AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 07/16/2019

MyDashWallet, a service that purports to be the fastest way of using DASH cryptocurrency, has revealed its platform was compromised for two whole months, and is now urging users to move their funds as soon as possible (if they’re still there). “The hacker was able to obtain private keys used between May 13 and July 12,” wrote Dash marketing manager Michael Seitz in a July 12 Dash forum post. Inspired by MyEtherWallet, MyDashWallet acts as an online wallet for fledgling altcoin DASH. The service, which runs almost entirely on JavaScript, allows users to store, send, and receive DASH from within their web browser. “Out of an abundance of caution, anyone using mydashwallet.org in that timeframe should assume their private keys are known by the hacker and should immediately move any balances out of that wallet,” he added.


2 FBI Wants to Invest in Social Media Surveillance Tool

Terrorist organizations know their way around the web, and they don’t shy away from using social networks to communicate with each other or to recruit new members. The FBI is looking into gaining more control over social media and the content shared on these platforms, allegedly to keep a closer eye on terrorist organizations, crime groups and national security threats, the agency announced last week. The organization issued a Request for Proposal (RFP) looking for contracts for a social media surveillance tool that would alert them to suspicious online behavior. “The Federal Bureau of Investigation (FBI) intends to award a firm fixed-price contract for the purpose of acquiring subscriptions services to a social media early alerting tool in order to mitigate multifaceted threats, while ensuring all privacy and civil liberties compliance requirements are met,” said the Bureau. “The mission-critical exploitation of social media will enable the Bureau to detect, disrupt, and investigate an ever growing diverse range of threats to U.S. National interests.”


3 Syracuse schools’ cyber attack is ransomware

Ransomware caused the Syracuse City School District’s week-long computer outage, a source said. The district’s internet has had systemwide outages since an “event” early Monday morning, officials said. Officials released little information about the investigation and cause of the computer outages. In a statement Friday afternoon, a spokesman said an “attack froze the district from accessing our own systems." Ransomware attacks have increasingly plagued school districts nationwide in recent years. They work by encrypting a victim’s data and files until a sum is paid to the attacker. The Syracuse schools’ system has not yet been restored in part because hackers have demanded a ransom, and the district has not yet decided whether to pay, a source familiar with the investigation told syracuse.com. The ransom could be in the six figures and officials are concerned it will continue to grow, the source said.


4 Energy grid experts see need for more information sharing with government on cyber security

A panel of energy experts told lawmakers Friday they are focused on combatting cyber security threats to the electric grid but that more has to be done by the government to share classified information with the private sector. Jim Robb, president and CEO of the North American Electric Reliability Corp. (NERC), told members of the House Energy and Commerce Subcommittee on Energy his cooperative would like to see the federal government move faster to declassify information on cyber threats and disseminate it to the private sector. “We don’t need to know the origins,” said Robb, who testified during Friday’s hearing on “Keeping the Lights On: Addressing Cyber Threats to the Grid.” Robb also suggested that Congress could do more to ease security clearances for critical personnel in the industry.


5 Digital Attackers Now Using 16Shop Phishing Kit to Target Amazon Users

In May 2019, McAfee Labs observed a phishing kit targeting Amazon account holders. A closer look at the kit revealed several similarities to 16Shop, a phishing tool that McAfee’s researchers first observed preying upon Apple users in November 2018. At around the same time of its analysis, the security firm noticed that those actors to whom it previously attributed the creation of this phishing kit had changed their social media profile picture to a modified Amazon logo. These two developments led researchers to conclude that those behind this phishing kit had decided to create a new version and go after Amazon users. This new variant of the kit uses attack emails to trick users into visiting a fake Amazon website. There, users receive prompts to update their accounts by resubmitting a variety of information, including their payment card details.


6 Symantec reveals WhatsApp and Telegram exploit that gives hackers access to your personal media

Cybersecurity company Symantec found an exploit that could allow WhatsApp and Telegram media files — from personal photos to corporate documents — to be exposed and manipulated by malicious actors. The security flaw, dubbed Media File Jacking, stems from the time lapse between when media files received through the apps are written to a disk and when they are loaded in an app’s chat user interface. Given the perception that security mechanisms like end-to-end encryption render this new generation of IM apps immune to privacy risks, this threat is especially significant. WhatsApp and Telegram are collectively used by more than 1.5 billion people.


