AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 06/27/2019

President Donald Trump came within minutes of starting another war in the Middle East last week when he ordered, and then abruptly canceled, a missile strike against Iranian bases. Instead, he launched another strike: a long-planned cyberattack, designed to quietly cripple Iran’s missile defense systems. Anonymous U.S. officials claimed an instant victory, although Iran insists it failed to penetrate its systems. The impact of last week’s attacks may remain up for debate, but a consensus among security experts is abundantly clear: Tehran will hit back, targeting both U.S. government sites and private companies with rudimentary but effective cyberattacks.


2 AI uses camera footage to track pedestrians in dense crowds

Tracking dozens of people in dense public squares is a job to which AI is ideally suited, if you ask scientists at the University of Maryland and University of North Carolina. A team recently proposed a novel pedestrian-tracking algorithm — DensePeds — that’s able to keep tabs on folks in claustrophobic crowds by predicting their movements, either from front-facing or elevated camera footage. They claim that compared with prior tracking algorithms, their approach is up to 4.5 times faster and state-of-the-art in certain scenarios.

3 Canada teams up with tech giants to counter extremist content online

Canada announced funding and other initiatives on Wednesday to counter violent extremist content online by teaming with major technology companies Twitter, Facebook, Microsoft and Alphabet’s Google. Public Safety Canada said in a statement the government will commit up to C$1 million ($762,428) to the Tech Against Terrorism program to create a digital database that will notify smaller companies when terrorist content is detected and help eliminate it. The initiatives follow the Christchurch Call to Action, a non-binding agreement formed after the Christchurch shooting in March to “eliminate terrorist and violent extremist content online.” Canada joined the Christchurch Call to Action in May. The second initiative is a youth conference on countering violent extremism online.


4 Instagram Chief Insists It Doesn't Spy on Users

Instagram doesn't snoop on private conversations as part of its advertising targeting strategy, the head of the popular social media site said in an interview Tuesday. "We don't look at your messages, we don't listen in on your microphone; doing so would be super problematic for a lot of different reasons," Instagram chief Adam Mosseri said in an interview with CBS. "But I recognize you're not going to really believe me." During the interview, Mosseri acknowledged that he is grilled regularly by Instagram users who insist they receive ads from restaurants, stores and other companies after only conducting a private conversation about an item and not posting to the broader site.


5 Senate Report Shows Decade-Long Failure of Gov Agencies to Protect Personal Data

A new report from the U.S. Senate’s Committee on Homeland Security and Governmental Affairs has revealed the decade-long failure of several important federal agencies to secure their systems and protect sensitive and personal information. The report, signed by Rob Portman, chairman of the Permanent Subcommittee on Investigations, and Tom Carper, ranking member of the subcommittee, is the result of a 10-month investigation covering 10 years of Inspector General reports. The analysis targeted the Department of Homeland Security, the Department of State, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education, and the Social Security Administration. These agencies, except the DHS, have been assigned the lowest cybersecurity rating by the Office of Management and Budget.


6 In push to replace Huawei, rural U.S. carriers are talking with Nokia and Ericsson

About a dozen rural U.S. telecom carriers that depend on Huawei for network gear are in discussions with its biggest rivals, Ericsson and Nokia, to replace their Chinese equipment, sources familiar with the matter said. The carriers, which include Pine Belt in Alabama, and Union Wireless in Wyoming, are seeking discounted pricing and looking forward to government assistance but have yet to reach agreements, these sources said. Nokia and Ericsson declined to comment. The talks are critical for small carriers that have relied on Huawei or ZTE for inexpensive, high-quality mobile network gear in recent years even as the big U.S. telecom companies shunned the Chinese firm. The U.S. government has labeled Huawei a security threat and effectively banned U.S. companies from doing business with Huawei.


7 McAfee sues ship-jumping sales staff over trade secret theft allegations

McAfee is suing former senior salespeople whom it alleges stole company trade secrets when they moved to a rival security vendor. Three former "highly compensated" sales staffers, named in court documents as Jennifer Kinney, Percy Tejeda and Alan Coe, are said to have moved to rival antivirus endpoint security company Tanium. "The job functions of each of the Employee Defendants required an intimate knowledge of the ‘secret sauce’ underlying McAfee’s sales tactics and customer strategies, and each of the Employee Defendants executed an Employment Agreement containing confidentiality and non-solicitation provisions as a condition of their employment," alleged McAfee.


8 Cop awarded $585K after colleagues snooped on her via license database

Human Rights Watch estimates that since 2009, there have been at least 14 federal lawsuits filed over cops’ misuse of their access to personal data – think state driver’s license databases – to snoop on fellow officers, public safety personnel, and justice professionals. Others put the number far higher: in Minnesota alone, there have been dozens of these suits. On Wednesday, a rare win in one of those cases happened when a jury awarded Minnesota police officer Amy Krekelberg $585,000, including $300,000 in punitive damages from two defendants who pawed through her personal data to ogle her photograph, address, age, height, and weight after she allegedly rejected their romantic advances, according to court documents.


9 Please stop regulating the dumb tubes, says Internet Society boss

Andrew Sullivan, chief exec of the Internet Society, has condemned governments that "interfere in underlying technologies that people are allowed to build," as regulators increasingly target net infrastructure to enforce their visions of how the online world ought to be. Speaking to The Register, Sullivan warned that laws passed to ban, or force, the use of certain types of tech risked damaging confidence in infrastructure that is becoming ever more vital for the internet to function safely and securely. "If you look at the internet right now, people have been responding to it in recent times primarily in a threat mode," he said, contrasting it to the "everything is great" vibe of the 1990s and early 2000s.


