AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – September 10, 2018

How US authorities tracked down the North Korean hacker behind WannaCry

The DOJ indictment, one of the largest of its kind in regards to the number of pages, lists a vast array of email addresses used to register domain names and buy hosting services used in all the hacks. It also includes IP addresses used to access malware command and control (C&C) servers, social media accounts, and hacked servers that hosted malware used in the attacks. Officials say they identified email and social media accounts Park used while working at Chosun Expo, and email and social media accounts used by Lazarus Group during its four-year hacking spree. Investigators especially point out a fake persona named “Kim Hyon Woo” that appears to have links either by IP address or email addresses to Lazarus hacking operations and their victims.

Necurs Spews 780,000 Emails With Weaponized IQY Files

The use of weaponized IQY files is a rising trend in malspam campaigns, with Necurs being first spotted to distribute malware using this type of files on March 25. IQY files are basically text documents that can contain a web location for importing data into Excel spreadsheets; they are common in enterprise networks, where employees use them for collaboration purposes. They are not a threat in themselves but the information retrieved from an external source can contain malicious code. Microsoft Office does not allow automatic execution of code from an IQY and asks for user permission to do so. But a well-crafted email may trick the user into enabling data connections in IQY files.

Popular Mac Anti-Adware App ‘Surreptitiously Steals’ Your Browsing History

A popular app that promises to remove adware and malware from Mac computers is also “surreptitiously stealing” the user’s browser history, according to security researchers. Adware Doctor, which is currently ranked as the fourth most popular paid app in the Mac App store, collects and sends the browsing history of its users to a server in China in an apparent violation of Apple’s own guidelines and privacy rules for apps, security researcher Patrick Wardle wrote in a blog post published Friday. “At no point does Adware Doctor ask to exfiltrate your browser history,” Wardle wrote. “And its access to such data is clearly based on deceiving the user.”

BMW announces the ‘Intelligent Personal Assistant,’ its upcoming in-car smart assistant

If you thought smart assistants could only be found in products from tech companies like Amazon and Google, the car industry seems intent on proving you wrong. An increasing number of car manufacturers are beginning to include AI helpers in their vehicles. Some of the companies in question have opted to partner with existing smart assistant creators, while others have developed their own alternatives. BMW has decided to join the latter group now – the company today announced that it’s currently developing its own smart assistant, expected to launch sometime in March 2019.

‘I’m looking out your front door’: Stranger had access to homeowner’s security cameras

Last Monday, Shelan Faith of Saskatoon received a letter from a stranger. Moments later she burst into tears. The author had never met Faith but had a surprising amount of information about her and her home — what she looked like, people who had rung her doorbell and what the inside of her child’s bedroom looked like. The letter, though well-intentioned, was “terrifying,” she said. “I don’t think I stopped shaking for days… just to know that somebody could see into my home or access my home.” The information had been gleaned from her home security system and its cameras by another client of the same company, Vivint Home Security, on the other side of Saskatoon.

Senate Committee Approves Top White House Tech Advisor

The Senate Commerce Committee on Wednesday unanimously approved Kelvin Droegemeier to become the White House’s top tech advisor. As director of the Office of Science and Technology Policy, Droegemeier would counsel the president on domestic and international tech issues and coordinate the administration’s efforts to advance artificial intelligence, space exploration, public health and other STEM areas. In his confirmation hearing on Aug. 24, Droegemeier highlighted a handful of areas where he’d focus his efforts as OSTP director, including “commercially risky but transformative” research, expanding partnerships with industry and academia, and education initiatives for building a 21st-century workforce. He also stressed the need to balance international collaboration with ethics, especially for controversial topics like artificial intelligence.

Feds shut down alleged ‘copycat’ military recruiting sites

The government has shut down at least eight “copycat” military recruiting websites run by companies accused of using deceptive practices to entice potential recruits into providing their personal information, then selling the information to post-secondary schools. According to the Federal Trade Commission’s complaint, the companies’ websites appeared to be official recruiting sites — such as army.com, armyenlist.com, airforceenlist.com, marinesenlist.com, navyenlist.com, coastguardentlist.com, airguardenlist.com, nationalguardenlist.com and armyreserves.com. The companies agreed to give up the domain names and stop the alleged deceptive practices.

