AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/27/2020

1 – Canadian teen calls cops after fake ID doesn’t arrive, prompts police warning on identity theft scams

A Canadian teen’s bizarre call to police on Tuesday to report that the fake ID they ordered online never arrived has authorities stepping up efforts to warn of potential identity theft scams. Const. Ed Sanchuk, of the Ontario Provincial Police, West Region, shared in a video message Wednesday that an unnamed Norfolk County teenager reported the fraud. An investigation determined the teen found an online seller who was purportedly selling fake IDs and made an attempt to buy one with an undisclosed amount of money, Sanchuk said. The teen also gave the seller all their personal and identifying information, something Sanchuk warned could result in potential identity theft in the future.

 

2 – Citrix Releases Scanner to Detect Hacked Citrix ADC Appliances

Citrix released a free scanner for detecting compromised Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances by digging for indicators of compromise (IoC) collected in incident response engagements related to CVE-2019-19781 exploitation. The tool was developed in collaboration with FireEye and it is designed to be used locally to scan their organizations Citrix instances, one appliance at a time, to get assessments of potential indications of compromise found on the systems. Citrix Senior Director Karen Master told BleepingComputer that “right now there are no plans for scanning in parallel” when asked if there any plans to add support for network scanning.

 

3 – Hackers impersonated Chattanooga’s rabbis and targeted Jewish congregations in elaborate email scam

This month, Jewish residents across Chattanooga received vague emails from their rabbis. The messages, signed by either Rabbi Susan Tendler of B’nai Zion Congregation or Rabbi Craig Lewis of Mizpah Congregation, read, “I need a favor from you, email me as soon as you get this message.” People who responded were told to buy gift cards, then email the card numbers and PINs to their rabbis. But the emails local Jews received were not from their rabbis. They were from scammers. Tendler and Lewis were hacked as part of what appears to be a nationwide extortion scheme. Unlike other phishing scams where emails are sent with a link or attachment and no other context, the hackers were specific. They created fake Gmail accounts in the rabbis’ names and sent messages to their entire email list with the Hebrew greeting “shalom aleichem” in the subject line.

 

4 – New York state wants to ban government agencies from paying ransomware demands

Two New York state senators have proposed two bills last week to ban local municipalities and other government entities from using taxpayer money for paying ransomware demands. The first bill (S7246) was proposed by Republican NY Senator Phil Boyle on January 14. The second bill (S7289) was introduced by Democrat NY Senator David Carlucci, two days later, on January 16. Both bills are under discussion in committee, and is unclear which will move forward to a vote on the Senate floor.

 

5 – Google will charge law enforcement and government agencies to access user data

Google has begun charging law enforcement for access to user data, according to a report by the New York Times. The company is levying fees of $45 for a subpoena, $60 for a wiretap, and $245 for a search warrant, according to documents reviewed by the NYT. The company receives a high volume of requests from law enforcement agencies to hand over data about its users and has therefore decided to bring in charges to “offset the costs” of compiling this data. According to the report, Google is legally allowed to levy these charges but traditionally big technology companies have handed over data without any charges. On the one hand, it seems in poor taste that Google could be seen to be profiting from the performance of police searches. On the other, an incentive against law enforcement performing overly broad searches will be welcomed by privacy advocates.

 

6 – Fake News During Disasters Putting People’s Lives at Risk, Warns Intel Bulletin

Lives can be threatened by people spreading false information online during disasters, the National Capitol Region Threat Intelligence Consortium warned in a Thursday intelligence bulletin. “During 2017, as the United States prepared for Hurricane Irma, an array of false information spread online. This included a Facebook post which falsely claimed the storm would hit Houston with a map showing a 14-day forecast—nine days longer than official forecasts,” the alert noted. “Within 24 hours, the National Weather Service publicly debunked the forecast on Twitter, but the post had already been shared over 36,000 times on Facebook.” Misinformation is the unintentional spread of false information, such as someone retweeting a claim that hasn’t been fact-checked. Disinformation is the dissemination of fake news with the intention to deceive.

 

7 – One ping after another: how constant notifications are driving us to distraction

When we talk about the fragmenting effect of technology on our attention, or the dopamine hits that keep us refreshing our feeds as if they are buttons on fruit machines, we are often thinking about notifications: the pings, pop-ups and glowing red dots that pull us back into our phones, and push us from app to app. According to one small study conducted in 2014, mobile phone users receive an average of 63.5 alerts every day, with most viewed within minutes – whether the phone is on silent or not. A 2016 study by Deloitte found that people check their phone, on average, 47 times a day – often in response to alerts. It is hardly any wonder some people are undergoing a notification detox.

 

8 – Huawei ban: Full timeline as US presses Britain to block Huawei from its 5G network

Huawei is the world’s No. 1 telecom supplier and No. 2 phone manufacturer, but it’s a pariah in countries like the US. There was no shortage of scrutiny on the Chinese telecom giant last year, and a number of countries banned the use of its networking equipment. Its phones are virtually invisible in the US despite its massive presence around the world. The company’s chairman predicted that 2020 will be “difficult” for Huawei, and the early going seems to bear that out — the US is continuing to pressure allies like Britain to block Huawei from their next-generation 5G wireless networks. As 5G becomes increasingly mainstream in 2020, this will likely hurt Huawei more and more.

 

9 – Czech telecoms watchdog chief quits in row over 5G auction

The head of the Czech telecoms watchdog has resigned over government changes to a planned auction of frequencies for 5G telecoms networks, saying they risked slowing the rollout of the technology and were likely to result in court disputes. The Czech Telecommunication Office (CTU) is planning an auction of frequencies in the 700 MHz and 3.5 GHz bands this year to boost competition in a market where high prices have long been a gripe of customers and politicians. However, CTU chief Jaromir Novak said the government had made some last-minute changes to the conditions of the auction that he feared could put off bidders and delay 5G technology.

 

10 – Microsoft is helping Google improve Chrome’s tab management

Microsoft launched its new Edge Chromium-powered browser earlier this month on both macOS and Windows. The launch marked just over a year after the company announce its plans to work more closely with the Chromium project and Google engineers. The Verge got an exclusive look at Microsoft’s surprise decision to work with Google last year, and now we’re starting to see just how closely Microsoft and Google are collaborating with the introduction of Edge’s multi-tab management feature in Chromium. “If you’re still interested in upstreaming this from Edge, we’d be happy to take it,” reads a note from Google software engineer Leonard Grey in a recent Chromium Gerrit source code management thread. “Sounds great! I’ll take ownership of this issue then,” responds Justin Gallagher, a software engineer at Microsoft. Spotted by a Reddit poster, the discussion is around being able to move multiple tabs to another window. It’s a feature that already exists in Edge, and now Microsoft is helping bring it directly to Chromium and Chrome.

Related Posts