AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/17/2020

1 – Proof-of-concept exploits published for the Microsoft-NSA crypto bug

Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”


2 – Online Pharmacy PlanetDrugsDirect Discloses Security Breach

Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. PlanetDrugsDirect (also known as Planet Drugs Direct) is an active Canadian International Pharmacy Association (CIPA) member, and association of licensed, retail pharmacies that sell medication to Canadian and U.S. citizens, and more PlanetDrugsDirect describes itself as an “online prescription referral service which provides our customers with direct access to affordable prescription and non-prescription medications” with roughly 400,000 customers.


3 – Greek Banks Replacing Up to 15,000 Credit Cards Due to Security Breach

Greece’s four main banks have proceeded with the cancelation and immediate replacement of some 15,000 credit or debit cards that were used in transactions with a Greek online tourist services website after reports of credit card fraud, Greek daily Kathimerini revealed this week. The four banks – Alpha Bank, National Bank of Greece, Piraeus Bank, and Eurobank – said that they had taken the precautionary measures despite the fact that the website data breach affected a small number of users.


4 – Amazon to invest $1 billion to help digitize small businesses in India

India welcomed Jeff Bezos  this week with an antitrust probe. On top of that, thousands of small merchants who typically compete with one another are beginning to gather across the country to hold a protest against the alleged predatory practices by the e-commerce giant. But Amazon founder and chief executive’s love for one of the company’s most important overseas markets remains untainted. At a conference in New Delhi on Wednesday, Bezos and Amit Agarwal, the head of Amazon  India, announced that the American giant is pumping $1 billion into India operations to help small and medium-sized businesses in the country come online. This is in addition to about $5.5 billion the company has previously invested in the country.


5 – Israeli spyware firm fails to get hacking case dismissed

An Israeli judge has rejected an attempt by the spyware firm NSO Group to dismiss a case brought against it by a prominent Saudi activist who alleged that the company’s cyberweapons were used to hack his phone. The decision could add pressure on the company, which faces multiple accusations that it sold surveillance technology, named Pegasus, to authoritarian regimes and other governments that have allegedly used it to target political activists and journalists.


6 – United Nations Targeted With Emotet Malware Phishing Attack

Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted countries throughout the world. While Emotet’s normal spam campaigns pretended to be fake accounting reports, delivery notices, and invoices, the malware operators had something special in mind for the United Nations.


7 – Critical Windows 10 vulnerability used to Rickroll the NSA and Github

Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the Internet. Researcher Saleem Rashid on Wednesday tweeted images of the video “Never Gonna Give You Up,” by 1980s heart-throb Rick Astley, playing on Github.com and NSA.gov. The digital sleight of hand is known as Rickrolling and is often used as a humorous and benign way to demonstrate serious security flaws. In this case, Rashid’s exploit causes both the Edge and Chrome browsers to spoof the HTTPS verified websites of Github and the National Security Agency. Brave and other Chrome derivatives, as well as Internet Explorer, are also likely to fall to the same trick. (There’s no indication Firefox is affected.)


8 – U.N. sanctions experts warn – stay away from North Korea cryptocurrency conference

United Nations sanctions experts are warning people not to attend a cryptocurrency conference in North Korea in February, flagging it as a likely sanctions violation, according to a confidential report due to be submitted to the U.N. Security Council later this month. The warning comes after the independent U.N. experts told the council in August that North Korea generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges.


9 – Windows BSOD Betrays Cryptominer Hidden in WAV File

The infamous blue screen of death (BSOD) on computers belonging to a company in the medical tech sector was the tell for a malware infection that spread across more than half the network. The malware was hiding its modules in WAV audio files and spread to vulnerable Windows 7 machines on the network via EternalBlue, the exploit for SMBv1 used in the devastating WannaCry and NotPetya cyber attacks from 2017. Security researchers providing incident response services found that more than 800 computers had been compromised starting October 14, 2019. The discovery was possible by investigating systems that experienced a BSOD crash since that date.


10 – Google removes WhatsGap from app store

Search engine giant Google has removed popular Hong Kong pro-democracy mapping app WhatsGap from its app store. WhatsGap is an app used to identify retailers that are in support of Hong Kong’s democracy. Google told ZDNet the removal of WhatsGap was sparked by “sensitive content” that was being published on the app. “We have a long-standing policy prohibiting apps that lack reasonable sensitivity towards or capitalise on serious ongoing conflicts or tragedies,” a Google spokesperson told ZDNet.


11 – Facebook Will Now Remind You When It’s Not the Only One Looking at Your Data

Even if you’re a hardcore #DeleteFacebook-er, you’re probably guilty of using your worn out Facebook account to log into the occasional app—just for the convenience factor alone. Now, the company’s offering a bit more insight into how these tools function. In a company blog post announcing the “Login Notifications” rollout, software engineer Puxuan Qi explained that users will now receive notifications to remind them that third parties have a glimpse into their information and that controls are available to restrict how much of your personal data they can collect.


12 – Turkey Removes Ban on Wikipedia After Almost Three Years

Wikipedia is available in Turkey again after a nearly three-year ban. The Turkish government agency in charge of internet technologies lifted the ban after the nation’s top court ruled last month that the restriction violated free speech. A detailed explanation of the court’s ruling was published in the Official Gazette on Wednesday, prompting regulators to restore access to the website. “As access to Wikipedia is still actively being restored across Turkey, some users in Turkey may experience restored access sooner or later than others,’’ the website said in a statement.

Related Posts