AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 07/25/2019

1 Your Android’s accelerometer could be used to eavesdrop on your calls

Just because you don’t give an application access to your microphone doesn’t mean that it can’t listen to you. Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more. When you install an Android app, it has to ask your permission if it wants access to your microphone so that it can listen to what you’re saying. However, the researchers discovered a workaround. Most modern smartphones have accelerometers that are supposed to sense how quickly you’re moving. They’re useful for fitness apps, for example. Android apps don’t need permission to use the phone’s accelerometer, so the researchers used it as a listening device. The smartphone’s loudspeaker causes the device’s body to vibrate, and they were able to hijack the accelerometer to sample these vibrations.

 

2 Mnuchin says Facebook must satisfy regulatory concerns ahead of Libra launch

U.S. Treasury Secretary Steven Mnuchin said in a television interview that Facebook must satisfy regulatory concerns before it launches Libra, its planned cryptocurrency. “As it relates to Libra, we’ve made it very clear to Facebook before they start this, this needs to be something that passes our regulations,” Mnuchin said in an interview with CNBC.

 

3 Facebook to pay $100 million to settle with SEC over misuse of user data

Facebook Inc (FB.O) agreed to pay a $100 million fine to settle charges by the U.S. Securities and Exchange Commission that it misled investors for more than two years about the misuse of its users’ data, the regulator said on Wednesday. The SEC said Facebook knew by Dec. 2015 that a researcher had improperly sold information related to tens of millions of users to data analytics firm Cambridge Analytica, but did not disclose the breach until March 2018, causing its stock to drop. Facebook did not admit or deny wrongdoing in agreeing to settle.

 

4 Justice Department launches antitrust probe into big tech

The Department of Justice is launching an antitrust probe into some of the world's biggest and most influential tech companies, the agency announced Tuesday. The department's Antitrust Division, which is responsible for reviewing and enforcing issues relating to mergers, monopolies, competition, and price-fixing, said its review would "consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online." “Without the discipline of meaningful market-based competition, digital platforms may act in ways that are not responsive to consumer demands,” Makan Delrahim, head of the Antitrust Division, said. “The Department’s antitrust review will explore these important issues.”

 

5 Shanann Watts’ father pleads for end to cyber bullying, harassment

At a press conference Monday, Shanann Watts' father pleaded for an end to the cyber bullying and harassment his family has received since his daughter and granddaughters were killed. Frank Rzucek invited the media to the press conference in Frederick Monday afternoon. He flew from North Carolina to make the statement. Rzucek said his family has been dealing with bullying since Chris Watts murdered Shanann and their daughters, 4-year-old Bella and 3-year-old Celeste, in their Frederick home on Aug. 13, 2018. "Every time we turn around, there is someone trying to capitalize on our tragedy by spreading false rumors and outright lies," Rzucek said. He said social media platforms like Facebook and Twitter have allowed lies and conspiracy theories about the murders to spread.

 

6 Yahoo's $117 Million Data Breach Settlement Moves Forward

Yahoo's $117.5 million settlement of massive data breaches occurring between 2012 and 2016 has been granted preliminary approval by a federal judge. The deal's terms don't “improperly grant preferential treatment to any individual or segment of the settlement class and fall within the range of possible approval as fair, reasonable, and adequate,” U.S. District Court Judge Lucy Koh in the Northern District of California wrote Saturday in an order allowing the settlement to advance. Koh added that the resolution “appears to be the result of serious, informed, non-collusive negotiations conducted with mediators.”

 

7 BEC Scammers Trick Employees Into Giving Away Customer Info

Business email compromise (BEC) scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel. Aging reports, also known as a schedule of accounts receivable, are sets of outstanding invoices which allow a company's financial department to keep track of customers who haven't yet paid services or goods they were allowed to buy on credit. "It’s an essential tool for both accounts and management to maintain an overview of their credit and collection processes, and breaks down outstanding debts into thirty-day increments, culminating with payments that are more than ninety days overdue," says Agari threat researcher James Linton.

 

8 Hydro-Québec warns customers about fraudsters using the company's name

Hydro-Québec is warning its clients to beware of new scams that are circulating around the province, using the utility company’s name. The alert warns of e-mail, text, and telephone frauds whose “primary objective is to obtain the recipients’ personal or financial information in order to steal their identity and their money.” The company says scammers are asking clients for credit card information, contacting people pretending to be Hydro-Québec employees. Fraudsters are also offering fake Hydro-Québec jobs, asking clients to open a file with personal information to get full access.

 

9 8 More Providers Added to AMCA Data Breach Victims

Eight covered entities have been added to the victim tally of the massive American Medical Collection Agency breach, which has now claimed a total of up to 25 million breached patient records. Austin Pathology Associates became the third provider within a week to report its patient records were breached during the eight-month hack on the billing services vendor. Shortly after, seven more covered entities reported they too were impacted:  Natera, American Esoteric Laboratories, CBLPath, South Texas Dermatopathology, Seacoast Pathology, Arizona Dermatopathology, and Laboratory of Dermatopathology ADX. In total, more than 774,640 patients have been added to the breach by these covered entities (Natera did not disclose how many of its patients were impacted).

 

10 Cybercrime gang adds new tactics to credit card data-stealing campaign

A hacking operation has deployed new malware in the latest evolution of its campaign to make money by stealing credit card data.

