AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/02/2019

600 armed German cops storm Cyberbunker hosting biz on illegal darknet market claims

Cops have seized the physical premises and servers of the Dutch-German ISP that once hosted The Pirate Bay – after storming the hosting biz’s ex-NATO bunker hideout with 600 gunmen. Cyberbunker, aka CB3ROB, was shut down by German police in what appears to be a military-grade operation targeting the hosting firm’s Traben-Trarbach premises: a Cold War-era bunker complete with its original anti-intrusion defences. “Police officers succeeded in penetrating the building, a 5,000-square-metre former NATO bunker with iron doors, which goes five floors deep underground,” reported broadcaster Deutsche Welle (DW).


AI used for first time in job interviews in UK to find best applicants

Artificial intelligence (AI) and facial expression technology is being used for the first time in job interviews in the UK to identify the best candidates. Unilever, the consumer goods giant, is among companies using AI technology to analyse the language, tone and facial expressions of candidates when they are asked a set of identical job questions which they film on their mobile phone or laptop. The algorithms select the best applicants by assessing their performances in the videos against about 25,000 pieces of facial and linguistic information compiled from previous interviews of those who have gone on to prove to be good at the job.


ACCC sticks to its guns that TPG will build a fourth mobile network

The final day of the Vodafone Hutchison Australia (VHA)/TPG v Australia Competition and Consumer Commission (ACCC) matter has concluded. It’s now a waiting game as Justice Middleton deliberates before making his decision later this year or in February 2020. The case put by the ACCC is reasonably straight forward. It believes that if the merger is blocked, TPG will resume building its mobile network, thus creating increased competition in the mobile network market. TPG and Vodafone, meanwhile, have said the ACCC’s rationale is based on a counterfactual argument — basically a case of “if this, then that”, and that the obstacles in front of TPG building a new network are now insurmountable. 


Senate Passes DHS Cyber Hunt and Incident Response Teams Act

The United States Senate recently passed the DHS Cyber Hunt and Incident Response Teams Act, a piece of legislation that instructs the DHS to help organizations protect themselves against cyber threats and respond to incidents. First introduced in 2018 by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) as the DHS Cyber Incident Response Teams Act of 2018 and then reintroduced this year, the bill authorizes the DHS to maintain “cyber hunt” and incident response teams that would assist both government and private entities in their effort to prevent cyberattacks and respond in case there is an incident. Senator Charles E. Schumer, who co-sponsored the bill, believes it could be highly useful for protecting educational institutions against ransomware and other types of threats.


New ‘Gucci’ IoT Botnet Targets Europe

Security researchers with SecNiche Security Labs have discovered a new piece of malware that attempts to ensnare Internet of Things (IoT) devices in Europe into a distributed denial-of-service (DDoS)-capable botnet. Called Gucci, the same as the Italian luxury brand of fashion and leather goods, the botnet appears to be new and previously undocumented, security researchers Aditya K Sood and Rohit Bansal told SecurityWeek in an email exchange. The malware is targeting multiple architectures, including ARM, x86, MIPS, PPC, M68K and others, binaries discovered on the attackers’ server showed. The binaries were being disseminated from a server located in the Netherlands.


Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs

Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum. Comodo today published a security notice informing users that an intruder may have gained access to the forums database. “Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public,” the notification begins.


Watch these hackers crack an ATM in minutes

There are over 3 million ATMs across the globe and about 500,000 active units in the US. The vast majority of these machines run Windows XP, a platform that was released in 2001 and no longer receives security updates. This makes cash machines prime targets for cybercriminals, said Charles Henderson, the global head of IBM’s hacking unit X-Force Red. At the 2019 Black Hat cybersecurity conference in Las Vegas, his team used a custom Linux application to demonstrate how coordinated groups of cybercriminals launch cyberattacks against cash machines. Henderson’s team was able to demonstrate how small groups of criminals could communicate to install code, avoid the ATM’s built-in defense mechanisms, and avoid leaving a record on the transaction log. Within moments, he was able to make a machine spit cash and avoid being documented. 


eGobbler Malvertiser Uses WebKit Exploit to Infect Over 1 Billion Ads

Roughly 1.16 billion ad impressions have been hijacked in a malvertising campaign operated by a threat group dubbed eGobbler to redirect potential victims to malicious payloads, between August 1 and September 23. The group was previously observed by Confiant researchers in April while using a Chrome for iOS exploit to circumvent the browser’s built-in pop-up blocker to deliver fake ads to 500 million sessions of users from the U.S. and multiple European Union countries in under a week. While eGobbler’s operations were previously focused on iOS devices, this time around, they targeted Windows, Linux, and macOS desktop devices in another extensive series of malvertising attacks.


Former Yahoo engineer hacked 6,000 accounts in search of sexual content

A former Yahoo engineer pleaded guilty to hacking into roughly 6,000 accounts in search of sexual photos and videos. According to court documents, Reyes Daniel Ruiz, 34, used his employee access to Yahoo’s internal network to crack users’ passwords. He then downloaded explicit photos and videos to a personal hard drive, which he stored at home. Ruiz admitted to targeting accounts belonging to younger women — including his personal (and hopefully former) friends and colleagues. Once he had access to their Yahoo accounts, he used password resets on third-party sites to break into Apple iCloud, Facebook, Gmail, DropBox and other accounts.


Samsung Electronics says it suspended operations at China mobile phone factory

Samsung Electronics Co Ltd said on Wednesday it suspended production at its mobile phone factory in China at the end of September. The world’s top smartphone maker said it made a “difficult decision” to suspend production at its only China phone factory in its effort to enhance efficiency, Samsung told Reuters in a statement.

Related Posts