AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/09/2019

Ransomware attack hits Spanish city demanding undisclosed amount of Bitcoin

A hacker is holding computer systems belonging to the southern Spanish city of Jerez de la Frontera, demanding a Bitcoin ransom to unlock them, RFI reports. The ransomware attack, which reportedly began on Tuesday night, has already caused service outages for the city’s website.  There’s currently no indication of the amount of Bitcoin the hacker is demanding. AFP notes that Spain‘s interior ministry has sent three computer experts to the city, the home of sherry, to help resolve the situation.


Toms Shoes’ Mailing List Hacked to Tell Users to Log Off

Too often, hackers use their skills to steal cash or make someone’s day very difficult. But sometimes, hackers just want to send a message. On Sunday, one hacker used the mailing list of retailer TOMS Shoes to tell users it’s time to log off. “hey you, don’t look at a digital screen all day, theres a world out there that you’re missing out on,” the hacker, going by the name Nathan, said in an email sent to TOMS subscribers. “just felt some people need that,” they added.


Pedestrian detection systems don’t work very well, AAA finds

Not only is the problem of cars killing pedestrians not going away, but the annual death toll over the last decade has actually increased by 35%. The proliferation of cars with automatic emergency braking (AEB) systems that detect pedestrians is therefore a good thing, right? According to a study by the American Automobile Association, maybe we shouldn’t count on AEB. The association has just tested the pedestrian-detection behavior of four popular mid-sized model-year 2019 sedans—a Chevrolet Malibu, Honda Accord, Tesla Model 3, and Toyota Camry—in a variety of different scenarios. Unfortunately, the results are not promising, particularly when it comes to anything but the least challenging scenarios.


France warns of cyberattacks against service providers and engineering offices

France’s cyber-security agency has published an alert about cyber-espionage campaigns targeting the infrastructure of service providers and engineering firms. “Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients,” the National Cybersecurity Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), said in a technical report published on Monday.


These malicious apps could be a major threat to your health

A new form of cyberattack is seeing criminals target victims with serious health conditions like diabetes, new research has claimed. Yes, this is something of a new low with cybercriminals releasing health apps which purport to help folks with their condition, but are really a thinly veiled attempt to steal personal data, invade privacy, or push ads or malware onto the victim’s device. This comes from security firm Fortinet, as revealed at the Virus Bulletin 2019 conference by principal security researcher Axelle Apvrille.


1 Million People Had Their Medical Data Exposed in Tū Ora Breach

Primary health organization (PHO) Tū Ora Compass Health from New Zealand disclosed a security breach that led to the exposure of medical and personally identifiable information (PII) of roughly 1 million people. PHOs are non-governmental organizations (NGOs) designed to provide support to the provision of fundamental primary health care services, mostly via general practices, to enrolled people. The NGO notified the National Cyber Security Centre, Ministry of Health, Police, and other law enforcement agencies of the incident after its discovery on August 5 following the Tū Ora website’s defacement.


Wi-Fi signals let researchers ID people through walls from their gait

The methodology and experimental results from Mostofi’s team, which will be presented at the 25th International Conference on Mobile Computing and Networking (MobiCom) on 22 October, show that Wi-Fi signals can be used to detect the gait of people through walls and to then match it to previously captured video footage in order to identify individuals. As she describes in a YouTube video, XModal-ID uses only the power of a pair of Wi-Fi transceivers located outside a building.


Data breach at Russian ISP impacts 8.7 million customers

The data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online, Russian media reported today. The data contains personal details such as full names, addresses, and mobile and home phone numbers. Beeline, a Russian telecommunications company with clients in Russia, all of Asia, and Australia, admitted to the breach. Speaking to Russian news agency Kommersant, which first reported the security incident, the ISP said the breach happened in 2017 and that they found the persons responsible at the time, although they never made the hack public.


Credit Info Exposed in TransUnion Data Security Incident

An unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files. This was done by using credentials stolen from a TransUnion customer who had access to the portal. BleepingComputer has learned that starting last week TransUnion Canada began sending out data security incident notifications via postal mail to consumers whose information was accessed via an unauthorized login.


Australia inches closer to compelling access to US data under CLOUD Act

The United States and Australia have entered into formal negotiations for a bilateral agreement under the U.S. Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), with US Attorney General William Barr and Minister for Home Affairs Peter Dutton calling the move the first step towards “significantly boosting law enforcement cooperation”, with “strong protections for rule of law, privacy, and civil liberties”. The CLOUD Act creates a legal framework regulating how law enforcement can access data across borders.


Alabama healthcare system pays hackers responsible for ransomware attack

The DCH Health System has made a payment to the hackers responsible for the crippling attack on its computer system that’s impacted operations at its three hospitals since early Tuesday morning. Hospital officials haven’t revealed how much was paid, but said in a statement Saturday that teams are working around the clock to restore normal hospital operations. “We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and in alignment with our health system’s mission,” system spokesman Brad Fisher said Saturday morning.


Speaker disinvites at CyberCon spark controversy

Controversy has erupted at CyberCon, Australia’s largest cybersecurity conference, as two well-known cybersecurity experts have been disinvited from speaking with only a week’s notice. The event organizer has said in an email to one of the speakers that they did so at the request of a partner. That raises questions about whether the Australian Signals Directorate (ASD), that country’s counterpart to the NSA, pressured the conference to silence critical voices. The ASD and the Australian Cyber Security Centre (ACSC), part of the ASD, are partners of the show organizer, the Australian Information Security Association (AISA). CyberCon opened October 7, in Melbourne, Australia.


No-deal Brexit data – should firms worry?

“Take steps now to keep receiving data legally from the EU.” That’s the message for businesses in a full page government advert in the Financial Times and elsewhere. It goes on to warn that after 31 October “you may need to update your contracts.” But just how worried should companies big and small be about handling data in the event of a no deal Brexit? The advert tells readers to follow the step-by-step guide at gov.uk/brexit. But when you arrive there, finding your way to the advice about data is not straightforward.


Group said to be behind attempted campaign hack also going after cybersecurity researchers

An Iran-linked hacking group that targeted a U.S. presidential campaign has also been trying to breach cybersecurity analysts who have exposed the hackers’ operations, new research shows. The hackers recently sent researchers at Israeli company ClearSky Cyber Security malware-laced emails purporting to be from an antivirus company, according to Ohad Zaidenberg, the company’s senior cyber intelligence researcher.  The hacking group, which analysts say works in support of Iranian interests, also set up a phishing website mimicking that of ClearSky and a web-mail page “built to attack our clients,” Zaidenberg told CyberScoop.

Related Posts