AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/19/2019

1 Apple’s warning: Break Safari’s web-tracking rules and we’ll hit back

ITP broadly aims to limit marketers from tracking iOS and macOS Safari users across different websites, but without impeding a marketer’s ability to measure the performance of their online ads. The document outlines what Apple considers to be tracking, different types of tracking, the types it will prevent, and how it treats any attempt to bypass its anti-tracking measures. The company warns it will treat efforts to circumvent its anti-tracking tech in Safari “with the same seriousness as exploitation of security vulnerabilities”, with its response potentially targeted at a specific organization.


2 A new app can detect Bluetooth credit card skimmers on gas pumps

This new app, dubbed Bluetana, developed by researchers at the University of California, San Diego and the University of Illinois Urbana-Champaign, can detect Bluetooth-enabled skimmers without having to dismantle vulnerable gas pumps. By detecting Bluetooth signatures, the app aims to find more skimmers without flagging false positives, like speed-limit signs and fleet tracking systems, said Nishant Bhaskar, a PhD student and one of the researchers. Many skimmers use the same components, which when detected can indicate the presence of a skimmer.


3 US Cyber Command has publicly posted malware linked to a North Korea hacking group

U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research. It’s not the first time the unit has uploaded malware to the server — it has its own Twitter account to tell followers which malware it uploads. On one hand the disclosure helps security teams fight threats from nation states, but it also gives a rare glimpse inside the nation state-backed hacking groups on which Cyber Command is focused.


4 Apache Struts Called Out For Incorrect Security Advisories

A leading open source project has come under fire for issuing misleading security advisories which may have put customers of its software at unnecessary risk. Security vendor Synopsys analyzed 115 separate releases for popular web application framework Apache Struts and matched them up against the relevant advisories from the open source project. In total, 24 of the 57 Apache Struts security advisories – nearly half – made mistakes when listing the versions of the framework that were impacted by vulnerabilities. In fact, 61 additional versions of Apache Struts were impacted by at least one previously disclosed vulnerability, potentially exposing users to attack.


5 Trump Administration Asks Congress to Reauthorize N.S.A.’s Deactivated Call Records Program

In a letter to Congress delivered on Thursday and obtained by The New York Times, the administration urged lawmakers to make permanent the legal authority for the National Security Agency to gain access to logs of Americans’ domestic communications, the USA Freedom Act. The law, enacted after the intelligence contractor Edward J. Snowden revealed the existence of the program in 2013, is set to expire in December, but the Trump administration wants it made permanent.


6 Instagram adds tool for reporting false information

Instagram is adding an option for users to report posts they think are false, the company announced on Thursday, as the Facebook-owned photo-sharing site tries to stem misinformation and other abuses on its platform. Posting false information is not banned on any of Facebook’s suite of social media services, but the company is taking steps to limit the reach of inaccurate information and warn users about disputed claims.


7 Google Has Started Removing FTP Support From Chrome

Google developers have wanted to remove FTP support from the Chrome browser for quite some time and have been slowly whittling away at its support. In a series of proposed code changes and an “Intent to Remove”, the end is near for the FTP protocol in Chrome. In a series of bug posts created over the years, Google devs has made it clear that they would rather get rid of the FTP protocol than support it.  This has led to a slow chipping away of features until there was not much left of the FTP protocol. In a post made tonight to the Chromium blink-dev mailing list, Google has finally announced their “Intent to Remove” FTP from Chrome due to its lack of usage and support for transferring files over encrypted connections.


8 Google wants to reduce lifespan for HTTPS certificates to one year

Google wants to reduce the lifespan of SSL certificates (used to secure HTTPS encrypted traffic) from the current two years to just over a year. The proposal was made by Ryan Sleevi, Google’s representative, at a F2F meeting of the CA/B Forum in Thessaloniki, Greece, in June. The CA/B Forum is an unofficial industry group made up of certificate authorities (CAs; companies that issue SSL certificates) and browser makers. No vote was held on the proposal; however, most browser vendors expressed their support for the new SSL certificate lifespan.


