AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/9/2020

1 – U of O gives notice of potential privacy breach impacting 188 people

The University of Ottawa has given notice of a potential privacy breach impacting 188 people, including elementary and high school students who attended a summer program on campus. The breach stems from an incident in late November 2019 when a password-protected laptop was stolen from a university employee’s vehicle, the administration said in a press release on Friday. The laptop was used for Destination Clic, a three-week summer program at the U of O for francophone students in grades 8 and 9 who live outside of Quebec. The program ran from June 28 to July 16 last year. “It was determined that the personal information related to 188 program participants and employees may have been stored on the laptop,” the administration said.


2 – FBI seeks Apple’s help unlocking phones of suspected Pensacola naval station gunman

The FBI is asking Apple Inc. to help unlock two iPhones that investigators think were owned by Mohammed Saeed Alshamrani, the man believed to have carried out the shooting attack that killed three people last month at Naval Air Station Pensacola, Florida. In a letter sent late Monday to Apple’s general counsel, the FBI said that although it has court permission to search the contents of the phones, both are password-protected. “Investigators are actively engaging in efforts to ‘guess’ the relevant passcodes but so far have been unsuccessful,” it said.


3 – Google Project Zero shifts to full 90-day disclosures to improve patch uptake

Project Zero, Google’s team of elite security researchers, has changed its disclosure policy to focus on allowing vendors to get patches for security issues right, and distributed to users. Under the changes announced on Tuesday, unless a prior agreement exists, all vulnerabilities will be publicly disclosed after 90 days. Previously, once a patch was developed for a vulnerability, a Project Zero researcher would make the issue on its bug tracker public. “Too many times, we’ve seen vendors patch reported vulnerabilities by ‘papering over the cracks’ and not considering variants or addressing the root cause of a vulnerability,” Project Zero manager Tim Willis wrote.


4 – Iran courted US security expert for years, seeking industrial hacking training

Iran has over the past decade built up its own organic hacking and cyberwarfare capabilities. But the groups associated with orchestrating Iran’s various cyberwarfare and cyber-espionage activities have also relied significantly on mining the work of others—and in at least one case, they have tried to bring in outside help for the ostensible purpose of training would-be hackers. According to Chris Kubecka—a security researcher who played a prominent role in Saudi Aramco’s response to the Iran-attributed Shamoon “wiper” malware—officials with the Telecommunication Company of Iran emailed and messaged her on behalf of the Iranian government, attempting “to recruit me to teach hacking in country against critical Infrastructure with focus on nuclear facilities,” she told Ars.


5 – Apple privacy officer says that ‘building back doors’ to access iPhone data won’t help solve crimes

Horvath reiterated Apple’s view that to protect customer data, if a phone is stolen or gets left in a cab, and ensure consumer trust, the company has designed its devices so that it can’t access highly personal information. Apple says that, for locked phones, in order to retrieve data that hasn’t been uploaded to the company’s servers, it would have to build special software. “Our phones are relatively small and they get lost and stolen,” Horvath said. “If we’re going to be able to rely on our health data and finance data on our devices, we need to make sure that if you misplace that device, you’re not losing your sensitive data.”


6 – Facebook is like sugar and too much of it will hurt you, says top executive

A senior Facebook executive has compared his own product to sugar, suggesting that indulging in too much of it could be dangerous. Andrew Bosworth, one of the social media giant’s earliest employees and currently its vice president of virtual reality, wrote in an internal blog post that Facebook, like sugar, “is delicious” but “benefits from moderation”. He also dismissed the Cambridge Analytica scandal as “in practical terms, a total non-event”, described his “desperate” desire to use Facebook’s technological power to stop Donald Trump winning the US 2020 election, and cautioned fellow employees never to do so lest they destroy democracy.


7 – Twitter bots and trolls promote conspiracy theories about Australian bushfires

As Australia continues to battle bushfires of unprecedented size and ferocity, a social media disinformation campaign is pushing false conspiracy theories about their cause. Tweets with the hashtag #ArsonEmergency are coming from a “much higher” proportion of bot-like or troll-like accounts than those with more general bushfire-related hashtags such as #BushfireAustralia or #AustraliaFire, according to initial analysis by Dr Timothy Graham from the Queensland University of Technology (QUT).


8 – UN cybercrime chief warns against US and Iran cyberattacks

The head of the United Nations’s cybercrime programme has warned the US and Iran not to engage in cyberattacks following the killing of the Iranian general Qassem Suleimani. Neil Walsh, who leads the UN’s cybercrime initiative from Vienna, cautions that targeting computer systems can have as much impact as physical attacks – and that nation states should think twice before carrying them out. “Taking an action can then get into an incredibly dangerous domino effect. The same thing goes in cyberspace as goes in real life,” he told New Scientist. “My message, and the clear message of the UN, is de-escalation, and I don’t see de-escalation happening through covert or overt cyberattacks from one country to another, irrespective of which countries those are.”


9 – SNAKE Ransomware Is the Next Threat Targeting Business Networks

Based on the analysis performed by Kremez, this ransomware is written in Golang and contains a much high level of obfuscation than is commonly seen with these types of infections. “The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach,” Kremez, Head of SentinelLabs, told BleepingComputer in a conversation. When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. It then proceeds to encrypt the files on the device, while skipping any that are located in Windows system folders and various system files.


10 – Saudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it

Around the time that tensions between the U.S. and Iran started mounting last month, authorities in Saudi Arabia discovered a new variant of data-wiping malware that cybersecurity analysts suspect originated with Iranian hackers. The attackers deployed the malware against an unnamed target on Dec. 29 with “urgency,” rushing to execute their malware and in the process leaving clues behind on the victim network, according to a technical report from Saudi Arabia’s National Cybersecurity Authority (NCA) obtained by CyberScoop.

Related Posts