AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/22/2019

1 DoorDash takes another step toward automated food delivery

TechCrunch speculates that the acquisition is the latest attempt by DoorDash to reduce its reliance on human delivery drivers, by using more automated systems to deliver food. Back in 2017 the company partnered with Starship Technologies to test food deliveries using a small semi-autonomous robot, and earlier this year it started working with GM to use its autonomous vehicles to deliver food in San Francisco.


2 Fargo Public Schools hit by nationwide data breach

Officials with Fargo Public Schools are warning students and their parents about a nationwide data breach that could include your child’s student information. Fargo Public Schools received a letter regarding a data breach affecting an online assessment platform used by the school district. This breach affected more than 13,000 schools and universities. The data contained in the file includes student’s first name, last name, date of birth and student ID number. No other personally identifiable information was affected in the breach and it did not contain social security number, credit card date or financial information.


3 Apple delaying crack down on third-party analytics and advertising in kids apps

For the last several months, Apple has been cracking down on third-party kids apps, specifically in regards to analytics and advertising. A new report from The Washington Post today dives deeper into Apple’s policy change, and notes that the company plans to delay the change. Starting next month, Apple had planned to ban kids apps on the App Store from using any sort of external analytics software. It had also planned to dramatically curtail the advertising allowed in kids apps, which could dramatically impact the businesses of free kids apps. Under the new rules, app developers could still collect data themselves and with Apple’s own analytics software, but third-party services would be banned. It’s now unclear when these new restrictions will go into place – or if they could be slightly loosened.


4 PokerTracker.com Hacked to Inject Payment Card Stealing Script

A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers. Online poker enthusiasts use the Poker Tracker software suite to improve their winning chances by making decisions based on statistics compiled from the opponents’ gameplay. A report on August 8 indicated that Malwarebytes anti-malware blocked Poker Tracker from connecting to a domain known to host credit card skimmers – scripts that copy payment card details on checkout pages and delivers them to the attacker.


5 GitHub Now Scans Commits for Atlassian, Dropbox, Discord Tokens

Microsoft-owned GitHub on Monday announced that its token scanning service will also check commits for Atlassian, Dropbox, Discord, Proctorio and Pulumi tokens that have been accidentally shared. Third-party token scanning was introduced by GitHub in October 2018 and became generally available in May. The service scans public repositories for accidentally committed tokens and alerts the company that issued the token so that it can be revoked before it’s used for malicious purposes. GitHub initially scanned commits for token formats associated with Alibaba Cloud, AWS, Azure, Google, Mailgun, npm, Slack, Stripe and Twilio. The company said on Monday that it has also added Atlassian, Dropbox, Discord, Proctorio and Pulumi to the list of partners.


6 Scammers use bogus search results to fool voice assistants

As reported by the Better Business Bureau (BBB), scammers have worked out how to game the search results for company customer support telephone numbers. It’s a simple con where scammers create fake support numbers for well-known brands, paying for these to be bumped to near the top of search results. A person sitting at home asks their voice assistant (or smart device embedding that technology) to find that company’s telephone number and instead of the correct one, a scammer’s phone number is returned to them to auto-dial.


7 A backdoor mechanism found in tens of Ruby libraries

Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. One of the most popular Ruby libraries, the rest-client, was found containing the malicious code yesterday. The malicious code was included in four versions of rest-client. The Ruby developer Jan Dintel, who analyzed the code, discovered it would collect and send the environment variables of a compromised system (i.e. credentials of services used by the compromised system such as use database, payment service provider) to a remote server in Ukraine.


8 Visa Adds New Threat Detection to Prevent Payment Fraud

Visa announced the addition of new fraud threat detection and blocking tech designed to boost transaction security and, implicitly, the integrity of its payments ecosystem. The company’s new payment fraud prevention security capabilities make it possible for financial institutions and merchant clients using its global electronic payments network. All the security capabilities announced today are immediately available to all Visa clients, with no sign-up requirements or any additional costs. “Cybercriminals attempt to bypass traditional defenses by stealing credentials, harvesting data, obtaining privileged access, and attacking trusted third-party supply chains,” said RL Prasad, Visa Payment System Risk SVP.


9 MoviePass exposed thousands of unencrypted customer card numbers

Movie ticket subscription service MoviePass  has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company’s many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers.


10 Intel, IBM, Google, Microsoft & others join new security-focused industry group

Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the Confidential Computing Consortium, this industry group’s goals will be to come up with strategies and tools to accelerate the adoption of “confidential computing.” By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer’s memory while it’s being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants.


11 Robot battles wrongly banned for ‘animal cruelty’

YouTube has restored some videos of robots fighting after wrongly removing hundreds for displaying a “deliberate infliction of animal suffering or the forcing of animals to fight”. Sarah Pohorecky, of MIT, said film of her robot So Rachet removed on Monday “mysteriously reappeared” on Tuesday. A YouTube spokeswoman said: “With the massive volume of videos on our site, sometimes we make the wrong call.” YouTube would work quickly to reinstate the other videos, she told BBC News. Jamison Go, a research assistant at MIT (Massachusetts Institute of Technology), said he had lost nine videos but others had lost hundreds. “Robot builders across the world cried out in agony as YouTube’s algorithm falsely identified personal videos of robot sport as ‘animal cruelty’ and ‘cock fighting’.”


