AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/27/2019

1 Hostinger Security Breach Impacts 14M Customers

Web hosting company Hostinger suffered a security breach on Aug. 23 that allowed an unauthorized third-party to gain access to its internal systems. As TechCrunch reports, the server contained the company’s internal system API and associated database which held customer usernames, email addresses, first names, IP addresses, and hashed passwords. The passwords were protected with the SHA-1 algorithm, but that has been proven to be vulnerable to attack. In total, about 14 million Hostinger customers had their information stored in the database.


2 NASA Astronaut Accused of Identity Theft in First Criminal Allegation from Space

The situation is out of this world. Anne McClain, a NASA astronaut and lieutenant colonel in the Army, is facing accusations that she committed identity theft through the “improper access” of her estranged wife’s “private financial records,” The New York Times reported. Former Air Force intelligence officer Summer Worden didn’t understand how her estranged wife, McClain, still knew details of her spending. Worden recently noticed, though, that a computer owned by NASA had accessed her bank account, using her own login information. McClain admitted to doing so in space, aboard the International Space Station.


3 Texas Attacks Must Inform Other States as Ransomware ‘Only Getting Worse,’ Says Krebs

The coordinated ransomware hit on 22 Texas municipalities will yield valuable lessons for other local governments to ensure they’re not next, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Director Chris Krebs said Thursday while unveiling the agency’s new “Strategic Intent” document. The Texas Department of Information Resources, which is investigating the attacks in conjunction with DHS and the FBI, has been mum about the details of the attack but said Tuesday that “evidence continues to point to a single threat actor.” A department spokesman told NPR he was “not aware” of any of the cities forking over ransom money to the hackers; Keene Mayor Gary Heinrich said the hackers were demanding $2.5 million from the targeted cities, but he had no plans to pay them anything.


4 Lyons Companies issues warning regarding potential data breach

On March 12, 2019, the Wilmington, DE-based brokerage detected “unusual activity” in an employee email account. Lyons then immediately took steps to respond, and launched an investigation into the unauthorized access, which involved working with third-party forensic experts. The investigation determined that two Lyons employee email accounts were accessed without authorization – one account was accessed between February 04 and March 12, and the other was accessed for a few hours on March 12. The investigation was unable to confirm whether and what type of information was potentially accessed, but Lyons has undertaken a review of all the data within the two accounts to determine what sort of information was present and to whom the data was related.


5 Pokemon Go becomes Pokemon No as games biz Niantic agrees to curb trespassing addicts

The programmers behind augmented-reality pest-chasing Pokemon Go have settled a class-action lawsuit in the US brought by angry homeowners who claimed the video game encouraged people to trespass on their land. One owner of an oceanfront condo in Florida was confused, and then infuriated, when hundreds of players “acting like zombies, walking around, bumping into things” appeared on his property at all hours of the day and night. Another complained he had had five different people ring his doorbell and asked to be allowed into his backyard to catch Pokemon. Pokemon pusher Niantic has not accepted any blame or liability, and will pay just over $4m to settle the case – virtually all of which will go to the lawyers.


6 It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years

The Department of Homeland Security stored sensitive data from the nation’s bioterrorism defense program on an insecure website where it was vulnerable to attacks by hackers for over a decade, according to government documents reviewed by The Times. The data included the locations of at least some BioWatch air samplers, which are installed at subway stations and other public locations in more than 30 U.S. cities and are designed to detect anthrax or other airborne biological weapons, Homeland Security officials confirmed. It also included the results of tests for possible pathogens, a list of biological agents that could be detected and response plans that would be put in place in the event of an attack.


7 Virtual Caucus at Risk After DNC Experts Hacked Conference Call

The Democratic National Committee has raised substantial cybersecurity concerns over virtual caucusing, potentially dooming the effort just five months before Iowa begins its process of choosing a presidential nominee. At a closed-door session of the Rules and By-Laws Committee on Thursday, the DNC told the panel that experts convened by the party were able to hack into a conference call among the committee, the Iowa Democratic Party and Nevada Democratic Party, raising concerns about teleconferencing for virtual caucuses, according to three people who were at the meeting.


8 Regis University shuts down internet on campus following cyber attack

A cyber attack forced Regis University in northwest Denver to shut down its campus internet. The shut-down began Tuesday. As of Sunday, the university’s email accounts, online programs and class schedules remained unavailable. Regis officials say their systems were affected by a malicious threat from outside of the university, likely based outside the country. WebAdvisor, which is used for things like class registration and some payments, was also offline. “There’s definitely the added level of stress going in not knowing what books you’re going to need or have to buy. But everybody at Regis is pretty great about communicating and helping each other out,” said incoming Regis sophomore Trinity Corwin.



Aaron Gokaslan, 23, and Vanya Cohen, 24, say they aren’t out to cause havoc and don’t believe such software poses much risk to society yet. The pair say their release was intended to show that you don’t have to be an elite lab rich in dollars and PhDs to create this kind of software: They used an estimated $50,000 worth of free cloud computing from Google, which hands out credits to academic institutions. And they argue that setting their creation free can help others explore and prepare for future advances—good or bad. “This allows everyone to have an important conversation about security, and researchers to help secure against future potential abuses,” says Cohen, who notes language software also has many positive uses. “I’ve gotten scores of messages, and most of them have been like, ‘Way to go.’”


10 Apple reportedly halts peer-to-peer iPhone walkie-talkie project

Apple has reportedly paused work on an innovative project that would have enabled new iPhones to serve as peer-to-peer walkie-talkies for communication, even when they’re outside of cellular tower range. The Information said today that Apple was planning to include the feature in a next-generation Intel modemthat was canceled earlier this year, leading to the departure of one of the technology’s leading proponents from Apple.Conceptually, the feature would work by enabling multiple iPhones to form a multi-user mesh network that could send communications from device to device even if a cellular tower was not nearby to connect them. 

Related Posts