AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/08/2021

Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes

The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters. The hacks were widely publicized after their discovery late last year, and American officials have blamed Russia’s SVR foreign intelligence service, which denies the activity. But little has been disclosed about the spies’ aims and successes. The reluctance of some publicly traded companies to explain their exposure has prompted a broad Securities and Exchange Commission inquiry. The campaign alarmed officials with its stealth and careful staging. The hackers burrowed into the code production process at SolarWinds, which makes widely used software for managing networks.

 

Google Executive Wants to Help Apple Make Texts Between Android and iPhone Users More Secure

In a tweet, Hiroshi Lockheimer, Google’s senior vice president of Android, said that “group chats don’t need to break this way,” referring to a sub-tweet about the inconvenience Android and ‌iPhone‌ users have in communicating via messages. Alluding to the RCS protocol, Lockheimer goes on to state there is a “Really Clear Solution” and that he is offering an “open invitation to the folks who can make this right,” with the “folks” in question being a reference to Apple. Google has been rolling out RCS for the past several years, and in July, all three major carriers in the U.S. pledged to adopt RCS, which, compared to SMS, offers support for higher quality photos and videos, audio messages, improved security, and better group chats. With RCS, Android to Android messaging communication will become fully end-to-end encrypted. In contrast, Android to ‌iPhone‌ communication often referred to as the “green bubble,” will be less secure due to Apple’s unwillingness to adopt RCS.

 

U.S. govt to sue contractors who hide breach incidents

Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards. The initiative gives the DoJ the necessary leverage to fight digital threats to sensitive information and critical systems stemming from collaborators of federal agencies. Deputy Attorney General Lisa O. Monaco said that the initiative allows the DoJ to pursue government contractors that keep silent about a breach incident or don’t comply with cybersecurity standards. “Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards” – Deputy Attorney General Lisa O. Monaco.

 

Twitch says no user passwords or cards numbers were exposed in major hack

In the aftermath of a major security breach that came to light yesterday, Twitch has now issued a formal statement to assure users that no passwords or payment card numbers were stolen or leaked online. “At this time, we have no indication that login credentials have been exposed,” the company said in a blog post today. “Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” it added. Twitch said it also reset all stream keys as a result of the incident. Users who stream on the site would most likely need to obtain a new one from their Twitch profile backends. The Amazon-owned company said that while it is still investigating the breach, it believes the breach occured because of “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” That third party collected data from Twitch’s backend systems and released “part one” via a torrent file shared on 4chan.

 

Medtronic urgently recalls insulin pump controllers over hacking concerns

Medtronic is urgently recalling remote controllers for insulin pumps belonging to the ‘MiniMed Paradigm’ family of products, due to severe cybersecurity risks. The controllers that should be returned to the vendor are models MMT-500 and MMT-503, used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. These devices were sold in the United States between August 1999 and July 2018, and it is estimated that there are 31,310 vulnerable units in use by diabetic patients in the country at the moment.  Insulin pumps are used for delivering insulin to diabetic users, while the remote controller aids in the wireless commanding of the device. It can be utilized to start, stop, or change the amount of insulin that is administered to the user.

 

Ransomware actor pressures school district by emailing parents

The malicious actors behind a ransomware attack against a school district in Texas attempted to extract payment this week with what one analyst said appears to be an entirely new tactic: emailing parents of students with a threat that if school officials do not pay up, their kids’ personal information may be published online. “We have been reading news and watching the video in the news article … with feeling of frustration for how your EDUCATION PROVIDER care about your data and personal life,” reads the email. “We can understand that they try to fool us, but they do same effective with you.” Allen ISD, which serves nearly 22,000 K-12 students about 30 miles north of Dallas, acknowledged Sept. 28 that it had been the victim of a ransomware breach that earlier in the month disrupted a handful of systems — including the GPS routing software that guides school buses — and brought an extortion attempt threatening the release of staff and students’ personal information on the open internet.

 

European Parliament calls for ban on AI-powered mass surveillance

The EU Parliament has voted in favor of a resolution that essentially calls for the ban of AI-powered biometric mass surveillance technologies such as facial recognition systems in the continent. The MEPs (members of the European parliament) are worried about discrimination, bias, and injustice that arise from AI-based predictive policing, and their concerns are based on numerous real examples. For history, 377 MEPs voted in favor, 248 against, and 62 were absent. Vendors of AI-based facial recognition solutions have admitted that algorithm bias has plagued their systems for years and have made efforts to solve the problem through diverse data sets and machine learning optimizations. However, the discriminatory rates are still too high to be acceptable in any important deployment context.

Related Posts