AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 08/01/2019

1 My info was in the Capital One breach. What should I do?

While the security world focuses on the aftermath of the Capital One data breach, the majority of those impacted by the incident are left with one big question: What do I do? The amount of information taken from the bank’s system is extensive: names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income on 100 million U.S. residents. Social Security numbers and bank account numbers were also pulled from Capital One’s cloud computing infrastructure. If you’ve gotten notice that your information was part of the breach, there are steps that you can take to protect yourself.


2 FTC warns about fake Equifax sites popping up after company agreed to $700M payout

The Federal Trade Commission on Tuesday cautioned consumers about websites masquerading as an official Equifax website. The FTC and Equifax EFX, -0.40%  unveiled a $700 million settlement last week for the company’s 2017 data breach accessing personal information of 147 million consumers. Customers can check if they were affected by the breach and file a claim via one legitimate website: Equifaxbreachsettlement.com. The FTC warnin is also something of a red flag for any customers who may see sites claiming to be Capital One COF, +0.61%  in the wake of the bank’s announcement late Monday that a hacker had accessed the information of more than 100 million people. Capital One is not offering financial compensation to customers. It said it would notify customers affected by the hack through a “variety of channels” and offered free credit monitoring for two years.


3 DOD workers bought thousands of Chinese electronics vulnerable to hacks, spying

Defense Department employees have procured thousands of printers, cameras and computers that carry known cybersecurity risks, and the practice may be continuing, according to an audit released Tuesday by the Pentagon’s inspector general. More than 9,000 commercially available information technology products bought in fiscal 2018 could be used to spy on or hack U.S. military personnel and facilities, the report said. Without fixing oversight of such purchases, more risks lie ahead, potentially including perils for top-dollar weapons that use such “commercial-off-the-shelf” or COTS devices.


4 Capital One data breach: Amazon Web Services is backbone for Netflix, NASA and others

When Capital One disclosed this week that its servers had been hacked by a former Amazon employee affecting more than 100 million customers and compromising information such as Social Security numbers, credit scores and credit card transaction data, attention turned to Amazon. Amazon, after all, provided the backup for Capital One, a fact the bank giant touted on the Amazon AWS website. Via AWS, "Capital One turns data into insights through machine learning, allowing the company to quickly innovate on behalf of its customers," Amazon says on the AWS website. Capital One was hacked big time, blaming the breach on a "firewall misconfiguration." But Amazon says it is not responsible. "AWS was not compromised in any way and functioned as designed," the company said in a statement.


5 How 4 IT technicians saved an Arizona hospital from hacker ransomware

Blue Beckham, Wickenburg’s interim chief information officer, doesn’t know how much the cybercriminals wanted to restore access to the hospital’s systems. The hospital never contacted the encrypted email addresses listed on the ransom message. The government of Lake City, Florida,, a small community of about 12,000 people, approved a bitcoin payment worth about $460,000 after it was hit with Ryuk ransomware around the same time as Wickenburg’s attack, according to the Wall Street Journal. “That would have been an enormous, enormous hit to our operations,” Beckham said. “We’re a community hospital in a rural setting and organizations of our size simply don’t have half a million dollars laying around.” So instead of seeing what the hackers wanted, Beckham said that Wickenburg’s IT staff, a total of four people, including himself, began rebuilding the hospital’s computer systems from scratch.


6 Ameritas Customers Suffer Data Breach

Insurance and finance company Ameritas has notified customers that their personal information may have been exposed in a data breach. The Lincoln-based company said in a letter dated July 23 that several of its employees fell victim to phishing scams in May and early June that tricked them into providing their email credentials. The company says it has taken action to address the exposure, including disabling the unauthorized access and deploying a mandatory company-wide password reset. Information that may have been exposed includes names, home and email addresses, Social Security numbers and policy numbers. The company has hired Kroll Associates, a risk-consulting firm, to investigate the incident.