Apple to provide online tool for police to request data

Apple Inc (AAPL.O) plans to create an online tool for police to formally request data about its users and to assemble a team to train police about what data can and cannot be obtained from the iPhone maker, according to a company letter seen by Reuters. The letter, dated Sept. 4, was from Apple General Counsel Kate Adams to U.S. Sen. Sheldon Whitehouse, a Democrat from Rhode Island. Apple declined to comment beyond the letter.

A Russian Who Allegedly Hacked Into JPMorgan Chase’s Servers Is Now in U.S. Custody

In 2014, some 76 million JPMorgan Chase customers were less than thrilled to hear that hackers were roaming around company databases containing their records for two months. Now, U.S. officials have secured the extradition of the Russian man believed to be responsible, Andrei Tyurin, from the nation of Georgia and are charging him in a New York court with a list of crimes including conspiracy, hacking, identify theft, and wire fraud. According to Bloomberg, the arrest was the product of a years-long investigation that authorities said unmasked Tyurin as a major player in a gang of hackers responsible for numerous financial crimes at a number of institutions.

Trump tells Apple to make products in U.S. to avoid China tariffs

U.S. President Trump tweeted on Saturday that Apple Inc (AAPL.O) should make products inside the United States if it wants to avoid tariffs on Chinese imports. The company told trade officials in a letter on Friday that the proposed tariffs would affect prices for a “wide range” of Apple products, including its Watch, but it did not mention the iPhone. Trump tweeted that “Apple prices may increase because of the massive Tariffs we may be imposing on China – but there is an easy solution where there would be ZERO tax, and indeed a tax incentive. Make your products in the United States instead of China. Start building new plants now.” Apple declined to comment.

Bill that would have the White House create a database of APT groups passes House vote

The US House of Representatives passed a bill this week that would have the White House create and maintain a database containing all the names of individuals and cyber-threat groups associated with foreign cyber-espionage operations active against the US. The bill, named the Cyber Deterrence and Response Act of 2018 (H.R. 5576), was proposed in June by Rep. Ted Yoho (R, Florida), and passed in the House on Wednesday, September 5, after a voice vote. According to the bill’s revised text, the White House, through the president, would be required to establish and maintain a database of advanced persistent threats –or APTs– a term used in the cyber-security private sector to refer to government-backed groups that are engaged in cyber-espionage operations against other countries.

Worries arise about security of new WebAuthn protocol

The new WebAuthn protocol will allow users of a device –such as a computer or a smartphone– to authenticate on a website using a USB security key, a biometric solution, or his computer or smartphone’s password. The ideal scenario is that WebAuthn would replace the need to create password-protected accounts on online websites, hence avoid situations where hackers pilfer this data during security breaches. In a security audit, researchers say they identified various issues with the algorithms used to generate the attestation keys (signatures). They point out that the W3C WebAuthn specification recommends the use of outdated algorithms such as the FIDO Alliance’s Elliptic Curve (EC) Direct Anonymous Attestation (DAA), or RSASSA-PKCS1-v1_5.

US military thinks soldiers are ready to control machines with their minds

The Defense Advanced Research Projects Agency (DARPA), a think tank for the Pentagon, hosted a three day symposium in celebration of its 60th anniversary this week. Highlights from the event included discussion of some of the most astounding projects the agency is currently working on. And of those, one in particular caught our eye: The N3, or Next Generation Nonsurgical Neurotechnology, program. The N3 program seeks to build a brain computer interface (BCI) that doesn’t require surgery or any invasive procedures. Basically they want to come up with a way to take existing external BCIs and make them fit for combat duty. Current BCI technology, mostly designed to assist the disabled, is entirely unsuited for field deployment.

Standard to protect against BGP hijack attacks gets first official draft

Work that started last October on securing the protocol that binds the Internet together is finally yielding results. This week, a department called the National Cybersecurity Center of Excellence (NCCoE) at the US National Institute for Standards and Technology (NIST) published the first draft of a security standard that will secure the Border Gateway Protocol (BGP). BGP is the primary protocol that internet service providers (ISPs), hosting providers, cloud providers, educational, research, and national networks use to send traffic between each other’s networks, linking together the small networks that make up the bigger Internet.

Related Posts