AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/21/2021

AI Creates False Documents That Fake Out Hackers

Hackers constantly improve at penetrating cyberdefenses to steal valuable documents. So some researchers propose using an artificial-intelligence algorithm to hopelessly confuse them, once they break in, by hiding the real deal amid a mountain of convincing fakes. The algorithm, called Word Embedding–based Fake Online Repository Generation Engine (WE-FORGE), generates decoys of patents under development. But someday it could “create a lot of fake versions of every document that a company feels it needs to guard,” says its developer, Dartmouth College cybersecurity researcher V. S. Subrahmanian. If hackers were after, say, the formula for a new drug, they would have to find the relevant needle in a haystack of fakes. This could mean checking each formula in detail—and perhaps investing in a few dead-end recipes. “The name of the game here is, ‘Make it harder,’” Subrahmanian explains. “‘Inflict pain on those stealing from you.’”


Criminals are mailing altered Ledger devices to steal cryptocurrency

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. Ledger has been a popular target by scammers lately with rising cryptocurrency prices and the popularity of hardware wallets to secure cryptofunds. In a post on Reddit, a Ledger user shared a devious scam after receiving what looks like a Ledger Nano X device in the mail. As you can see from the pictures below, the device came in an authentic looking packaging, with a poorly written letter explaining that the device was sent to replace their existing one as their customer information was leaked online on the RaidForum hacking forum. “For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device,” read the fake letter from Ledger.


IAB Tech Lab Accused of “World’s Largest Data Breach”

The IAB Technology Laboratory (IAB Tech Lab), which develops ad-industry standards, is being sued by the Irish Council for Civil Liberties (ICCL) for allegedly being responsible for “the world’s largest data breach.” A non-profit digital media consortium established in 2014 and based in New York, the IAB Tech Lab’s 650-member community includes Facebook, Google and Amazon. In a lawsuit filed by ICCL senior fellow Johnny Ryan on May 18 in a court in Hamburg, the IAB Tech Lab comes under fire for real-time bidding, a process during which data is shared between ad brokers and other companies while advertising space is being auctioned as a website loads. Despite the case’s having been filed nearly a month ago, the IAB Tech Lab told a BBC reporter who reached out to the consortium for comment for an article that went live Wednesday that it was not familiar with Ryan’s claim. “We are reviewing the allegations in conjunction with our legal advisers and will respond in due course, if appropriate,” said an IAB Tech Lab spokesperson. Ryan, who worked as an advertising-industry professional before joining the ICCL, claims that when a user loads an app or web page that carries advertising, their data is shared with hundreds of ad brokers. 


CVS Health Records for 1.1 Billion Customers Exposed

More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch is likely due to human error, security researcher Jeremiah Fowler said in a post on WebsitePlanet on Thursday: In other words, it’s probably yet another incidence of rampant misconfiguration that’s plaguing cloud-based storage, leading to exposure of sensitive data on an internal network. According to Fowler’s post, researchers at WebsitePlanet – a portal for web developers and internet marketers – found the non-password-protected database, which had no form of authentication in place to prevent unauthorized entry, on March 21. They coordinated with Fowler in documenting their discovery and on that same day, after they contacted CVS Health, the naked database was closed off from public view.


Fugitive Anonymous Hacker ‘Commander X’ Arrested, Extradited From Mexico

Fugitive hacker Christopher Doyon, or Commander X, was captured in Mexico and has been extradited to the United States, where he will face decade-old hacking charges. Doyon was a member of the Anonymous hacktivist collective. According to an indictment, Doyon was part of a series of coordinated cyber attacks following a protest in Santa Cruz, California in 2010. Demonstrators occupied the front steps of the Santa Cruz Courthouses for approximately two months, from July 4 to October 2, 2010,  to protest the county’s law against camping that directly impacted people experiencing homelessness in the city. Doyon later allegedly shut down the Santa Cruz County website in a DDoS, or distributed denial of service attack, in a coordinated effort with the People’s Liberation Front and Anonymous. According to the indictment, they flooded the network with external communications requests so “the target could not respond to legitimate traffic, or responded so slowly as to render the target effectively unavailable.” 


Starlink dishes go into “thermal shutdown” once they hit 122° Fahrenheit

A Starlink beta user in Arizona said he lost Internet service for over seven hours yesterday when the satellite dish overheated, demonstrating one of the drawbacks of SpaceX’s broadband service. When the user’s Internet service was disrupted, the Starlink app provided an error message saying, “Offline: Thermal shutdown.” The dish “overheated” and “Starlink will reconnect after cooling down,” the error message said. The user, named Martin, posted a screenshot of the error message on Reddit. He contacted Starlink support, which told him, “Dishy will go into thermal shutdown at 122F and will restart when it reaches 104F.” Martin decided to give the dish a little water so it could cool down. He pointed a sprinkler at Dishy, and once it cooled enough to turn back on, “I immediately heard YouTube resume playback,” he wrote yesterday. But the Internet restoration was short-lived, Martin told Ars in a chat today.

Related Posts