data, and, recently, even social-media accounts. “If CBP’s contractor was targeted specifically, it’s unlikely that the attacker would have stopped with just photo data,” Loder told me.


3 FIN8 tries to breach U.S. hotel with new malware variant

A criminal hacking group tried to breach the computer network of a U.S. hotel using a variant of malware the group had last deployed in 2017, according to research from endpoint security firm Morphisec. FIN8, as the financially-driven group is known, made several upgrades to its ShellTea malware, aiming it at the network of the hotel between March and May, according to Morphisec. Researchers believe it was an attempted attack on a point-of-sale (POS) system, or one that processes payment card data. The intrusion attempt was blocked. In a blog post published Monday, Morphisec warned of the vulnerability of POS networks to groups like FIN8.


4 Android’s Security Key Now Verifies Sign-Ins on iOS Devices

Google now allows iPad and iPhone users to verify sign-ins into Google and Google Cloud services using the security keys built into Android phones running Android 7.0 or later. The Android built-in security key was introduced by Google during Cloud Next 2019 to provide a simple way to prevent phishing attacks which are currently a huge threat both home and business users by blocking malicious sign-in attempts. While any type of two-step verification (or 2SV) such as SMS or push notifications makes it that much harder for attackers to hack into one's account, using the physical Android security keys which follow FIDO standards means that suspicious sign-in attempts are thwarted from the start.


5 Microsoft Blocks Some Bluetooth Devices Due to Security Risks

Microsoft says that certain Bluetooth devices might start experiencing pairing and connectivity issues after Windows users apply cumulative, security, or monthly rollup updates released today. As detailed by the Windows support document published today by Microsoft, "These security updates address a security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices. Any device using well-known keys to encrypt connections may be affected, including certain security fobs." The security fobs part at the end refers to Google's Bluetooth Low Energy (BLE) Titan Security Keys with a T1 or T2 code which were recalled last month and to the Feitian Multipass (Feitian CTAP1/U2F Security Key).


6 Food Bank Needs Help Recovering from Ransomware Attack

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food bank’s computers. Those responsible for the attack then demanded that the food bank pay a ransom in exchange for the decryption key. Wisely, Auburn Food Bank chose not to pay the ransom, as doing so never guarantees that bad actors will provide a decryption key.


7 iOS 13 will map the apps that are tracking you

As Apple continues its privacy march, the upcoming iOS 13 mobile update will be right there, and it’s pulling tracking apps along. Apple showed off iOS 13 last week at its Worldwide Developers Conference (WWDC). Beta testers at 9to5Mac have discovered that the upcoming release, now in preview, will tell you what apps are tracking you in the background and will give you the option of switching them off. Ditto for iPadOS. The new feature comes in the form of a map that displays how a given app – 9to5mac showed screenshots of popup notifications about tracking apps from Tesla and the Apple Store – has been tracking you in the background, as in, when you’re not actually using the app.


8 A Top Voting-Machine Firm Calls for Paper Ballots

Election Systems & Software, which describes itself as the nation’s leading elections-equipment provider, has vowed to stop selling paperless electronic voting systems—at least as the "primary voting device in a jurisdiction." And the company is calling on Congress to pass legislation mandating paper ballots and raising security standards for voting machines. "Congress must pass legislation establishing a more robust testing program—one that mandates that all voting-machine suppliers submit their systems to stronger, programmatic security testing conducted by vetted and approved researchers," writes ES&S CEO Tom Burt in an op-ed for Roll Call. Over the past 18 months, election-security advocates have been pushing for new legislation shoring up the nation's election infrastructure.


9 Twenty years in prison for hackers/founders of Mariposa botnet and Bitcoin platform NiceHash

According to digital forensics specialists, the Federal Bureau of Investigation (FBI) is trying to charge some hackers, including the founder of NiceHash cryptocurrency platform, for a supposed conspiracy to distribute malware through Darkode, one of the main hacking forums on dark web. Agency officials say that Darkode is a criminal group powered by an online forum that can only be accessed through a password. The FBI mentions that only advanced knowledge hackers can access this forum to buy, sell or share sophisticated hacking tools or confidential information. Florencio Carro Ruiz, Thomas McCormack and Matjaz Skorjanc, Spain, the U.S. and Slovenia nationals respectively, have been charged with crimes such as extortion, conspiracy to commit fraud and bank fraud. Matjaz Skorjanc is the creator of the cryptocurrency market NiceHash, also the alleged responsible for the creation of a malware that infected more than one million machines to integrate them into the massive botnet known as Mariposa, report experts in digital forensics.


10 New Extortion Scam Threatens to Ruin a Website's Reputation

A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site's reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient's computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit. In this new variant, scammers are utilizing a web sites contact's form to send messages to site owners with a subject of  "Abuse and lifetime blocking of the site – example.com. My requirements".


11 Facebook Launching App That Pays Users for Data on App Usage

Facebook on Tuesday launched an app that will pay users to share information with the social media giant about which apps they’re using. The company previously rolled out two similar apps that tracked what activities people did on their phones. But both were shut down after drawing criticism for infringing on privacy and violating Apple’s App Store guidelines. Facebook said the new app, called Study, is different than the previous two and was built from scratch. And it is only available on the Google Play Store, though Facebook said it might work to expand it to iOS in the future. The new app will collect information about which apps people are using and for how long, including which app features are used. That could give Facebook valuable insight into how people use its competitors’ services.


