AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/04/2019

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC

Nation-state spy agencies are only as good as their operational security—the care they take to keep their digital spy operations from being discovered. But occasionally a government threat actor appears on the scene that gets it all wrong. This is the case with a threat actor recently discovered by Kaspersky Lab that it’s calling SandCat—believed to be Uzbekistan’s repressive and much-feared intelligence agency, the State Security Service (SSS).


FBI Warns U.S. Organizations About High Impact Ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations. “Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information,” says the FBI. “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”


American Express Customer Info Accessed by Employee for Possible Fraud

An American Express employee is being investigated for accessing card holder information and potentially using it to open accounts at other financial institutions. Starting on September 30th, 2019, American Express began sending out data breach notifications to cardholder members whose information was fraudulently accessed by an employee. According to this notification, an employee was accessing the information for cardholders and potentially using it to perform identity theft by fraudulently opening accounts at other financial institutions.


Man arrested over leaking 100,000 home loan customers’ private data

An IT contractor has been arrested over a data breach that saw thousands of Australian home loan customers’ details splashed all over the dark web. NSW police raided the man’s home and a data centre in the inner west of Sydney on Wednesday morning. The 49-year-old was arrested in downtown Sydney at 8am, with charges expected to follow later in the day. In February, many home loan providers, including all four major banks, were forced to scramble after property evaluation firm Landmark White disclosed that the private details of thousands of customers had been leaked.


ANU incident report on massive data breach is a must-read

“This report from ANU is an example to everyone else of how to deal with cyberattacks,” tweeted Vanessa Teague, associate professor in cybersecurity at the University of Melbourne, on Wednesday. “Honest, technical, detailed, and full of good advice for protecting data. Attacks will keep happening. This is the way to understand them and learn to improve our defences.” She’s right. The report in question is a detailed incident report [PDF] of the massive data breach suffered by Australian National University (ANU) in late 2018, discovered in May 2019, and revealed two weeks later in June.


U.S., UK to sign deal to get data faster from tech firms in security cases

The United States and United Kingdom plan to sign a special data agreement on Thursday that would fast track requests from law enforcement to technology companies for information about the communications of terrorists and child abusers, according to documents reviewed by Reuters. The agreement will be announced publicly alongside an open letter to Facebook Inc and its Chief Executive Mark Zuckerberg, calling on the company to suspend plans related to developing end-to-end encryption technology across its messaging services.


Minerva attack can recover private keys from smart cards, cryptographic libraries

Czech academics have detailed this week a new cryptographic attack that can recover private keys used to sign operations on some smart cards and cryptographic libraries. Once obtained, the private key can allow attackers to spoof any smart cards or sign other cryptographic operations secured by the affected libraries. The attack, named Minerva, was discovered earlier this year in March by academics from the Centre for Research on Cryptography and Security at the Masaryk University, in the Czech Republic.


US, UK and Australia urge Facebook to create backdoor access to encrypted messages

The United States, United Kingdom and Australia plan to pressure Facebook to create a backdoor into its encrypted messaging apps that would allow governments to access the content of private communications, according to an open letter from top government officials to Mark Zuckerberg obtained by the Guardian. The open letter, dated 4 October, is jointly signed by the UK home secretary, Priti Patel; the US attorney general, William Barr; the US acting secretary of homeland security, Kevin McAleenan; and the Australian minister for home affairs, Peter Dutton, and is expected to be released Friday.


WhatsApp Flaw Allows Remote Code Execution via Malicious GIF File

Facebook recently patched a vulnerability in WhatsApp for Android that may have allowed hackers to execute arbitrary code and gain access to sensitive user data by sending specially crafted GIF files. The security hole, discovered by a researcher who uses the online moniker Awakened, has been described as a double-free bug and it has been assigned the CVE identifier CVE-2019-11932. The vulnerability was reported by the researcher to Facebook and it was patched with the release of version 2.19.244. The flaw allows remote code execution on devices running Android 8.1 and 9.0, but on previous versions of the mobile operating system it can only be exploited for denial-of-service (DoS) attacks, Awakened said.

Related Posts