7 Intel officials warn of China’s growing threat to American tech secrets

Intel officials say 5G is just the tip of the iceberg when it comes to the threat China poses to national security, American intellectual property and consumer data. As the United States works toward 5G capabilities, both the intelligence community and elected officials have raised concerns about Huawei, a Chinese company at the forefront of 5G technology. Due to the close relationship between the company and the Chinese government, some worry that the presence of their technology in U.S. infrastructure could give China access to American data or worse, the ability to disrupt American telecommunications. “When we look at Huawei and 5G … we’re really talking about access to the data and the integrity of communication systems especially in times of crisis,” said John Demers, assistant attorney general for national security at the Department of Justice. “What would be the ability of the Chinese government to affect our telecommunications infrastructure if we did get into a conflict with China at some point?”


8 Alleged Iranian hacker who aided cyber espionage attacks on the US unmasked

For years, “Mr. Tekide” has been well-known as a red flag within international cybersecurity communities. The alias has managed to evade being publicly identified despite being deemed a top malware developer and hacker whose crypters – which are used to conceal malware in an attack – have been used in cyber espionage attacks on the United States and broader West, as well as Sunni Arab countries and Israel. But Jeff Bardin – the Chief Intelligence Officer at the California-based security firm Treadstone 71 who has been tracking Tekide since 2015 – says he has unmasked the Iranian man behind the keyboard, who is linked to Tehran’s Ministry of Defense. The hacker is allegedly a 29-year-old veterinarian by the name of Mostafa Selahi Qalavand.


9 Google defends letting human workers listen to Assistant voice conversations

Google is defending its practice of letting human employees, most of which appear to be contract workers located around the globe, listen to audio recordings of conversations between users and its Google Assistant software. The response comes after revelations from Belgian public broadcaster VRT NWS detailed how contract workers in the country sometimes listen to sensitive audio captured by Google Assistant on accident. In a blog post published today, Google says it takes precautions to protect users identities and that it has “a number of protections in place to prevent” so-called false accepts, which is when Google Assistant activates on a device like a Google Home speaker without the proper wake word having been intentionally verbalized by a user. The company also says it has human workers review these conversations to help Google’s software operate in multiple languages.


10 This Is Palantir’s Top-Secret User Manual for Cops

Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren't suspected of a crime.  Through a public record request, Motherboard has obtained a user manual that gives unprecedented insight into Palantir Gotham (Palantir’s other services, Palantir Foundry, is an enterprise data platform), which is used by law enforcement agencies like the Northern California Regional Intelligence Center.


11 Military Discipline in the Social Media Age: How the New Top Marine Plans to Lead

The Marine Corps' new commandant is not one to micromanage — but he expects his leaders to be squared away and put their Marines on the right path when they're misbehaving. Gen. David Berger is not the first commandant who might encounter discipline problems in the ranks. But he's one of just a few who have led the Marine Corps in the age of social media, where some Marines have made career-ending decisions. That has included racist photos, a video showing Marines defiling enemy remains, posts that degraded women and negative comments about the commander in chief.


12 House Intelligence chief presses social media companies on deepfake policies

U.S. House of Representatives Intelligence Committee Chairman Adam Schiff on Monday pressed major social media companies on how they plan to handle the threat of deepfake images and videos on their platforms ahead of the 2020 elections. The Democratic congressman wrote letters to the chief executives of Facebook Inc (FB.O), Twitter Inc (TWTR.N) and Google, which owns YouTube, asking about the companies’ formal policies on deepfakes and their research into technologies to detect the doctored content. Deepfakes use machine learning to manipulate source material and create hyperrealistic content where a person – such as a political candidate – appears to say or do something they did not. Facebook spokesman Andy Stone confirmed the company had received the letter and said it would respond to Schiff accordingly.


13 More Than 1 Million People Agree To 'Storm Area 51,' But The Air Force Says Stay Home

Imagine throngs of people who have never met each other assembling in mid-September before dawn in a Nevada desert town to rush the entrance of Area 51 in search of aliens. It is a fantastical idea conceived of as a joke on social media, but its popularity has spread fast. On Monday, the number of people who signed up for the tongue-in-cheek Facebook call to "Storm Area 51" exceeded 1 million. And now, U.S. military officials say they are monitoring the situation. "The U.S. Air Force is aware of the Facebook event encouraging people to 'Storm Area 51,' " an Air Force spokesperson told NPR.

Related Posts