AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/22/2020

1 – Smart homes will turn dumb overnight as Charter kills security service

Charter is killing its home-security service and telling customers that security devices they’ve purchased will stop working once the service is shut down on February 5. The impending shutdown and customers’ anger at Charter—a cable company also known by the brand name “Spectrum”—has been widely reported over the past month. Over the years, some customers have spent large sums on products that will no longer work. One user posting on a DSLReports forum said they spent $1,200 on sensors and IP cameras, which will be essentially useless in a couple of weeks. The devices won’t connect to other alarm-monitoring services, and Charter will no longer offer the ability to remotely manage the system and view security video. (We’re guessing a Charter alarm would still be able to make loud noises when someone breaks into a house, but that doesn’t mean it’ll work with an alarm-monitoring service.)


2 – Visa’s plan against Magecart attacks: Devalue and disrupt

Payments processor Visa does not intend to stand idle and watch as the current epidemy of Magecart (web skimming) attacks continues to rage unchallenged. Beginning last summer, Visa begun throwing considerable resources at combating Magecart — a type of attack were cybercriminals hack into an online store to plant malware that collects payment card data as users enter personal details in checkout forms. Speaking to ZDNet in a phone interview this week, Visa Senior Director of Payment Systems Intelligence David Capezza says Visa’s strategy against Magecart groups is to “devalue and distrupt.”


3 – Sextortion scam leverages Nest video footage to fool victims into believing they are being spied upon everywhere

A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera. As Ionut Ilascu at Bleeping Computer reports the scam begins with victims receiving an email entitled “Your Nudity online”, claiming to come from hackers who say they have spied on their victim for 11 months, and have managed to record nude video footage of the victim through their smartphone camera.


4 – Hospital hacker spared prison after plod find almost 9,000 cardiac images at his home

A Stoke-on-Trent hospital administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images. Daniel Moonie, a 27-year-old of Waterlily Close, Etruria, Stoke-on-Trent, was cautioned by police in 2017 after he was caught remotely accessing the internal network of the Royal Stoke hospital, something he wasn’t authorised to do. Moonie, who was employed by the hospital’s heart and lung department as an administrator, was sacked. As part of the police caution he agreed not to access any IT system within the hospital, not to enter the hospital unless he was ill or visiting a patient, and not to contact hospital staff unless asked to by the HR department.


5 – 600 Computers Taken Down After Florida Library Cyberattack

600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January  9. “The county’s technology staff were immediately notified and coordinated recovery efforts with library staff,” an official statement says. “Approximately 50 computers are back online, enabling library staff to perform patron business, such as checking books in and out, and making reservations.”


6 – Ukrainian Govt Leaks Citizens’ Personal Data, Including Passport, Diploma Scans

An Ukrainian government job portal has leaked the personal data of an undisclosed number of citizens, with local officials claiming they already discovered and fixed what they describe as a “vulnerability. The career.gov.ua portal was used by Ukrainian authorities to advertise government jobs and required applicants to submit personal identifiable information, including full names, addresses, ID scans, passport scans, diploma, and other graduation documents. A member of the Ukrainian Cyber Alliance non-profit discovered the data breach and reported it to the National Security and Defense Council. According to Ukrainian officials, the exposed information includes a copy of the password and several other documents.


7 – Facebook blocks the Spinner’s ‘brainwashing’ tech

Facebook has issued a cease and desist notice to an Israeli firm that claims to be able to subconsciously alter people’s behaviour. The Spinner charges a fee to “subconsciously influence” targets by exposing them to online posts “disguised as editorial content”. But Facebook has objected to the start-up using its services to achieve this. And the tech giant has barred the firm and its chief from using Facebook or Instagram for any reason. In response, the Spinner’s co-founder and chief operating officer Elliot Shefler told the BBC that it would continue to sell targeted online campaigns and refused to rule out using Facebook in the future.


8 – Minister’s phone confession raises eyebrows

Defence Minister Viola Amherd has admitted to Swiss public television that she usually uses her iPhone rather than the special encrypted phone given to cabinet ministers. Experts have raised security concerns. Amherd’s communications chief has since explained that very important information was discussed personally or in meetings rather than on the phone. Amherd has not broken any security guidelines, he said. In 2013 it was revealed that the American NSA (National Security Agency) was listening inexternal link to German Chancellor Angela Merkel’s mobile phone. It is not known whether this was ever the case for Swiss ministers, but since then security measures around communication have been tightened.


9 – Teen entered ‘dark rabbit hole of suicidal content’ online

You’re fat. You’re worthless. You don’t deserve to be alive. Those are the kind of comments left on social media posts as innocent as a picture of a flower, as Sarah Lechmere – who has struggled with eating disorders – told the BBC. Social media posts also pointed her to pro-anorexia sites that gave her “tips” on how to self-harm, she said. This is precisely why UK psychiatrists want to see social media companies forced to hand over their data – and to be taxed into paying – for research into the harms and benefits of social media use.


10 – Facebook is ordered to hand over data about thousands of apps that may have violated user privacy

A Massachusetts judge has ordered Facebook to turn over data about thousands of apps that may have mishandled its users’ personal information, rejecting the tech giant’s earlier attempts to withhold the key details from state investigators. The decision amounted to a significant early victory for Maura Healey, the Democratic attorney general of Massachusetts, who said in a statement Friday that Facebook users — and local watchdogs — “have a right to know” whether the company broke the law and violated people’s privacy.

Related Posts