AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/10/2020

1 – Jussie Smollett investigation: Judge orders Google to turn over a full year of the actor’s data as part of special prosecutor probe

A Cook County judge has ordered Google to turn over Jussie Smollett’s emails, photos, location data and private messages for an entire year as part of the special prosecutor’s investigation into the purported attack on the actor. Two sweeping search warrants, obtained by the Chicago Tribune, provide the first public glimpse at the direction of the probe by special prosecutor Dan Webb more than four months into the investigation. The warrants, filed last month in Circuit Court, sought a trove of documentation from Smollett and his manager’s Google accounts — not just emails but also drafted and deleted messages; any files in their Google Drive cloud storage services; any Google Voice texts, calls and contacts; search and web browsing history; and location data.


2 – Tribe continues recovery from cyber attack

A month has passed since the Dec. 7 cyber attack that loaded ransomware on the tribal computer network, but the Eastern Band of Cherokee Indians is still working to restore its operations to normal. In a statement issued Jan. 2, Principal Chief Richard Sneed said that the tribal IT Division spent the holiday break working with vendors and partners to recover documents infected with ransomware, and that effort was successful — all documents on the network have been recovered. However, accessibility is still an issue. “There are still many computers affected that will need to be decrypted before the documents are accessible, but it is anticipated that there will be no loss of data,” said Sneed. “Given the scope of the EBCI workforce, the process of decrypting these computers and putting them safely on a new network will take a few weeks and will be handled based upon a priority list that was identified by leadership within the EBCI.”


3 – Kuwait’s state news agency says hackers breached its Twitter

U.S. military forces are not pulling out of Kuwait. The Kuwaiti government clarified that fact on Wednesday after KUNA, the state news agency, reported that a defense minister said Americans planned an “imminent withdrawal” within three days. In fact, KUNA had been hacked, and word of the withdrawal had been posted by an outsider, according to Tareq al-Muzraem, head of Kuwait’s government communication office. KUNA deleted the original claim from its Twitter page, and posted a series of updates on its website and to its more than 34,000 followers on Twitter. Reuters, a global news and wire service, was one credible news outlet to publish a brief article based on the false KUNA report.


4 – ATM skimmer sentenced for fleecing $400,000 out of US banks

A member of an ATM skimming ring has landed in jail after participating in a criminal scheme that netted $400,000 from banks across Massachusetts, New York, and New Jersey. Bogdan Rusu, of Queens, New York, previously pleaded guilty for one count of conspiracy to commit bank fraud before US District Judge Esther Salas in Newark federal court, the US Department of Justice (DoJ) said on Tuesday. ATMs are convenient ways to access funds and are found across cities worldwide. However, it is possible to use devices called “skimmers” — often a combination of card reader and camera — to obtain card numbers as well as PIN codes. These numbers can then be used in the manufacture of clone cards to make fraudulent transactions.


5 – PGP keys, software security, and much more threatened by new SHA1 exploit

Three years ago, Ars declared the SHA1 cryptographic hash algorithm officially dead after researchers performed the world’s first known instance of a fatal exploit known as a “collision” on it. On Tuesday, the dead SHA1 horse got clobbered again as a different team of researchers unveiled a new attack that’s significantly more powerful. The new collision gives attackers more options and flexibility than were available with the previous technique. It makes it practical to create PGP encryption keys that, when digitally signed using SHA1 algorithm, impersonate a chosen target. More generally, it produces the same hash for two or more attacker-chosen inputs by appending data to each of them.


6 – City of Las Vegas said it successfully avoided devastating cyber-attack

Officials from the city of Las Vegas said they narrowly avoided a major security incident that took place on Tuesday, January 7. According to a statement published by the city on Wednesday, the compromise took place on Tuesday, at 4:30 am, in the morning. The city said IT staff immediately detected the intrusion and took steps to protect impacted systems. The city responded by taking several services offline, including its public website, which is still down at the time of writing. City officials have not disclosed any details about the nature of the incident, but local press reported that it might have involved an email delivery vector.


7 – Canyon Bicycles Revealed that Digital Attackers Accessed Its IT Systems

The German bike manufacturer announced in a press release that the digital attack occurred shortly before the turn of the year. For that attack, Canyon Bicycles explained that “a professionally organized group that specialize in attacking companies” accessed its IT systems. The malicious actors then moved on to encrypt and lock some of the manufacturer’s servers and software, thereby disrupting work and business processes not only at Canyon’s Koblenz site but also at all of its international companies. Only its U.S. company avoided disruption, as it operates its own IT system.


