AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/31/2020

1 – Avast Antivirus Is Shutting Down Its Data Collection Arm, Effective Immediately

Avast, an antivirus program with more than 435 million users worldwide, said it will stop collecting and selling the private web browsing histories of its users following a joint investigation by Motherboard and PCMag into the sale of that data. In addition, Avast said it will completely shut down Jumpshot, the subsidiary company it used to sell this data. Our investigation found that Avast, through a subsidiary called Jumpshot, made millions of dollars following its users around the internet. Jumpshot told its clients, which include Microsoft, Google, McKinsey, Pepsi, Home Depot, Yelp, and many others that it could track “every search. Every click. Every buy. On every site.”


2 – Facebook agrees to $550M slap on the wrist following facial recognition suit

The Mark Zuckerberg-helmed behemoth has agreed to a $550 million settlement following a class-action lawsuit alleging the company violated an Illinois privacy law. So reports the New York Times, which notes that Facebook copped to the settlement in today’s earnings call; a call that also happened to include the announcement of $21 billion in fourth quarter revenue. In other words, the $550 settlement is chump change to the same company that successfully brushed a $5 billion FTC settlement off its shoulder. But that doesn’t mean today’s news of the settlement doesn’t matter. Far from it.


3 – Overwatch League cancels February and March games in China following coronavirus outbreak

The Overwatch League’s plans for a truly global e-sports league have taken a major hit. Today, Blizzard announced that the China-based games taking place in February and March planned for the 2020 season have been canceled following the outbreak of the coronavirus. In a statement posted this evening to Twitter, the league explained that the decision was made to “protect the health and safety of our players, fans, and staff.” “We hope fans have a safe and happy Lunar New Year, and we remain incredibly excited to play Overwatch League matches in China later this season,” the statement reads. “We’ll share more information about when and where the matches will take place at a later date.”


4 – Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System

Built on several tens of thousands of cameras and what’s claimed to be one of the most advanced facial recognition systems on the planet, Moscow has been quietly switching on a massive surveillance project this month. The software that’s helping monitor all those faces is FindFace, the product of NtechLab, a company that some reports claimed would bring “an end to anonymity” with its FindFace app. Launched in the mid-2010s, it allowed users to take a picture of someone and match their face to their to social media profiles on Russian site Vkontakte (VK). Since then, NtechLab shut down the consumer app and pivoted to government surveillance, this week revealing it’s being paid at least $3.2 million for deploying its tools across the Russian capital. The initial news was broken in Russian media on Tuesday. 


5 – Microsoft issues second ‘final’ Windows 7 update

Microsoft has issued a fresh update for Windows 7, just days after it said it would provide no more patches for the ageing operating system. It made the U-turn after it emerged there was a bug in its “final” patch. It caused “wallpaper issues” for users who configured their computers with the stretch option for their background desktop, causing a plain black screen to be shown when Windows was restarted. And users took to Reddit and Microsoft own support forums demanding a fix.


6 – South Korea cracks down on fake news about spread of coronavirus

Police in South Korea are investigating a rise in false rumours about the coronavirus, including a scam in which people are being asked to provide personal details in return for access to information about the spread of the disease. The cyber unit of the national police agency said it would stamp out false information, including claims that the disease had been identified in certain schools that have quickly spread via social media in the hyper-connected country. The Yonhap news agency reported that police were investigating allegations that scam text messages were being sent asking recipients to provide their personal details in return for access data on confirmed and potential patients.


7 – Cyber-Attack on US Water Company Causes Network Outage

A South Carolina water company is recovering from a cyber-attack that took its phone and online payment systems offline for nearly a week. The cyber-attack on Greenville Water triggered a payment system outage that began on Wednesday, January 22. Company spokesperson Emerald Clark said 500,000 customers were affected by the incident. An investigation has been launched into the cyber-attack, the exact nature of which is yet to be revealed by Greenville Water. It’s not yet known who targeted the water company or from where the attack was launched.  Greenville Water CEO David Bereskin said he was “fairly certain” that the utility’s data had not been compromised as a result of the incident. 


8 – Sprint Exposed Customer Support Site to Web

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.


