AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 07/19/2019


1 Alarm sounds over census cybersecurity concerns

Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete online, over the phone or on paper. The hearing featured testimony from top officials from the Government Accountability Office (GAO), which has added the Census Bureau to its list of “high risk programs” due to cybersecurity and information technology shortfalls.


2 ‘The Chinese have already broken into my stuff’: Cyber espionage concerns Army acquisition three-star

Cyber security remains an issue for Army acquisition, and the solution may mean investing in resources to take some defense contractors completely “off the net,” according to the principal military deputy to the Army acquisition chief. The Army is well poised to stop cyber attacks by independent criminals, but when an attack is sponsored by a nation such as China, the odds of repelling it get dicey. “From a novice, we got you covered. From an intermediate, we probably have you covered,” Lt. Gen. Paul Ostrowski said at an Association of the U.S. Army event Tuesday. “But if you’re a state actor, your ability to tap into stuff is probably pretty extensive.”


3 What good are ‘exceptional’ cyber capabilities without authority?

Secretary of Defense nominee Mark Esper, speaking to senators during his July 16 confirmation hearing, shared his feelings that U.S. Cyber Command possesses “exceptional” cyber capabilities, but just as important is a streamlined framework for using them outside U.S. networks. “Maybe as important as our capabilities, last year the administration put out a new [National Security Presidential Memorandum] 13, which really put our cyber capabilities on a more offensive footing, allowing us to lean forward,” Esper said. Under the previous process, approval for cyber operations had to go all the way to the president for approval. NSPM 13 now allows the president to delegate some of those authorities and reorganizes the approval process through the interagency.


4 Clinical Pathology Laboratories says 2.2M patients exposed in AMCA breach

Clinical Pathology Laboratories is the latest medical testing company to fall victim to a data security breach at billing service American Medical Collection Agency. CPL has discovered that 2.2 million patients’ may have had their names, addresses, phone numbers, birth dates and other personal information stolen. In a statement reported Wednesday by TechCrunch, CPL also said that 34,500 patients may have had their credit card or banking information compromised. The AMCA sent letters to those patients notifying them of the breach.


5 IRS Releases Six Cybersecurity Safeguards

The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals and taxpayers to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information.


6 Microsoft Reports Hundreds of Election-Related Cyber Probes

Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organizations including think tanks and other nonprofits. A company spokeswoman would not name or further characterize the targets. All subscribe to Microsoft’s year-old AccountGuard service. It provides free cyberthreat detection to candidates, campaigns and other mostly election-related groups. Microsoft did not say how many infiltration attempts were successful but noted in a blog post Wednesday that such targeting similarly occurred in the early stages of the 2016 and 2018 elections.


7 Meet IRpair & Phantom; powerful anti-facial recognition glasses

In 2016, Scott Urban, an entrepreneur from Chicago came up with anti-facial recognition glasses “Reflectacles” to work as a defense for users against facial recognition technology. These glasses shield the eyes from security cameras and are designed to prevent the invasion of privacy without consent or knowledge. Now, Scott has launched two more privacy eyewear gadgets called Phantom and IRpair. One of the most prominent and unique features of these two is that they are “the first-ever collection of sunglasses designed to block facial recognition, eye tracking & infrared radiation including 3D IR surveillance cameras during both day and night. Moreover, you cannot log into the iPhone X Face ID (day or night) with IRpair and Phantom.


8 Email scammers extract over $300m a month from American suits’ pockets

While you’re sweating to make an honest crust, email scammers are counting at least $301m in untaxed takings every month in the US alone, according to research by the Financial Crimes Enforcement Network. The FinCEN agency tallied the figures for 2018 (PDF) and found the number of suspicious activity reports describing business email compromises had more than doubled from around 500 per month in 2016, to over 1,100 per month last year. Meanwhile, the number of scammers ballsy enough to impersonate a CEO or other members of the C-suite declined to 12 per cent, down from 33 per cent in 2017.


9 Firefox to Warn When Saved Logins are Found in Data Breaches

Starting in Firefox 70, Mozilla aims to have the browser report when any of your saved logins were found in data breaches. This will be done through their partnership with the Have I Been Pwned data breach site. Mozilla is slowly integrating their independent Firefox Monitor service and the new Firefox Lockwise password manager directly into Firefox.  Mozilla is also considering premium services based around these features in the future. As part of this integration, Firefox will scan the saved login names and passwords and see if they were exposed in a data breach listed on Have I been Pwned. If one is found, Firefox will alert the user and prompt them to change their password.


10 US Govt Rolls Out New DNS Security Measures for .gov Domains

New DNS security measures for all .gov domains will be implemented by the U.S. government starting today to help mitigate risks associated with future DNS hijacking incidents. The DotGov Program “operates the .GOV top-level domain (TLD) and makes it available to US-based government organizations, from Federal agencies to local municipalities,” as per the U.S. General Services Administration (GSA). Starting today, domain point of contacts will automatically be sent email alerts whenever the official .gov registrar will make DNS changes.


11 FTC Seeks Comments on Children’s Online Privacy Protection Act Rule

In light of continued rapid changes in technology, the Federal Trade Commission is seeking comment on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed. The COPPA Rule, which first went into effect in 2000 to implement the Children’s Online Privacy Protection Act, requires certain websites and other online services that collect personal information from children under the age of 13 to provide notice to parents and obtain verifiable parental consent before collecting, using, or disclosing personal information from these children. In a notice to be published shortly in the Federal Register, the FTC is seeking comment on a wide range of issues related to the COPPA Rule. In addition, the FTC will hold a public workshop on October 7, 2019 to examine the COPPA Rule. More details about the workshop can be found on the event page.