The FIN8 cybercrime group was first identified in January 2016, and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark web underground forums. The nature of the attacks means retailers and the hospitality sector are common targets. FIN8 appeared to disappear for two years before re-emerging in June. The group seems to have started where it left off, continuing to evolve and adapt malicious tools to improve the success of its campaigns. Hundreds of organizations are thought to have fallen victim to FIN8 campaigns since the group first emerged.

 

11 Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways

The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. The attacks span major industries like banking, power, and media. Here’s how they work. The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them. The attackers utilise what appears to be compromised email accounts to send a genuine link to a WeTransfer hosted file. As these are legitimate links from WeTransfer, this allows them to travel straight through security checks at the gateway.

 

12 US Troops Using Russia-Connected FaceApp Urged to Be Cautious

Privates tempted to see what they'll look like as salty old retired sergeants major may want to think twice before using a popular new app that can age their youthful photos. Senate minority leader Chuck Schumer wants a congressional investigation into FaceApp, a Russian-developed smartphone application that puts a filter over facial images to show what people look like years older or younger. The New York Democrat and others have voiced concerns about a developer based in a country that has carried out hostile cyber acts — including attempts to influence a U.S. presidential election — having access to Americans' cell phone data. As of Thursday, FaceApp already had 12.7 million downloads, Business Insider reported.

 

13 Google bans DarkMatter certificates from Chrome and Android

A Google representative announced today plans to ban root certificates owned by an UAE-based company accused of selling surveillance tools and hacking services. The ban will apply to Chrome and Android. Once the ban enters into effect, HTTPS connections that have been encrypted and signed by TLS certificates sold or issued by DarkMatter will show security-related errors in the Chrome browser and Android applications. Google's decision was announced after DarkMatter applied to become an approved certificate authority (CA) and have its root certificate included in major browsers last year. Mozilla declined DarkMatter's request at the start of the month, citing fears that DarkMatter might abuse its inclusion in the Firefox certificate store (a certificate whitelist) to issue certificates to threat actors that may use them to snoop on users' HTTPS traffic.

 

14 3 Romanian Men Sentenced for Hacking US Servers

Three men who hacked U.S. computers from Romania have been sentenced to prison for a fraud scheme totaling more than $21 million, federal prosecutors in Georgia said Tuesday. Sentences ranged from four years and three months to eight years and two months for the men, who all are from Ploiesti (ploy-ESH-tee), Romania, U.S. Attorney Byung J. "BJay" Pak of Atlanta said in a news release. "We are warning cyber-criminals no matter where they reside, that this office and our law-enforcement partners are committed to finding you, extraditing you to this district, and prosecuting you," Pak said. They were extradited last year and all pleaded guilty earlier this year to charges of wire fraud conspiracy, computer fraud and abuse, and aggravated identity theft, according to prosecutors' statement.

 

15 US man faces up to 5 years in prison for selling $2 million worth of Bitcoin online

A federal grand jury has indicted a New Jersey man for selling over $2 million worth of Bitcoin $BTC3.88% through an unlicensed money transmitting business. William Green, 46, who was charged with one count of operating the unlicensed business, is set to appear before a United States District Judge although no date has been set yet. According to documents filed and statements heard in court, Green’s business was “Destination Bitcoin,” a website that allowed him to convert customers’ fiat deposits into Bitcoin in exchange for a fee. Unfortunately for Green, US federal law says that any individual who owns or controls a money transmitting business must register it with the Secretary of the Treasury – including ones that sell Bitcoin for cash.

 

16 Stock Trading Firm Robinhood Stored User Passwords in Plaintext

Robinhood, a California-based financial services company that provides a popular commission-free stock trading app, informed some users that their passwords were stored in plaintext. “When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your Robinhood password may have been included,” the company told impacted customers. Robinhood says it has addressed the issue and claims to have found no evidence that the exposed passwords have been accessed by anyone outside its response team. However, “out of an abundance of caution,” impacted users have been advised to change their passwords.

 

17 The video game industry is a black hole for cybersecurity

New data from Akamai, an internet delivery and cloud services company, has exposed that the video game industry remains a growing threat vector for security breaches. Hackers have targeted 12 billion credential stuffing attacks against game websites within a 17-month period. Emuparadise, the retro gaming site, is the latest gaming community to admit having suffered a credential stuffing attack. The reason that gaming is subject to so many breaches is twofold; No. 1, most video game companies use low-friction authentication measures because increasing friction drives customer attrition and results in a loss of revenue. The second issue is that from a consumer perspective, gaming is seen as having a low financial risk and, as a result, gamers tend to use less secure passwords.

 

18 Louisiana School Systems Cyber Attacked; Emergency Declared

Louisiana Gov. John Bel Edwards has issued an emergency declaration after malware attacks against three school systems in the state have been detected. Edwards didn’t provide details about the attacks affecting school systems in Sabine and Morehouse parishes and the City of Monroe. He says the declaration makes state resources available to help local governments respond to the cyberattacks and stop future data loss. Edwards’ office says the declaration will remain in effect through Aug. 21, unless terminated earlier.

 

19 Facebook warns privacy changes will slow revenue growth, discloses another U.S. probe

Facebook said on Wednesday that new rules and product changes aimed at protecting users’ privacy would slow its revenue growth into next year and significantly raise expenses, taking the shine off quarterly revenue results that beat expectations. The outlook was the latest twist in a day of contrasting news for the world’s largest social media company. Facebook earlier agreed to pay $5 billion to settle a U.S. Federal Trade Commission data privacy probe but then disclosed that the regulator was now investigating it for anti-competitive behavior.

Related Posts