10 FCC lets Verizon lock cell phones to network for 60 days after activation

Verizon yesterday received the government's permission to lock handsets to its network for 60 days after each device's activation, despite open-access rules that apply to one of Verizon's key spectrum licenses. The Federal Communications Commission waiver approval said 60-day locks will "allow Verizon to better combat identity theft and other forms of handset-related fraud." Verizon generally sells its phones unlocked, meaning they can be used on any carrier's network as long as the device and network are compatible with each other. This is largely because of rules the FCC applied to 700MHz spectrum that Verizon bought at auction in 2008. The 700MHz spectrum rules say that a license holder may not "disable features on handsets it provides to customers… nor configure handsets it provides to prohibit use of such handsets on other providers' networks."


11 The first AI capable of simulating the universe works so well it’s scary

A team of researchers recently pioneered the world’s first AI universe simulator. It’s fast; it’s accurate; and its creators are baffled by its ability to understand things about the cosmos that it shouldn’t. Scientists have used computer simulations to try and digitally reverse-engineer the origin and evolution of our universe for decades. The best traditional methods using modern technology take minutes and produce okay results. The world’s first AI universe simulator on the other hand, produces results with far greater accuracy in just milliseconds. According to the team’s paper: Here, we build a deep neural network to predict structure formation of the Universe. It outperforms the traditional fast-analytical approximation and accurately extrapolates far beyond its training data.


12 Social platform Reddit quarantines major pro-Trump community over violence threats

Social media site Reddit restricted access to a major forum for supporters of U.S. President Donald Trump, citing threats of violence against police and public officials. While it was not banned, users accessing the forum, or subreddit, are now met with a message asking: “Are you sure you want to view this community?” before they click to enter. Quarantined subreddits also are not included in searches or recommendations. A note from Reddit administrators, posted by a moderator in the r/The_Donald subreddit, said they had observed repeated rule-breaking behavior and, recently, encouragement of violence against police and public officials in Oregon. The note was later deleted from the subreddit.


13 Staying Cyber-safe on a Summer Vacation

Typical travelers heading out on their summer vacation check that they have the right supplies and clothes for their trip before they hit the road. Expert travelers will be also checking to ensure they are educated and prepared to be cyber-safe with their devices and data while on the road! Thinking of your smartphones and devices as being just as important as your wallet is a proper step in the right direction. These devices contain everything from your banking and payment information to your treasured family photos, and ensuring they are secure and protected when away from home is paramount. In partnership with the National Cybersecurity Alliance (NCSA), we have put together some key tips, strategies, and resources to aid you in being secure during your travels.


14 Recipe for Disaster as Tech Support Scammers Use Paid Search

Tech support gangs have been spotted using paid search to reel in unsuspecting victims looking for food-related content online, according to Malwarebytes. The security vendor spotted scammers buying ads for Google and Bing which it said are designed to lure older netizens searching for food recipes. “This scheme has actually been going on for months and has intensified recently, all the while keeping the same modus operandi,” it said. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months.” As paid search entries are displayed at the top of search listings, users are more likely to click through. Doing so took them to specially created food blogs built by the scammers, complete with comments on the various articles. “However, upon closer inspection, we can see that those sites have basically taken content from various web developer sites offering paid or free HTML templates,” said Malwarebytes.


15 Second Florida city pays giant ransom to ransomware gang in a week

Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network.


16 A hacker invaded 2 CBS reporters' lives without writing a single line of code

The hacker had promised us a surprise, so we should have been ready when she handed us each folded strips of paper with our passwords written neatly inside. We shuddered and grimaced. We had asked Stephanie Carruthers, or  "_sn0ww" as she's known to her colleagues at IBM Security, to spend a month hunting for our personal data online. It took her less than a week to discover enough information to fill a 20-page report. She had found this very personal information without actually hacking anything at all.


17 Facebook’s searchable political ads archive is now global

Facebook has announced it’s rolled out a basic layer of political ads transparency globally, more than a year after launching the publicly searchable ads archive in the US. It is also expanding what it dubs “proactive enforcement” on political ads to countries where elections or regulations are approaching — starting with Ukraine, Singapore, Canada and Argentina. “Beginning today, we will systematically detect and review ads in Ukraine and Canada through a combination of automated and human review,” it writes in a blog post setting out the latest developments. “In Singapore and Argentina, we will begin enforcement within the next few months. We also plan to roll out the Ad Library Report in both of those countries after enforcement is in place. “The Ad Library Report will allow you to track and download aggregate spend data across advertisers and regions.”


18 Facebook says it can't handle election misinformation crisis alone

Mark Zuckerberg has said Facebook cannot be expected to manage the crisis around election misinformation campaigns on its own. The Facebook CEO, speaking at the Aspen Ideas Festival on Wednesday, said that while the company was focused on questions of election security and interference before the 2020 US presidential election, “those are really hard questions to answer”. “I don’t think as a society we want private companies to be the final word on making these decisions,” he added. Facebook is scrambling to address concerns over misinformation spreading on the platform before voters head to the polls. It is facing a potential $5bn (£4bn) fine from the US Federal Trade Commission (FTC), which opened an investigation in response to the Cambridge Analytica revelations first reported by the Guardian and Observer.

Related Posts