AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/23/2019

1 Intel unveils first artificial intelligence chip Springhill

Intel Corp on Tuesday unveiled its latest processor that will be its first using artificial intelligence (AI) and is designed for large computing centers. The chip, developed at its development facility in Haifa, Israel, is known as Nervana NNP-I or Springhill and is based on a 10 nanometer Ice Lake processor that will allow it to cope with high workloads using minimal amounts of energy, Intel said. Facebook, it said, already has started using the product.


2 CISA Insights: Ransomware Outbreak

The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA: Actions for Today – Make Sure You’re Not Tomorrow’s Headline; Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse; Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark.


3 Moe’s, McAlister’s, Schlotzsky’s latest victims of data breach, company says

A spokeswoman for Atlanta-based Focus Brands Inc. said the company’s investigation “is focused on transactions that occurred from April 2019 into July 2019.” “We believe the actions we have taken have stopped unauthorized activity, and cybersecurity firms have been engaged to determine the specific restaurants and time frames involved,” Angie Champsaur said in the statement. “Law enforcement and the payment card networks have been notified. The findings from the investigation will also be used to implement enhanced security measures.”


4 Second Steam Zero-Day Impacts Over 96 Million Windows Users

A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets. This happens after Valve disputed the significance of the previous Steam 0day disclosed by Kravets on Twitter and banned him out of their HackerOne bug bounty program. Seeing that this vulnerability impacts only the Steam Windows client, with Steam having over 100 million registered users and 96.28% of them are running Windows according to the Steam Hardware & Software Survey: July 2019, the systems of roughly 96 millions of them are currently affected. 


5 Online sneaker reseller StockX faces lawsuit over data breach

StockX is now facing legal action over a data breach that led to the theft of more than 6.8 million customer records. A class-action lawsuit filed in US District Court this week alleged that the online sneaker marketplace compromised the data of minors. According to The Detroit News, the plaintiff in the case is a Kansas minor identified as “I.C.”, whose personal information was stolen and re-sold by hackers. The lawsuit is being bought on behalf of all youth who were impacted by the breach.


6 Justice Department indicts 80 individuals in a massive business email scam bust

The Justice Department has indicted dozens of individuals accused of involvement in a massive business email scam and money laundering scheme. Thom Mrozek, a spokesperson for the U.S. Attorneys Office for the Central District of California, confirmed more than a dozen individuals had been arrested during raids on Thursday — mostly in the Los Angeles area. A total of 80 defendants are allegedly involved in the scheme. The 145-page indictment, unsealed Thursday, said the 80 named individuals are charged with conspiracy to commit mail and bank fraud, as well as aggravated identity theft and money laundering.


7 Five Fraudsters Indicted For Million Dollar Scheme Targeting Thousands of U.S. Servicemembers and Veterans

A 14-count indictment has been unsealed today in San Antonio, Texas, charging five individuals with coordinating an identify-theft and fraud scheme targeting servicemembers and veterans. The charged defendants, who were based both in the Philippines and the United States, are alleged to have used the stolen personal identifying information (PII) of thousands of military members to access Department of Defense and Veterans Affairs benefits sites and steal millions of dollars. According to the indictment, the defendants’ identity-theft and fraud scheme began in 2014 when Brown, then a civilian employee at a U.S. Army installation, stole thousands of military members’ PII, including names, dates of birth, social security numbers, and Department of Defense identification numbers.


8 A botnet has been cannibalizing other hackers’ web shells for more than a year

A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies revealed today.  Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users to online servers, on which they install a cryptocurrency-mining malware. Positive Technologies said this new phase of the Neutrino gang’s operation started in early 2018, when the group assembled a multi-functional botnet that scanned random IP addresses on the internet, searching for particular web apps and servers to infect.


9 Forced Password Reset? Check Your Assumptions

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked. But ironically, many companies taking these proactive steps soon discover that their explanation as to why they’re doing it can get misinterpreted as more evidence of lax security. This post attempts to unravel what’s going on here.


10 Microsoft Contractors Listened to Xbox Owners in Their Homes

Contractors working for Microsoft have listened to audio of Xbox users speaking in their homes in order to improve the console’s voice command features, Motherboard has learned. The audio was supposed to be captured following a voice command like “Xbox” or “Hey Cortana,” but contractors said that recordings were sometimes triggered and recorded by mistake. The news is the latest in a string of revelations that show contractors working on behalf of Microsoft listen to audio captured by several of its products. Motherboard previously reported that human contractors were listening to some Skype calls as well as audio recorded by Cortana, Microsoft’s Siri-like virtual assistant.


11 ‘Desperate Need For Speed’ As Army Takes On Chinese, Russian, ISIS Info Ops

The Army wants to expand its fledgling cyber branch into an information warfare force that can do everything from jamming insurgent radio stations to fighting Chinese cyber espionage and protecting US elections from online subversion. It’s a tremendous task, even within the Army — and the implications of information operations go far beyond the military, touching sensitivities central to a democracy. The Army also wants the new force to strike fast, unburdened by the bureaucratic reviews that have hobbled past operations.


