AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/21/2019

1 Cyber Safety for Students

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students.


2 Apple is rebuilding Maps from the ground up

It’s doing this by using first-party data gathered by iPhones with a privacy-first methodology and its own fleet of cars packed with sensors and cameras. The new product will launch in San Francisco and the Bay Area with the next iOS 12 beta and will cover Northern California by fall. Every version of iOS will get the updated maps eventually, and they will be more responsive to changes in roadways and construction, more visually rich depending on the specific context they’re viewed in and feature more detailed ground cover, foliage, pools, pedestrian pathways and more.


3 Developers accuse Apple of anti-competitive behavior with its privacy changes in iOS 13

A group of app developers have penned a letter to Apple CEO Tim Cook, arguing that certain privacy-focused changes to Apple’s iOS 13 operating system will hurt their business. In a report by The Information, the developers were said to have accused Apple of anti-competitive behavior when it comes to how apps can access user location data. With iOS 13, Apple aims to curtail apps’ abuse of its location-tracking features as part of its larger privacy focus as a company.


4 How malformed packets caused CenturyLink’s 37-hour, nationwide outage

CenturyLink’s nationwide, 37-hour outage in December 2018 disrupted 911 service for millions of Americans and prevented completion of at least 886 calls to 911, a new Federal Communications Commission report said. Back in December, FCC Chairman Ajit Pai called the outage on CenturyLink’s fiber network “completely unacceptable” and vowed to investigate. The FCC released the findings from its investigation today, describing how CenturyLink failed to follow best practices that could have prevented the outage. But Pai still hasn’t announced any punishment of CenturyLink. The outage was so extensive that it affected numerous other network operators that connect with CenturyLink, including Comcast and Verizon, the FCC report said.


5 Cable One email data breach could affect employees, family members

Cable One Inc. said Friday that a data breach earlier this year could have affected the personal information of some current and former employees, but also could have reached some of those employees’ family members. The Phoenix-base broadband communications provider said in a statement the incident happened in May, when an unauthorized individual, through a third-party vendor, obtained access to about 14 Cable One employee email accounts. The accounts contained personal information about the employees but in some cases, an unidentified number of their dependents or other individuals outside the company.


6 ASU accidentally reveals email addresses of 4,000 students

Arizona State University has notified 4,000 students that their email addresses “were accidentally revealed” in a large data breach. ASU told the students on Aug. 16 it happened in late July when a university office sent bulk emails about renewing health insurance coverage without masking the identities of the recipients. Some of the email addresses revealed recipients’ names, as well. This unintended action is considered a data breach under the Health Insurance Portability and Accountability Act (HIPAA). “The only items of protected health information (PHI) released were the students’ email addresses. No other PHI was released,” stated the school.


7 Google and Gmail were down for thousands of users, mostly in the United States

Google and its popular email service, Gmail, experienced issues on Monday for thousands of users largely in the United States, according to Google’s services dashboard, reports on social media, and online tools that monitor website outages. The issues appeared to be affecting the East Coast near cities such as New York and Boston, as well as areas on the West Coast near San Francisco and Los Angeles, according to Down Detector, which tracks website outages. The live map on Down Detector also showed that people near Houston and Dallas were reporting outages.


8 The Rise of “Bulletproof” Residential Networks

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers. But this story is about so-called “bulletproof residential VPN services” that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the world’s largest ISPs and mobile data providers.


9 Software bug caused CBP airport system outage

The nationwide outage on Aug. 16 of Customs and Border computer systems that processed international travelers at airports across the U.S. was caused by a software bug that hit in the wake of a system update, the agency said. The outage, which hit airports from New York’s John F. Kennedy International, O’Hare International in Chicago and Washington D.C.’s Dulles International and others from coast-to-coast resulted in long lines for passengers at the facilities on a busy summer Friday. In a statement to FCW on Aug. 19, a CBP spokesperson said the systems it uses to process international travelers “experienced a temporary outage that resulted in an impact to passenger processing at CBP ports of entry nationwide.”


