AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 07/08/2019

1 Hacker Who Disrupted Sony Gaming Firm Gets Federal Prison

A hacker who disrupted Sony Online Entertainment and other gaming companies has been sentenced to more than two years in federal prison. Twenty-three-year-old Austin Thompson of Utah received the 27-month sentence on Tuesday in San Diego. Prosecutors said Thompson carried out a series of distributed denial-of-service computer attacks against Sony and other targets in 2013 and 2014. The attacks flood computer servers with traffic, making them impossible to access and forcing technicians to take them offline for hours. Thompson was ordered to pay $95,000 to cover damages to Sony Online, which was based in San Diego at the time and is now called Daybreak Games. In a plea agreement, Thompson said he’d announce an imminent attack on the Twitter account “DerpTrolling,” then carry it out.


2 FBI Releases Warning on Sextortion Scams Targeting Teenagers

The U.S. Federal Bureau of Investigation (FBI) issued a warning on Twitter regarding sextortion campaigns used by scammers to target young people from all over the United States. "The internet connects you with the world. Do you know who in the world is connecting with you? Sending one explicit image can start a scary cycle," says the FBI in a tweet shared on July 3. The agency also added to their alert the fact that sextortion scams usually rely on photos sent by potential victims to people they don't know in real life. In a story published on FBI's official website at the end of May, the agency states that it is currently "seeing a significant increase in activity involving sextortion—a federal crime that happens when an adult coerces a child to produce sexually explicit photographs or video of themselves and then send it to them over the Internet."


3 Google Chrome Could Soon Block “Heavy Ads” That Use Too Many System Resources

Google is working on a new ad blocker for Chrome browser, but this time the target won’t be killing off all ads that show up when loading a page, but only those that use too many system resources. Google calls these “heavy ads,” and according to a recent commit discovered by 9to5Google, they would be blocked if certain triggers are detected. “This intervention unloads ads that are in the .1% of bandwidth usage, .1% of CPU usage per minute, and .1% of overall CPU time. The current numbers are 4MB network and 60 seconds CPU, but may be changed as more data is available,” the commit reads. “This change introduces a feature that unloads ad iframes that have been detected to use an egregious amount of system resources. This reuses the quiet safebrowsing interstitial UX, which gets loaded into the ad iframe.”


4 Automated Magecart Campaign Hits Over 960 Breached Stores

A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security. The campaign seems to be automated according to Sanguine Security researcher Willem de Groot who told BleepingComputer that the card skimming script was added within a 24-hour timeframe. "It would be nearly impossible to breach 960+ stores manually in such a short time," he added. Even though no information on how such automated Magecart attacks against e-commerce websites would work was shared by Sanguine Security, the procedure would most likely entail scanning for and exploiting security flaws in the stores' software platform.


5 China Targeting USG Employees Via Anthem Hack

The recent indictment of two Chinese nationals for the 2015 hack on Anthem that compromised more than 78 million health records, including 4 million U.S. government employees, moves the provenance of the intrusion from the theoretical to reality: China conducted the hack. Simultaneously, China also hacked the U.S. Office of Personnel Management, which compromised as many as 20 million records containing the history of personnel who had applied for or been granted national security clearances. The fact that a nation-state, China, was behind the Anthem hack did not diminish the actions of the U.S. Department of Health and Human Services’ Office of Civil Rights, which forced the company to pay $16 million. The payment, a resolution amount, was part of a settlement that eclipsed the previous high of $5.55 million paid to OCR, in 2016. The October 2018 settlement also required Anthem to adopt a corrective action plan (CAP) in which the company would adjust its processes and procedures, to be observed by the HHS/OCR for \two years.


6 29 VPN Services Owned by Six China-Based Organizations

Analysis of the world’s top VPN services conducted by the privacy and security research firm VPNpro revealed that the top 97 VPN services are owned by only 23 parent companies. Of those parent companies, six are based in China, and information on these companies is often hidden to consumers, according to VPNpro. Together those six companies offer 29 of the world’s VPN services, but researchers were able to piece together ownership information via company listings, geolocation data, the CVs of employees and other documentation. “OpenVPN is incorporated in the US, and they pride themselves on their transparency and that their open source protocol is the de facto standard used by almost all other providers,” said Francis Dinha, CEO of OpenVPN.


7 Maryland Govt Agency Breach Exposes Names, SSNs of 78K People

The Maryland Department of Labor (Maryland DoL) published a press release today explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party. Maryland's Department of Information Technology (Maryland DoIT) is currently investigating the security breach which exposed data stored "on the Literacy Works Information System and a legacy unemployment insurance service database." So far, Maryland DoIT's investigation did not find any evidence that "any personally identifiable information was downloaded or extracted from Labor servers."


8 Fake Samsung firmware update app tricks more than 10 million Android users

Over ten million users have been duped in installing a fake Samsung app named "Updates for Samsung" that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads. "I have contacted the Google Play Store and asked them to consider removing this app," Aleksejs Kuprins, malware analyst at the CSIS Security Group, told ZDNet today in an interview, after publishing a report on the app's shady behavior earlier today. The app takes advantage of the difficulty in getting firmware and operating system updates for Samsung phones, hence the high number of users who have installed it. "It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device," the security researcher said. "Vendors frequently bundle their Android OS builds with an intimidating number of software, and it can easily get confusing."


9 YouTube’s ‘instructional hacking’ ban threatens computer security teachers

Earlier this year, YouTube added hacking and phishing tutorials to its examples of banned video content — and that ban has been publicized thanks to an apparent crackdown on an ethical “white hat” hacking and computer security channel. Kody Kinzie is a co-founder of Hacker Interchange, which describes itself as an organization dedicated to teaching beginners about computer science and security. Hacker Interchange produces the Cyber Weapons Lab series on YouTube, but yesterday, Kinzie reported that they were unable to upload new videos because of a content strike. “Our existing content is being flagged and pulled, just got a strike too,” noted Kinzie. The rule is laid out on YouTube’s “harmful or dangerous content” page, which bans “instructional hacking and phishing,” i.e. “showing users how to bypass secure computer systems or steal user credentials and personal data.”


10 Lennon or McCartney? Machine learning tries to crack disputed Beatles authorship

As one half of The Beatles, John Lennon and Paul McCartney were behind some of the most beloved songs of the 20th century, including “Yesterday”, “Let It Be” and “Come Together”. But while the popularity of their songwriting remains undisputed, what has not always been clear is exactly who wrote what. Now a team of researchers based at Harvard University, in the US, and Dalhousie University, in Canada, has used machine learning to try and figure out the authorship of some of the most disputed works in The Beatles’ back catalogue.  While some of Lennon and Sir Paul’s co-credited songs were confirmed by the pair to be either team efforts or essentially solo works, the true author of a number of them has never been established for sure on record.


11 Google is testing a play button for Chrome’s toolbar

It appears that Google will soon add a play button to its Chrome browser, as spotted by ZDnet and Techdows. The button will live on Chrome’s toolbar, and will allow users to play or pause a video or music that’s playing in a tab. The feature is called Global Media Controls, and it’s currently being tested on Chrome’s Development browser, Canary. Once it’s enabled, the feature appears next to the URL field, and will highlight what is playing, even if it’s on a different tab. 

Related Posts