12 Valve says turning away researcher reporting Steam vulnerability was a mistake

In an attempt to quell a controversy that has raised the ire of white-hat hackers, the maker of the Steam online game platform said on Thursday it made a mistake when it turned away a researcher who recently reported two separate vulnerabilities. In its statement, Valve Corporation references HackerOne, the reporting service that helps thousands of companies receive and respond to vulnerabilities in their software or hardware. Valve’s new HackerOne program rules specifically provide that “any case that allows malware or compromised software to perform a privilege escalation through Steam, without providing administrative credentials or confirming a UAC dialog, is in scope. Any unauthorized modification of the privileged Steam Client Service is also in scope.”


13 FCC approves $4.9B in funding for rural broadband improvements

The FCC has just approved nearly five billion dollars in subsidies for rural broadband operators to be paid out over the next ten years. Recipients of this windfall will have to “maintain, improve, and expand” their broadband infrastructure, especially in underserved areas. Carriers in 39 states, American Samoa, and many tribal lands will receive varying amounts of funding depending on the number of people they serve, the cost of providing that service, and so on. Naturally states with more people in rural areas receive more cash — you can see how your state made out in the chart below.


14 As browser rivals block third-party tracking, Google pitches ‘Privacy Sandbox’ peace plan

On Thursday, Google reminded everyone who might have forgotten that “privacy is paramount to us” and announced an initiative called “Privacy Sandbox” that proposes paving over a few privacy pitfalls without suffocating its ad business. It takes a certain chutzpah for a company with such a lengthy history of privacy scandals to insist that privacy is “paramount” – more important to the company than anything else. Note that the company’s avowed mission is “to organize the world’s information and make it universally accessible and useful.” Surveillance capitalism depends on the absence of privacy.


15 How an NSA researcher plans to allow everyone to guard against firmware attacks

A years-long project from researchers at the National Security Agencythat could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot.


16 Chicago police pilot Samsung DeX as replacement for bulky in-car computers

Police in Chicago’s West Side 11th district are piloting Samsung DeX as a replacement for their existing in-car computer systems, the Chicago Police Department and Samsung announced this week. Officers will have a Samsung Galaxy Smartphone which they can use to access dispatch alerts, notifications from gunshot detection systems, and real-time viewing and control of security cameras. Officers can then dock their phones in the car or police station to benefit from a larger screen and keyboard when entering collected evidence. All officers in Chicago’s 11th should be using the DeX system by the end of the year.


17 Researchers propose a new approach for dismantling online hate networks

How do you get rid of hate speech on social platforms? Until now, companies have generally tried two approaches. One is to ban individual users who are caught posting abuse; the other is to ban the large pages and groups where people who practice hate speech organize and promote their noxious views. But what if this approach is counterproductive? That’s the argument in an intriguing new paper out today in Nature from Neil Johnson, a professor of physics at George Washington University, and researchers at GW and the University of Miami. The paper, “Hidden resilience and adaptive dynamics of the global online hate ecology,” explores how hate groups organize on Facebook and Russian social network VKontakte — and how they resurrect themselves after platforms ban them.


18 T-Mobile ‘Put My Life in Danger’ Says Woman Stalked With Black Market Location Data

Ruth Johnson didn’t know exactly who rang her phone and threatened her around 20 times in 2014. The person on the other end said he was John Edens from the U.S. Marshals with a warrant for her arrest for stealing a car. She was behind on her payments. It later turned out John Edens didn’t have a warrant, nor was he from law enforcement at all. Instead, he was a debt collector with a history of stalking and domestic violence who had managed to get ahold of Johnson’s phone location data. He did this by pretending to be a U.S. Marshal with the “Georgia Fugitive Task Force” to T-Mobile, which then provided Edens with the location of Johnson’s phone in a handy Google Maps interface—”pinging” the phone, in industry parlance.


19 U.S. House lawmakers ask regulators to scrutinize bank cloud providers

Two U.S. lawmakers have called on a top financial regulatory panel to consider direct oversight of the cloud services big tech companies provide to banks, saying they have become a critical component of the global financial system. In a letter sent on Thursday evening to the Financial Stability Oversight Council (FSOC), Democratic House Representatives Katie Porter and Nydia Velázquez said Amazon.com Inc’s Amazon Web Services, Microsoft Corp’s Microsoft Azure and Alphabet Inc’s Google Cloud should be considered systemically important like payment and settlement services.


20 Keep These Apps Off Your Kid’s Phone

Educating our kids about internet safety is an important and ongoing part of keeping them safe, but parents also have to stay up to date on the latest apps they may be using. Because even if we’re not, predators are. As part of what they call “Operation Intercept,” which is focused on protecting children from online predators and human trafficking, the Sarasota County Sheriff’s Office began compiling a list of apps that parents need to be aware of. The list started with nine apps last year and was updated in July to include six more, which the sheriff’s office says are “frequently downloaded by children that can be utilized by predators for purposes of exploitation.”

Related Posts