AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/15/2020

1 – Texas school district falls for email scam, hands over $2.3 million

A successful phishing scam has left a Texan school district $2.3 million out of pocket. Last week, the Manor Independent School District, in Manor, Texas, said an inquiry is underway to track down the cybercriminals responsible for the fraudulent email campaign. Phishing emails were sent to the organization in November, leading to three separate transactions taking place. An employee uncovered the scheme a month later, leading to the Manor police force and the FBI’s involvement. However, the nature of the emails and who fell for them is not yet known. 


2 – Patients of Hacked US Surgical Company Hit with Ransom Demands

Patients of a hacked facial surgery company in Florida are being individually threatened by cyber-criminals, who are demanding money in return for not releasing stolen personal information to the public. The Center for Facial Restoration, Inc. (TCFFR), located in Miramar, became the victim of a cyber-attack in November last year. In a statement published on the TCFFR website, plastic surgeon and company founder Dr. Richard Davis wrote: “On November 8, 2019, I received an anonymous communication from cyber criminals stating that my clinic’s server [was] breached.”


3 – FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing

The FBI has told U.S. companies that Iranian hackers have stepped up their probing and reconnaissance activity in the days since the U.S. military killed Iranian Maj. Gen. Qassem Soleimani. In an advisory to industry this week obtained by CyberScoop, the FBI warned that Iranian hackers could target cleared defense contractors, government agencies, academia and nongovernmental organizations focused on Iran issues. The FBI assesses that Iranian hackers could use “a range of computer network operations against U.S.-based networks in retaliation for last week’s strikes against Iranian military leadership,” says the memo, which is labeled “TLP White,” meaning its recipients can distribute it liberally.


4 – Facebook: Star Wars’ Mark Hamill deletes account over political ads

Star Wars actor Mark Hamill has deleted his Facebook account, lambasting the company’s political ads policy. In a tweet, the celebrity accused the firm’s chief Mark Zuckerberg of having valued profit over truthfulness. It followed its decision to let politicians run adverts that contain lies on the social network. The firm has said that it does not believe decisions about which political ads run should be left to private companies.


5 – DuckDuckGo is Now a Default Search Engine Option on Android in the EU

DuckDuckGo will soon be offered as an option for default search engine on Android devices across the EU. European regulators are forcing Google to present Android users with the option to choose their own default search engine. The option to choose default search providers has always been available on Android devices, but it’s something users would have to seek out on their own in the settings menu. Google’s previous practices of setting itself as the default search provider on its own operating system was ruled illegal under EU antitrust rules. As a result, Google was hit with a record-breaking $5 billion fine.


6 – Cut Undersea Cable Plunges Yemen Into Days-Long Internet Outage

Last week, the internet went dark for Yemen and its 28 million citizens. It’s still not fully back today. In fact, the entire Red Sea region has dealt with slow to nonexistent connectivity since the severing of a single submarine cable on Thursday. It’s popular to think of the internet as a cloud, but it’s really under the sea. A lattice of massive cables crisscrosses the world, seeding connectivity to every continent and into each country. The cables naturally suffer breaks and cuts given those harsh conditions, but usually multiple cables serve each area to create redundancies and contingencies for when one line goes down. As Yemen’s ongoing connectivity issues underscore, though, the fallback options for some regions are more tenuous.


7 – Chinese hacking group APT40 hides behind network of front companies

An online group of cyber-security analysts calling themselves Intrusion Truth have doxed their fourth Chinese state-sponsored hacking operation. “APT groups in China have a common blueprint: contract hackers and specialists, front companies, and an intelligence officer,” the Intrusion Truth team said. “We know that multiple areas of China each have their own APT.” APT is an acronym used in the cyber-security field. It stands for Advanced Persistent Threat and is often used to describe government-sponsored hacking groups.


8 – NZTA warns of sophisticated phishing scam involving fake vehicle licence renewal email

The email appears to be a standard registration renewal reminder, and includes the NZTA logo and links to the online transaction site, the NZTA said in a press release. People who have received an email asking to have their registration renewed have been advised to check the email details carefully. Emails from the agency always include the nzta.govt.nz suffix, the agency said, and will include specific details involving people’s details, including their vehicle’s plate number, vehicle make, and the expiry date of the current vehicle licence. People who have received an email without their specific vehicle details have been urged not to complete the online renewal transaction form linked inside the email.


9 – Google urged to tame privacy-killing Android bloatware

Imagine buying a mobile device that comes pre-installed with apps that can set their own permissions in ways the owner can often neither see nor control. These apps don’t appear in any app store and, regardless of whether the user finds them useful, can’t be de-installed. Who would use a smartphone or tablet that imposed such limitations? If you’re an Android user, you’ll have guessed the punchline – you probably already do. It’s the age-old woe of bloatware, and according to a new letter sent to Google CEO Sundar Pichai by Privacy International on behalf of a 53-organisation collation, the fact that vendors are allowed to install it at their whim has allowed a privacy and security hole to open almost unnoticed.


10 – Lawmakers look to spread COPPA out to cover kids up to 16

COPPA – the Children’s Online Privacy Protection Act (COPPA), which is the toughest federal protection for children’s online data in the land – isn’t tough enough, according to two US House Representatives who’ve introduced a bill that would update the law and beef it up. The bipartisan Preventing Real Online Threats Endangering Children Today Act – known as the PROTECT Kids Act – was introduced on Thursday by Representatives Tim Walberg of Michigan and Bobby Rush of Illinois. It’s basically COPPA – which protects the data of kids 13 and younger – extended to the age of 16, and given a dose of the right to be forgotten. If it passes, it will give parents the right to request that their kids’ personal data be rubbed out.


11 – Amazon: We want to stop Microsoft working on JEDI contract

Amazon Web Services (AWS) is to file a temporary restraining order on Microsoft’s work for the Pentagon’s JEDI contract until a federal court makes a decision on the contested deal on February 11.  The planned request is detailed in a proposed timeline that AWS and Microsoft submitted to the US Court of Federal Claims in Washington on Monday, according to Bloomberg. AWS said in its filing it “intends to file a motion for temporary restraining order and/or preliminary injunction to prevent the issuance of substantive task orders under the contract, which the United States has previously advised AWS and the Court will begin on February 11”.


12 – FBI arrests alleged member of prolific neo-Nazi swatting ring

A man loosely linked to violent neo-Nazi group Atomwaffen has been charged with participating in a swatting ring that hit hundreds of targets, potentially including journalists and a Facebook executive. John William Kirby Kelley supposedly picked targets for swatting calls in an IRC channel, then helped record the hoax calls for an audience of white supremacists. He was allegedly caught after making a bomb threat to get out of classes. The Justice Department unsealed the case against Kelley late last week, and he was arrested and appeared in court on January 10th. He’s charged with conspiracy to transmit a threat, which carries up to five years in prison. The Washington Post writes that his attorney didn’t comment on the allegations.

Related Posts