10 FTC chairman says Facebook’s plan to merge brands may make it harder to split

Facebook Inc’s plan to integrate Instagram and WhatsApp more closely could hinder any attempts to break up the social media giant, Federal Trade Commission Chairman Joseph Simons told the Financial Times on Monday. Simons said all options were on the table as the FTC investigates Facebook for potential antitrust violations, but added that any attempt from Mark Zuckerberg to combine the social media company’s three major brands could complicate any case, according to the FT report.


11 Navy Moving Ahead to Create Special Cyber Office

The Navy Department will soon create a new office led by a special assistant to the secretary who will have sweeping authority to integrate and manage the critical areas of information management and security, aided by four deputies responsible for buying the right technology, determining strategies to better handle digital information and data and to enforce greater cybersecurity within the naval services and industrial suppliers. The new special assistant, who also will be the department’s chief information officer, and the deputies are being recruited from experts in the private sector and should be named in the near future, Navy Undersecretary Thomas Modly said on Friday.


12 Did Facebook know about “View As” bug before 2018 breach?

A recent court filing indicates that Facebook knew about the bug in its View As feature that led to the 2018 data breach – a breach that would turn out to affect nearly 29 million accounts – and that it protected its employees from repercussions of that bug, but that it didn’t bother to warn users. There was a class action lawsuit – Carla Echavarria and Derrick Walker v. Facebook, Inc. – filed within hours of Facebook’s revelations last September that attackers had exploited a vulnerability in its “View As” feature to steal access tokens: the keys that allow you to stay logged into Facebook so you don’t need to re-enter your password every time you use the app. Reuters reports that the lawsuit in question actually combined several legal actions, presumably including the one filed on the same day as Facebook disclosed the breach.


13 YouTube sues alleged copyright troll over extortion of multiple YouTubers

YouTube is going after an alleged copyright troll using the Digital Millennium Copyright Act’s (DMCA) provisions, alleging that Christopher Brady used false copyright strikes to extort YouTube creators, harming the company in the process. Now, YouTube is suing Brady, using the DMCA’s provisions against fraudulent takedown claims, seeking compensatory damages and an injunction against future fraudulent claims. The lawsuit, first spotted by Adweek reporter Shoshana Wodinsky, alleges that Brady sent multiple complaints claiming that a couple of Minecraft gaming YouTubers — “Kenzo” and “ObbyRaidz” — infringed on his copyrighted material in January. (Their legal names were not listed in the lawsuit.) YouTube removed the videos that Brady claimed were infringing on his copyrighted material, as the company does whenever a claim is submitted.


14 Investigating cyber-security at U.S. Central Command

While the college admissions scandal exposed students getting undue help on their exams, FOX 13 started hearing and investigating claims of a different kind of cheating in one of the most sensitive parts of our government. Ted Carrier is a cyber-defense analyst who worked for a contractor at U.S. Central Command inside Tampa’s MacDill Air Force Base. They called him a mission-essential individual for computer network defense. He was responsible for protecting military secrets from hackers. The Department of Defense requires ethical hacker certification to make sure its cyber defenders are ethical, but can think like hackers to keep them from penetrating military computer systems. That is where Carrier claims CENTCOM, and taxpayers, have a problem. To get certified, Carrier claims he and others got undue help on their ethical hacker exams.


15 Cancer research organizations are now the focus of Chinese hacking groups

Chinese advanced persistent threat (APT) groups are honing in on cancer research institutes in recent cyberattacks in order to steal their work, researchers say. Cancer is the second leading cause of death worldwide and claimed the lives of 9.6 million individuals in 2018. The World Health Organization (WHO) estimates that one in six deaths annually are caused by cancer, and with these high mortality rates, researchers across the globe are working towards ways to improve detection and treatment. China, too, is contributing — but cybersecurity firm FireEye says that facing cancer’s impact on society, death rates, and the cost of care, the country is not above using nefarious methods to speed up research goals.

Related Posts