9 The Army is Falling Behind on Staffing Cyber Units, GAO Says

The Army is struggling to staff, train and equip its newly activated cyber and electronic warfare units, and officials haven’t assessed how those challenges will impact the Pentagon’s digital capabilities, according to a congressional watchdog. In recent years, the Army has been rapidly expanding its cyber capabilities to stay ahead of the growing digital threats posed by adversaries like Russia and China, but the Government Accountability Office found the service is having a tough time keeping up with its ambitious plans. The Army activated two digital warfare units last year despite significant personnel shortages, auditors said, and officials are struggling to update the equipment and doctrine used to train soldiers.


10 Canadian city loses big money in phishing scam

The city of Saskatoon in Canada’s western prairies has lost more than Can $1 million to a fraudster posing as a construction executive, in the latest online phishing scam to plague one of the country’s cities. The fraudster impersonated the chief financial officer of a local construction company to advise the city of a change in banking information in an email, the local government said in a statement. The city then deposited a payment of Can $1.04 million (US$780,000) into the fraudulent account. Police are investigating the fraud, which was discovered earlier this week, and officials are still trying to recover the funds, city manager Jeff Jorgenson told a press conference on Thursday.


11 Decade-Long Bank Account Hacking Scheme Gets Fraudster 57 Months

Brooklyn man Jason Mickel Elcock was sentenced today to 57 months in prison for a series of account hijacking attacks spanning more than a decade, having used stolen personal and financial information to pilfer over $1.1 million from banks and online retailers. Account hijacking is a well-known tactic in identity theft schemes through which attackers profit from their victim’s stolen account information to conduct unauthorized activities. In this case, the account hijacking attacks were the result of account info stolen from tens of thousands of businesses and individuals, information which allowed Elcock and his co-conspirators to defraud their victims.


12 Officials say at least 20 Texas government entities targeted in cyber attack

At least 20 local government entities across Texas were hit by a ransomware attack, authorities announced Friday.  The Texas Department of Information Resources (DIR) said in a statementthat officials from state agencies were responding to the cyber attack, but did not release the identities of affected agencies. “Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested,” the department said in the press release.


13 Ransomware attack hits Grays Harbor Community Hospital

Grays Harbor Community Hospital (GHCH) and Harbor Medical Group (HMG) are reporting a ransomware attack that involved patient health information. According to a release from the hospital, the ransomware attack was discovered June 15. Databases containing electronic medical records for 85,000 patients were encrypted by a sophisticated software program (ransomware) designed to block access to a computer system until a sum of money is paid. GHCH and HMG have notified the FBI of the incident. At no time was patient care compromised.


14 Hy-Vee confirms credit card breach at gas pumps, restaurants

Supermarket chain Hy-Vee has revealed that the credit card payment information of some of its customers has been exposed in a recent data breach. The Iowa-based company, which has grocery stores dotted around southern Minnesota and the Twin Cities, says there was a “security incident” involving the payment processing systems at its fuel pumps, drive-thru coffee shops and restaurants. The restaurants include its Market Grilles, Market Grille Express and Wahlburgers locations operating at Hy-Vee grocery stores.


15 US CyberDome Poised to Protect 2020 Elections

An A-list of cyber experts, including former Homeland Security Secretary Jeh Johnson, has put its weight behind U.S. CyberDome, a nonpartisan initiative to protect presidential campaigns against foreign influence. Matthew Barrett, a former National Institute of Standards and Technology leader and co-founder of CyberDome, outlines how this group is gearing up for the 2020 election. “There’s a need for many hands and many perspectives on this really complicated circumstance,” Barrett says in this interview with Information Security Media Group. “We feel like aspirationally what we do is that we work to better ensure free speech, an election free of interference and really, in a lot of respects, the sanctity of our democracy.”


16 Researchers were able to detect what is typed using just a smartphone

Researchers from SMU’s Darwin Deason Institute for Cybersecurity found that acoustic signals, or sound waves, produced when we type on a computer keyboard can successfully be picked up by a smartphone. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing. The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.


17 Tim Cook tells Donald Trump that U.S. tariffs on Chinese imports could hurt Apple, help Samsung

President Donald Trump said on Sunday that he had spoken with Apple’s Chief Executive Tim Cook about the impact of U.S. tariffs on Chinese imports as well as competition from South Korean company Samsung. Trump said Cook “made a good case” that tariffs could hurt Apple, given that Samsung’s products would not be subject to those same tariffs. Tariffs on an additional $300 billion worth of Chinese goods, including consumer electronics, are scheduled to go into effect in two stages on September 1 and December 15.

Related Posts