7 North Carolina County Lost $1.7 Million in BEC Scam

After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors building the county's new high school. BEC, or Business Email Compromise, fraud schemes are scams where crooks deceive employees of privately-held companies and public organizations into wiring money to entities they trust but whose bank accounts were changed to ones controlled by the criminals. Cabarrus County fell for this type of scam when they received a phishing email stating that the bank account for Branch and Associates, the contractor building their new high school, had been changed and that the county should use it for future invoice payments.


8 US chases fraudulent bitcoin exchange BTC-e for $100m

Two years ago, the US government fined an international cybercriminal and his fraudulent bitcoin exchange over $100m. Now, it’s going after them for the money. Attorneys for the US government filed a complaint in court last week against BTC-e and its operator Alexander Vinnik to recover civil penalties originally levied in 2017. Authorities arrested Vinnik in July 2017 while in Greece on holiday with his family. At the same time, the US indicted him for laundering money through the site, and FinCEN levied civil penalties. It fined BTC-e $110m for facilitating ransomware and dark web drug sales, and fined Vinnik $12m for his role in the crimes. It was the first action that the regulator had taken against a foreign money services business operating in the US.


9 DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies?

The huge hack of Capital One may just be the tip of the iceberg. The alleged hacker behind the mega bank breach may have also accessed data from a slew of other organizations. They include one of the world's biggest telecom providers, an Ohio government body and a major U.S. university, according to Slack messages sent by the accused and seen by Forbes. The Department of Justice wouldn't comment on those messages, but told Forbes additional charges against the defendant are a possibility as the investigation continues.


10 Head of SEC Enforcement Dept. for Cryptocurrency, Cyber Security Resigns

The chief of the United States Securities and Exchange Commission (SEC) Division of Enforcement's Cyber Unit, Robert A. Cohen, has stepped down from his role at the commission. According to an official announcement by the SEC, Cohen served as the first chief of the Cyber Unit since its inception in 2017. The Cyber Unit is in charge of securities violations pertaining to cryptocurrency and digital assets, in addition to cyber-related trading violations and cybersecurity disclosures and procedures. During his time leading the unit, Cohen supervised a number of investigations, including a lawsuit against the startup Kik for running an unregistered $100 million token offering, as well as charging DJ Khaled and the boxer Floyd Mayweather Jr. for unlawfully advertising an initial coin offering.


11 The next cybersecurity concern for NATO? Space

A new report warns that the cybersecurity vulnerabilities related to military space systems, specifically terminals and command-and-control systems, deserves renewed attention from NATO countries. The report, titled “Cybersecurity of NATO’s Spaced-based Strategic Assets,” was produced by Chatham House, which is part of the Royal Institute of International Affairs, a policy institute in London. The paper, by Beyza Unal, was released July 1. “There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyberthreat to space-based command and control systems,” the report read. “The increasing vulnerability of space-based assets, ground stations, associated command and control systems, and the personnel who manage the systems, has not yet received the attention it deserves.”


12 Democrats take another stab at preventing foreign election interference

House Democrats introduced legislation Tuesday that would require campaigns to report any foreign contacts to federal authorities, the latest push for election security following last week's warnings from former special counsel Robert Mueller. Campaigns would also be required to implement a “compliance system” to monitor communication with those foreign contacts. “Guarding our country against another attack on our political system should not be a partisan issue — it is a national security issue and it’s an American issue,” Slotkin said in a statement. The bill will be referred to the House Administration Committee.



Nevada Democratic Senator Jacky Rosen will introduce the US-Israel Cybersecurity Center of Excellence Act on Wednesday alongside Republican South Dakota Senator Mike Rounds. The act recommends that the State Department examine the potential benefit of creating a joint American-Israeli cybersecurity center. Rosen, who is a member of the Senate Homeland Security and Government Affairs Committee, said that Israel is “our closest ally in the Middle East” and that this is a “much needed step." She called Israel a center for new and emerging cybersecurity technologies.  Similarly, Rounds called the Jewish state a "world leader" in the field and said such a move could improve American offensive and defensive cyber abilities, which he deemed a "top priority."


