AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/10/2020

‘Willful, brazen, and unlawful’: Apple files breach-of-contract countersuit against Epic

Apple  has filed a countersuit against Epic over the latter’s attempt to circumvent App Store rules and avoid paying millions in fees. The lawsuit alleges that Epic is deliberately in breach of contract and asks the court to award damages and prohibit Epic from attempting anything like this again. A brief refresher: Epic in mid August slipped in a new way to buy in-game currency for Fortnite that skipped giving Apple its 30% cut, while simultaneously launching a PR campaign calling the company a monopoly and the App Store rules unjust. Apple responded by banning Epic’s accounts from the App Store, making it clear that this action could be avoided by Epic simply removing or adjusting the in-game store. Epic sought to have a court reverse its ban as an unfair business practice by a monopoly that would be proved as such, but only succeeded in having accounts unrelated to Fortnite unlocked.


Visa warns of new Baka credit card JavaScript skimmer

Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data. The credit card stealing script was discovered by researchers with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while examining a command and control (C2) server that previously hosted an ImageID web skimming kit. Last year, Visa discovered another JavaScript web skimmer known as Pipka that quickly spread to the online stores of “at least sixteen additional merchant websites” after being initially spotted on the e-commerce site of North American organizations in September 2019. Besides the regular basic skimming features like configurable target form fields and data exfiltration using image requests, Baka features an advanced design indicating that it is the work of a skilled malware developer and it also comes with a unique obfuscation method and loader.


Divisive political climate stirs up hacktivist activity, and businesses are not immune

As the 2020 presidential election nears, the U.S. populace is as divided as it has been in a long time – and the tempestuous climate could lead to a surge in activity among hacktivists seeking to make a statement. Just this week, Reuters reported that hackers are testing the defenses of President Donald Trump’s campaign and business websites, possibly as a precursor to a future attack intended to take the sites offline. Access to several sites was reportedly already disrupted for short bursts of time from March 15 through June 6. But this could just be the start of a wave of new hacktivism incidents that sabotage the websites or networks of political bodies, and perhaps businesses that take a controversial political stance. “Given the current climate in the U.S. and the amount of activism going on, I think it’s fair to assume that hacktivism activity would parallel community-level activities, since the web is just an extension of activities in real life,” said Michael Kaiser, president and CEO of Defending Digital Campaigns, and former executive director of the National Cyber Security Alliance.


How the government is keeping hackers from disrupting coronavirus vaccine research

Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time.


Portland’s facial recognition ban is a major win, especially against Amazon

The city of Portland just took the fight against facial recognition up a notch. Late Wednesday afternoon, the Portland City Council and Mayor Ted Wheeler voted to adopt two ordinances that will ban use of the tech both by the city, and, in some cases, private businesses. The vote represents a major win in a battle against a biased technology that has led to the wrongful arrest of innocent people.  “The dangers and inequities in the current technology are present and clear,” Mayor Wheeler said in Wednesday’s streamed City Council session. Portland joins cities like San Francisco and Boston in banning official city use of the technology, but takes things further by also banning the tech’s use in “places of public accommodation” — a term that means “businesses that are generally open to the public and that fall into one of 12 categories listed in the ADA, such as restaurants, movie theaters, schools, day care facilities, recreation facilities, and doctors’ offices[.]”


A look inside the hacker community that’s vandalizing the web

A hacker can have any number of reasons to deface a website. They might want to attract attention to some political or social issue, damage someone’s reputation, boost their own reputation, demonstrate a vulnerability in a site’s security, or just have a bit of fun. But the main reason, according to a team of Comparitech researchers that recently delved into the defacement community, is to be noticed. Online vandalism has become somewhat of a sport among a large segment of black hat hackers. It’s a global community that competes and collaborates to deface websites. Although the frequency of their attacks has gone down in recent years, we’ve seen a recent resurgence in defacement activity, which could possibly be attributed to the COVID-19 pandemic: hackers might have more time on their hands and are possibly defacing websites to stave off boredom while in quarantine or lockdown.

Related Posts