8 – Microsoft Phishing Scam Exploits Iran Cyberattack Scare

An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and Iran, the U.S. government has been issuing warnings about possible cyberattacks by Iran and potential attacks on critical U.S. infrastructure. To take advantage of this increased tension, an attacker has created a phishing scam that pretends to be from ‘Microsoft MSA’ and has an email subject of ‘Email users hit by Iran cyber attack’ warning that Microsoft’s servers were hit by a cyberattack from Iran.


9 – Naive IoT botnet wastes its time mining cryptocurrency

Security researchers from Romanian antivirus vendor Bitdefender have discovered a botnet that infects home routers and other Internet of Things (IoT) smart devices and then attempts to mine for cryptocurrency. This marks the third such IoT botnet that wastes its time by attempting to mine cryptocurrency on devices that clearly don’t support these types of operations. Named LiquorBot, the botnet was first spotted in May 2019, according to a report Bitdefender published yesterday. The botnet is nothing special in terms of technical capabilities. It works just like any other IoT botnet that’s been documented over the past few years.


10 – Georgia DOT Tests New Striping to Enable Driverless Cars

Next-gen highway striping has been deployed on a strip of highway in Georgia with the aim of making roadways safer while also helping to accommodate advanced driving systems (ADS) technology. The Ray, an 18-mile stretch of Interstate 85 in southern Georgia, functions as a test bed for next-generation highway technologies. A new partnership among the Georgia Department of Transportation (GDOT) and private-sector companies, like 3M and Panasonic, has seen the deployment of 3M’s Connected Roads All Weather Elements striping with what the company is calling “refractive bead technology.” In short, tiny reflective beads are embedded into the striping to make it more visible to human drivers and cars equipped with ADS. 


11 – California Paves the Way for Autonomous Delivery Vehicles

Small autonomous delivery vehicles are poised to hit the roads in California. On Jan. 16, the California Department of Motor Vehicles (DMV) will begin approving new applications for autonomous delivery vehicles that weigh less than 10,001 pounds. Last month, the Office of Administrative Law approved revised regulations allowing for the testing and deployment autonomous delivery vehicles weighing less than 10,001 pounds on California’s public roads with an approved permit from the DMV. The new policy allows pickup trucks, vans and other smaller vehicles to be tested with or without a driver, depending on the specific permit granted by the DMV.


12 – TikTok vulnerability could have let hackers access users’ videos

Cybersecurity research firm Check Point Research says it found “multiple vulnerabilities” within video sharing app TikTok that demonstrated its insecurity as scrutiny for the Chinese-owned company continues to grow. Check Point found that it was possible to spoof text messages to make them appear to come from TikTok. Once a user clicked the fake link, a hacker would have been able to access parts of their TikTok account, including uploading and deleting videos and changing settings on existing videos from public to private. Check Point also found that TikTok’s infrastructure would have allowed a hacker to redirect a hacked user to a malicious website that looked like TikTok’s homepage. This could have been combined with cross-site scripting and other attacks on the user’s account.


13 – North Korean hackers getting more careful, targeted in financial hacks

North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses. And although some of the fake companies and websites rarely pass the smell test — the links on these weaponized websites don’t always work — hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research. Namely, the hacking outfit has been tweaking some of its malware, delivery mechanisms, and payloads in an attempt to decrease their chances of getting caught, according to Kaspersky.


14 – Ring Fired Employees for Watching Customer Videos

Amazon-owned home security camera company Ring has fired employees for improperly accessing Ring users’ video data, according to a letter the company wrote to Senators and obtained by Motherboard. The news highlights a risk across many different tech companies: employees may abuse access granted as part of their jobs to look at customer data or information. In Ring’s case this data can be particularly sensitive though, as customers often put the cameras inside their home.


15 – Twitter will put options to limit replies directly on the compose screen

Speaking today at a CES event in Las Vegas, Twitter’s director of product management, Suzanne Xie, unveiled some new changes that are coming to the platform this year, focusing specifically on conversations. Xie says Twitter is adding a new setting for “conversation participants” right on the compose screen. It has four options: “Global, Group, Panel, and Statement.” Global lets anybody reply, Group is for people you follow and mention, Panel is people you specifically mention in the tweet, and Statement simply allows you to post a tweet and receive no replies. (No word on whether Statement also automatically formats your tweet as a classic iPhone Notes app apology, but it should.)

Related Posts