12 Suspected Capital One hacker requests release from jail on health grounds

The alleged hacker responsible for the theft of 106 million records from Capital One has requested release from federal custody. Lawyers for Paige Thompson, accused of the theft of data from the US financial institution, say that jail is a threat to her mental health and wellbeing, the Seattle Times reports. Capital One said in July that a data breach resulted in the exposure of 100 million records belonging to US citizens, as well as a further 6 million belonging to Canadians. Credit card application data, names, addresses, ZIP codes, phone numbers, email addresses, dates of birth, self-reported income, and some bank account numbers were compromised.


13 Facebook to stop stalking you off-site – but only if asked

A feature in settings called Off-Facebook Activity will show all the apps and websites that send information about you to Facebook, which is then used to target ads more effectively. You will also be able to clear your history and prevent your future off-app behaviour being tapped. But one expert said the move was unlikely to have a big impact on the firm’s profits. For now, it is rolling out very slowly, with only Ireland, South Korea and Spain getting access. But the goal is to eventually offer it globally. The initiative comes at a time when Apple and Mozilla have already taken steps to prevent Facebook and other services from tracking users from one online platform to another via their browsers.


14 Phone Numbers Exposed By Inconsistent Password Reset Processes

Lack of standardization of the password reset procedures of web services can help hackers find the phone number linked to a victim’s email address. Online services have implemented mechanisms to allow users to change the login password in case they lose or want a stronger one. The email address associated with the account is necessary for the procedure. Where a phone number is available, service providers offer mobile text or voice options to receive a temporary code. This is to verify that the legitimate owner of the account initiated the password reset procedure. Offensive security researcher Martin Vigo studied the password reset methods for popular websites and found that they revealed between two and five digits; that would be up to 50% of a U.S. phone number, and more for other countries.


15 Popular VPN site cloned to spread malware

Researchers at Doctor Web’s virus lab discovered that criminals created a website that was a copy of the one belonging to virtual private network service NordVPN. This nord-vpn[.]club website, which is currently inaccessible, was almost identical to the official nordvpn.com site. To make this cloned website appear more legitimate and help it pass browser security checks, it had a valid SSL certificate that was issued by open certificate authority Let’s Encrypt. Visitors to the fake website were prompted to download NordVPN’s client. The real program was installed to avoid suspicion, but the the Win32.Bolik.2 banking Trojan was downloaded alongside it, infecting a user’s system.


16 A botnet has been cannibalizing other hackers’ web shells for more than a year

A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies revealed today.  Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users to online servers, on which they install a cryptocurrency-mining malware. Positive Technologies said this new phase of the Neutrino gang’s operation started in early 2018, when the group assembled a multi-functional botnet that scanned random IP addresses on the internet, searching for particular web apps and servers to infect.


17 Playing Defense Against Chinese Tech Threats ‘Will Only Get Us So Far,’ Lawmaker Says

One lawmaker on Wednesday urged federal leaders to take a more active approach to combating the national security threats posed by Huawei and other Chinese tech giants. “We can defend our own networks and try to slow down Huawei’s global takeover, but ultimately we’re going to need proactive solutions to better support the viability of western aligned alternatives,” Gallagher said on a call with reporters. “It’s safe to say we can’t afford to be complacent, and I think we need to find creative ways to make non-Huawei bids more competitive internationally because the international competition is the ballgame.”


18 LinkedIn stopped more than 21 million fake accounts this year, but legitimate users are the real challenge

The Microsoft-owned professional networking platform on Tuesday announced it’s blocked or removed 21.6 million fake accounts between January and June of this year. Some 19.5 million of those accounts were blocked at the registration stage, meaning they never became active, while employees caught another 2 million and members flagged roughly 67,000 more accounts. LinkedIn largely has been spared from the deluge of propaganda on Twitter and Facebook because so many users act like they do in the workplace, the New York Times reported last week, meaning that when one user starts raving with incoherent grammar, others notice.


19 Texas agency blames ‘single threat actor’ for recent ransomware attacks

The Texas Department of Information Resources (DIR) pointed to a “single threat actor” on Tuesday as being responsible for a recent spate of ransomware attacks on small local governments and other state entities. The attacks took place late last week and took down systems of 22 Texas entities. The State Operations Center was immediately activated, and the FBI, the Department of Homeland Security and the Federal Emergency Management Agency are involved in the investigation into the attacks. While DIR has not named those impacted, the city governments of Borger, Texas, and Keene, Texas, have confirmed that they were among the victims of the attack.


20 In New Facebook Effort, Humans Will Help Curate Your News Stories

Facebook has long relied on algorithms to select news stories for its users to see. Now the social network wants to rely on something else for the same task, too: humans. Specifically, Facebook plans to hire a team of editors to work on a news initiative called News Tab, which is its latest venture into the world of publishing. The Silicon Valley company said that journalists would help curate News Tab, a new section inside of the company’s mobile application that will surface the most recent and relevant stories for readers.

Related Posts