14 JCPS technology coordinator fired over data breach

Jefferson City Public Schools' Board of Education decided last Friday to fire a district technology coordinator who copied and transferred files that included students' personal information from a work account to a personal email account. JCPS did not have a comment Monday, but deferred to the findings of fact and conclusions of law provided in the board's decision issued Friday on technology coordinator Tammy Ferry. Ferry copied and transferred thousands of files in January from her work account to her personal Google account without authorization, and the more than 19,800 files contained personally identifiable information that impacted 1,304 students. The district notified families and the public in May of the file transfer — though Ferry was not named at the time as involved — and said there was no evidence of identity theft as a result.


15 DHS ‘blew up’ its hiring system for cybersecurity talent

DHS is currently working with subject matter experts to determine what technical and leadership skills they need and building state-of-the-art assessments. The goal is to move away from the “post and pray” way of recruiting talent on the federal government’s jobs board USAJOBS, Bailey said. “We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee.


16 Google Chrome Hides WWW and HTTPS:// in the Address Bar Again

After installing Google Chrome 76, if you feel like something is missing from the address bar you would be correct. This is because Google has decided to once again to hide, or elide, the "www" subdomain and "https://" from the address. When Chrome 69 was released in September 2018, Google decided to strip the "www" and "m" "trivial subdomains" from the URLs in the address bar. For example, when a user visited www.bleepingcomputer.com, the www would be stripped and displayed as bleepingcomputer.com instead. These subdomains are classified as "trivial" because Google feels that it is not information that most people need to concern themselves with.


17 FTC Tells Equifax Victims to Opt for Credit Monitoring Over $125

The Federal Trade Commission (FTC) says that Equifax data breach victims who already have credit monitoring and opted to get a $125 cash payment might not get it in full and should choose the free credit monitoring option instead. Equifax disclosed the data breach which exposed the sensitive information of roughly 147 million people during September 2017. Under the settlement agreed upon with the FTX on July 22, Equifax said that it will spend up to $425 million to help the breach victims. As part of the settlement, Equifax offered the victims the option to choose between 10 years of free credit monitoring (4 years with Equifax, Experian, and TransUnion, and 6 more only with Equifax) or a $125 cash payment.


18 NY Attorney General Investigates Capital One; Lawsuits Loom

In what's likely the first of many investigations, the New York attorney general's office announced late Tuesday that it's launching a Capital One probe following the disclosure that over 100 million U.S. residents had their personal data exposed in a breach. Meanwhile, the National Law Journal reports that the first of several breach-related class action lawsuits against Capital One are already being filed on behalf of customers. New York Attorney General Letitia James says that even though the FBI arrested the alleged hacker on Monday, too many questions remain about why Capital One's internal security failed its customers.


19 Cisco to pay $8.6 million fine for selling government hackable surveillance technology

Cisco has agreed to pay $8.6 million to settle a claim it sold video surveillance software it knew was vulnerable to hackers to hospitals, airports, schools, state governments and federal agencies. The tech giant continued to sell the software and didn’t fix the massive security weakness for about four years after a whistleblower first alerted the company about it in 2008, according to a settlement unsealed Wednesday with the Justice Department and 15 states as well as the District.


20 Fake iPhone, iPad smuggler lands behind bars

A man has been sentenced to roughly three years in prison for smuggling fake Apple goods from China to the United States. On Wednesday, the US Department of Justice (DoJ) said that Jianhua "Jeff" Li, a 44-year-old living in the US on a student visa, worked with co-conspirators to transport at least 40,000 counterfeit electronic goods. According to court documents, Li, together with Andreina Becerra, Roberto Volpe, Rosario LaMarca, and other conspirators, was involved in the trafficking of fake devices and accessories, including iPhones and iPads. The electronic devices were labeled and packaged to appear legitimate and were smuggled through a company called Dream Digitals.


Related Posts