9 – Punxsutawney Phil should be replaced with AI groundhog, says PETA

Since 1887, the residents of Punxsutawney, Pennsylvania have maintained the belief that an immortal groundhog name Punxsutawney Phil can — and will — predict the end of winter. As popularized in the film Groundhog Day, each year on February 2nd, Phil is coaxed from his home in a tree stump and displayed to a baying crowd. If Phil “sees his shadow” there’ll be six more weeks of winter, say the top-hatted elders; if not, then an early spring is due. But it’s time for Punxsutawney to stop terrorizing an innocent rodent, says animal-rights group PETA. Instead, says the organization, Punxsutawney Phil should be replaced with an animatronic groundhog that uses AI to actually predict the weather.


10 – FBI Warns of Rise in Social Security Scams Spoofing Its Phone Number

The U.S. Federal Bureau of Investigation (FBI) on Tuesday has issued a warning about a spike in its phone number being used for Social Security fraud. Scammers have always used services that spoof the real phone number of a government agency or service to show them on the recipient’s caller ID. With the right social engineering skills, fraudsters can easily trick a victim into sending them money in various forms. Most of the time, the payment is not via a normal channel, which is an opportunity for the victim to catch on the scam.


11 – Fraud spike prompts Chrome developer lock-out

In an announcement posted to the Chromium extensions Google Group on 24 January, an Extensions Developer Advocate said: Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse. Disabling the publishing feature has caused problems for developers with extensions that take one-off payments or subscriptions, or which sell in-app purchases, she added in the post. 


12 – Israel says it thwarted serious cyber attack on power station

Israel foiled a major cyber attack on one of its power stations a few months ago, Energy Minister Yuval Steinitz said on Wednesday. “It was a very serious, sophisticated attempt trying to control and paralyze one of our power stations,” Steinitz told the CyberTech conference in Tel Aviv, without elaborating. Yosi Shneck, head of cyber entrepreneurship and business development at state-owned utility Israel Electric Corp (IEC), told Reuters he was aware of the incident even though it was not against one of his own company’s plants. IEC provides about 70% of Israel’s electricity, with the rest coming from smaller private competitors. The state utility faces an average of 11,000 suspected cyber events each second, according to Chairman Yiftah Ron-Tal, making it one of the most targeted companies in the world.


13 – Maryland bill would outlaw ransomware, keep researchers from reporting bugs

Remember last May, when Baltimore City was brought to a standstill by ransomware? Hot on the heels of that mess—in fact, the same day that the ransomware attack was reported—Maryland legislators started working on a bill to fight the threat of ransomware. The results could use a little more work. A proposed law introduced in Maryland’s state senate last week would criminalize the possession of ransomware and other criminal activities with a computer. But while it makes an attempt to protect actual researchers from prosecution, the language of the bill doesn’t exactly do much to protect the general public from ransomware or make it easier for researchers to prevent attacks.



Russia claims it asked ProtonMail to help identify the people behind these threats and that the company did not comply, but representatives of ProtonMail claim this is not true. “We have received reports that ProtonMail and ProtonVPN are currently partially blocked in Russia. We are reaching out to the appropriate authorities to get the block lifted as soon as possible. Despite the Government’s claims that we refused its request for assistance, no communications have yet been received from the Russian authorities,” a spokesperson for ProtonMail tells Inverse. The representative says the people sending these threats will simply use another service while ProtonMail is blocked, and this decision will “not be effective if the perpetrators were located outside of Russia.” The company also believes these criminals will be able to get around the block using a VPN. Criminals will be able to continue doing what they’re doing while Russians will lose a valuable tool for protecting their privacy, they say.


15 – Man accused of making thousands of racist robocalls faces $13 million fine

The FCC has proposed an almost $13 million fine for a man it says was behind a series of racist and anti-semitic robocalling campaigns consisting of over 6,000 calls being placed across six states. The man is accused of using anti-semitic and racist tropes to attack political candidates, threaten a newspaper, and stoke racial hatred after the murder of a college student by an undocumented immigrant. There were six campaigns in total, the FCC alleges, which ranged from attacking political candidates in California, Florida, and Georgia (1,496, 766, and 583 calls respectively), threatening a newspaper in Idaho (750 calls), and spreading conspiracy theories about a trial in Virginia (2,023 calls). In the latter case, the FCC says the calls seemed designed to influence the trial’s jury.

Related Posts