12 Evite e-invite website admits security breach

Evite, a social planning and e-invitations service, and one of the biggest sites on the Internet, has officially admitted to a security breach that ZDNet first reported back in April. At the time, a hacker named Gnosticplayers put up for sale the customer data of six companies, including Evite. The hacker claimed to be selling ten million Evite user records that included full names, email addresses, IP addresses, and cleartext passwords. ZDNet reached out to notify Evite of the hack and that its data was being sold on the dark web on April 15; however, the company never returned our request for comment.


13 'Deepfake' clip of Mark Zuckerberg circulating on Instagram amid concerns Facebook doesn't combat disinformation

A doctored video of Facebook’s Mark Zuckerberg is being circulated amid criticism that the tech giant isn’t doing enough to combat disinformation. A short clip posted on Instagram, a platform owned by Facebook, supposedly shows Zuckerberg speaking directly into the camera and boasting of his company’s supposed control of people’s data. “Imagine this for a second: one man, with total control of billions of people’s stolen data, all their secrets, their lives, their futures,” he appears to say, before referring to a fictional evil organization in the James Bond movie series. “I owe it all to Spectre. Spectre showed me that whoever controls the data controls the future.” The existence of the so-called “deepfake” video of Zuckerberg was first reported by VICE.


14 Telerobotic hands and fingers become your avatar at Amazon re:MARS

Sometimes robots replace human workers, but other times they augment those workers instead. At Amazon’s re:MARS 2019 conference, a quartet of companies showed off a set of telerobotic arms and hands that let a human operator “feel” what the robot hands were touching. The idea is that the robotic limbs and digits become essentially an avatar for the human operator, who may be standing right there (as was the case with the show floor demo), or may be operating remotely thousands of miles away.


15 New Security Warning Issued For Google's 1.5 Billion Gmail And Calendar Users

In what the researchers refer to as a "sophisticated scam," users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that's how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality. When a calendar invitation is sent to a user, a pop-up notification appears on their smartphone. The threat actors craft their invitations to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.


16 Consumers see funds disappear in Zelle account scam

Chrysanthi Rausch was taking a nap on her couch two months ago when she got a call from a number she didn't recognize. On the other end of the line was a woman who said she worked for KeyBank, Rausch's local bank, calling to alert her of fraud in her account. "They wanted me to verify my identity through a text code. So they sent me a text, and then I read the six numbers back," said Rausch, 30, of Columbus, Ohio. That was all it took, she said, for the fraudsters to create a Zelle account in her name and gain access to both her checking and savings accounts — all within hours of their phone call.


17 Card readers at electric vehicle charging stations will weaken security

Most electric vehicle (EV) charging stations rely solely on a credit card linked to an app or through contactless payments with RFID-enabled credit cards or through a driver’s smartphone. Contactless payments are one of the most secure ways to pay, cutting out the credit card entirely and reducing the chance that a card will be cloned or have its data skimmed. For charging stations — often in the middle of nowhere and unmonitored — relying on contactless payments can reduce device tampering and credit card fraud. Arizona, California, Nevada, Vermont, and several states across New England are said to be considering installing credit card readers at publicly funded EV charging stations. “While these proposals may be well-intentioned, they could expose drivers to new security risks while providing cyber criminals with easy access to attractive targets."


18 Twitter’s top policy exec said there’s “no doubt” that some social media content contributes to radicalization

“I think that there is content on Twitter and every [social media] platform that contributes to radicalization, no doubt,” said Vijaya Gadde, who is Twitter’s top legal counsel and oversees its policy arm, as well as its health and safety efforts. “I also think we have a lot of mechanisms and policies in place that we enforce very effectively that combat this,” she added. Gadde was speaking onstage at the Code Conference in Scottsdale, Arizona, on Monday, with Twitter’s product lead Kayvon Beykpour, as well as Recode’s Kara Swisher and Peter Kafka. Gadde said Twitter has taken down 1.6 million accounts for terrorism-related reasons, and that over 90 percent of those removed accounts were detected by Twitter’s own technology proactively without depending on user reports.


19 Laptops used in 2016 NC poll to be examined by feds

More than two and a half years after the fact, the Feds are finally going to investigate the failure of voter registration software – from a ­company that had been cyber-attacked by Russians just days before the November 2016 US presidential election – in the swing state of North Carolina. Politico has reviewed a document and spoken to somebody with knowledge of the episode, both of which suggest that the vendor, VR Systems, “inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election.” Specifically, VR Systems used remote-access software to connect for several hours to a central computer in Durham County so as to troubleshoot problems with the company’s voter registration software. In fact, election officials would come to find out that this was common practice, according to Politico’s source, in spite of the fact that election technology security experts agree that it opens up systems to hacking.


20 Telegram messaging service hit by massive DDoS attack

The popular privacy-focused instant messaging application service Telegram has suffered a massive DDoS attack in which its service in the United States and several other countries has been disrupted, the company has revealed. The DDoS attack began targeting Telegram’s servers around 12:20 PM – Jun 12, 2019. The company then sent out a series of tweets revealing the cause of service disruption. One such tweet stated that: “We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues.” In Telegram’s case, it is unclear why the service was targeted and who was behind the attack.

Related Posts