12 Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation. The bugs are tied to Gigabyte motherboards used in the vulnerable servers. The culprit is firmware for a motherboard component called a Baseboard Management Controller (BMC), which is used for subsystem management and monitoring. Server-makers using the vulnerable BMC firmware are Lenovo, Acer, AMAX, Bigtera, Ciara, Penguin Computing and sysGen.


13 Microsoft worker charged with stealing millions in digital currency scam

A former Microsoft worker has been charged in what investigators describe as a scheme to steal $10 million in digital currency. The U.S. attorney’s office in Seattle says 25-year-old Ukrainian citizen Volodymyr Kvashuk helped test Microsoft’s MSFT, -0.16%   online retail sales platform. He’s accused of stealing digital currency such as gift cards that could be redeemed for Microsoft products, then reselling them on the internet and using the proceeds to buy a $160,000 TSLA, +0.13%  vehicle and a $1.7 million lakefront home. Prosecutors say he was fired in June 2018 after the scheme came to light, and that during the seven months of his activity, $2.8 million was transferred into his bank accounts.


14 Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers

Microsoft said on Wednesday that it has notified almost 10,000 customers in the past year that they’re being targeted by nation-sponsored hackers. According to a post from Microsoft Corporate Vice President of Customer Security & Trust Tom Burt, about 84% of the attacks targeted customers that were large “enterprise” organizations such as corporations. The remaining 16% of attacks targeted consumer email accounts. Burt said some of the 10,000 customers were successfully compromised while others were only targeted, but he didn’t provide figures. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives,” Burt wrote. Microsoft presented the figures Wednesday at the Aspen Security Forum.


15 U.S. Cyber Command simulated a seaport cyberattack to test digital readiness

When U.S. Cyber Command simulated a cyberattack against a seaport last month, military personnel hunted for adversaries who appeared to be using malware against a critical trade hub. It was the latest version of an annual weeklong test known as “Cyber Flag” that teaches cyber staffers better defend against critical infrastructure attacks, military commanders involved in the exercise told reporters in a briefing Tuesday. By imitating an attack that blocked the seaport’s ability to move cargo — potentially affecting international trade — military leaders tested their readiness for a real-world incident and looked for ways to improve their response. The simulation also included officials from throughout the U.S. government and from allied partners to emphasize stronger coordination.


16 Watchdog groups want Pennsylvania to examine election machines for possible security flaws

Four watchdog groups are calling on Pennsylvania to re-examine a widely used election machine, citing concerns about its security and accessibility. Citizens for Better Elections, Free Speech for People, Protect Our Vote Philly and the National Election Defense Coalition filed a petition Tuesday requesting acting Secretary of State Kathy Boockvar examine the ExpressVote XL electronic voting machines built by Election Systems & Software, one of the largest election equipment manufacturers in the U.S. The groups requested the state agency look into the potential for a manipulated or malfunctioning ExpressVote XL machine to add, modify or invalidate votes after the voter has made their choices, noting that such occurrences “could change election outcomes without detection.”


17 Nigerian scammers slide into DMs, so Ars trolls them

I’ve got a history with Internet scammers. I’ve spent hours on the phone with tech support scammers, and I’ve hunted down bot networks spreading fake news. But for some reason, I’ve lately become a magnet for an entirely different sort of scammer—a kind that uses social media platforms to run large-scale wire-fraud scams and other confidence games. Based on anecdotal evidence, Twitter has become their favorite platform for luring in suckers. Recently, Twitter’s security team has been tracking a large amount of fraudulent activity coming out of Africa, including “romance schemes”—wherein the fraudster uses an emotional appeal of friendship or promised romance to lure a victim into a scam. Thousands of accounts involved in the ongoing campaign have been suspended. But that has hardly put a dent in the efforts of scammers, who move on to set up new accounts and run new scams. And there are dozens of other fraud games being played out on Twitter and other platforms.


18 Slack Initiates Mass Password Reset

Popular workspace collaboration platform Slack is in the middle of asking tens of thousands of users to reset their passwords after a security breach. The move is actually in response to new information that has come to light regarding a 2015 compromise, when hackers infiltrated Slack’s networks to gain access to databases containing user credentials including hashed passwords. They also planted password-scraping malware to capture login information in plaintext when users signed in. While Slack implemented two-factor authentication and a password reset for those affected at the time, a new crop of people that were impacted by the event has come to light after a new batch of stolen credentials was reported via the company’s bug-bounty program.


19 Researchers Claim They Bypassed Cylance’s AI-Based Antivirus

Researchers at Australia-based cybersecurity firm Skylight claim to have found a way to trick Cylance’s AI-based antivirus engine into classifying malicious files as benign. Cylance, which last year was acquired by BlackBerry and is now called BlackBerry Cylance, told SecurityWeek it has launched an investigation to determine if the researchers’ findings are valid or if their method works as a result of a misconfiguration of the product. Artificial intelligence and machine learning are increasingly used by cybersecurity products, often being advertised as a solution to many problems, and even described by some as a silver bullet. However, Skylight researchers claim to have demonstrated that AI-based threat detection can be bypassed by malicious actors.


20 Report Finds California Government IT Security Flaws

California’s state auditor raised alarms Tuesday about information security in some state offices and called for additional oversight and regular assessments. The report from Auditor Elaine Howle comes amid scrutiny of how companies and governments alike handle the data of customers and citizens and as governments grapple with the threat of hackers who might steal information or shut down computer systems. Howle’s office surveyed 33 government entities that are not currently required to meet the sort of information security standards mandated for cabinet-level departments and other executive branch agencies. The auditor’s office found what it labeled “high risk deficiencies” at 21 of those entities.

Related Posts