AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/08/2019

Signal patches Android bug that allowed hackers to answer calls on your behalf 

Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end. Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls. Signal has since patched the problem in its latest update of the app (version 4.47.7).

Global exchanges urge Britain not to ban crypto-linked derivatives

Global exchanges urged Britain’s markets watchdog on Monday not to ban retail sales of derivatives linked to crypto assets such as bitcoin, saying they were well equipped to protect consumers trading on their platforms. Crypto assets have attracted considerable consumer interest in some cases, holding out the prospect of lucrative new business activity for market participants. Britain’s Financial Conduct Authority (FCA) said in July that derivatives and exchange traded notes referencing certain crypto assets were ill-suited to retail consumers who cannot realiably assess value and risks.

DCH Hospital Pays Ryuk Ransomware for Decryption Key

DCH hospitals in Alabama have decided to the pay ransom for the Ryuk Ransomware in order to receive a decryptor and get their computer systems back up and running. On October 1st, 2019, DCH Health System, which includes the DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center in West Alabama’s Tuscaloosa, Northport, and Fayette, were affected by a Ryuk ransomware attack that forced them to shut down their computer systems and to stop accepting new non-emergency patients. Over the weekend, DCH issued an updated statement regarding the incident and said that some systems were being restored from backups, but they pay the ransom and purchase the Ryuk decryption key in order to restore access to other encrypted systems.

Copycat coders create ‘vulnerable’ apps

Lazy developers who copy solutions to tricky programming problems are creating apps that are vulnerable to attack, research suggests. A team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website. The site is popular with developers seeking advice on the best way to fix broken code. But researchers found many of the most copied snippets lacked basic checks that would stop common attacks. The dangerous code chunks often used obsolete functions, did little to check user responses and did not look for attempts to break the application, said the study.

NIST’s Zero Trust Taxonomy Introduces Components, Threats and Migration Routes

NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats. NIST stresses that the primary purpose of the document (PDF) is to develop a standard taxonomy for ZTA components rather than give guidance or recommendations on how to deploy them. Nevertheless, the document provides a very detailed introduction to the components, their interrelationship, the problems involved, and how the components could be implemented in a migration to a zero trust architecture.

U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks

The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid. US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement “a critical moment for the Baltic States in strengthening cybersecurity” in strategic energy infrastructure. “We see a crucial role that US could play in assisting the Baltic States with strategic and technical support,” the four officials said in a joint declaration signed in the Lithuanian capital Vilnius. Lithuania said it was looking for US technology firms able to modernize software used to control energy systems to prevent attacks by Russian hackers that could disrupt energy supplies.

HHS Gives Dental Practice Posting PHI on Yelp a Bad Review

A dental practice in Texas that responded to patients’ Yelp reviews by disclosing patient names and other health information has gotten a bad review from federal regulators: A $10,000 HIPAA monetary settlement and a corrective action plan. In a statement Wednesday, the Department of Health and Human Services said the settlement with Elite Dental Associates of Dallas centered on a patient complaint received in 2016 by HHS’ Office of Civil Rights, which enforces HIPAA.

Check If You Are in the Sephora and StreetEasy Data Breaches

Data breach lookup site Have I Been Pwned has added the stolen data from the StreetEasy and Sephora data breaches to their engine so that users can check if their information was exposed. According to HIBP, StreetEasy was hit with a data breach in June 2016 that disclosed the information for close to 1 million users. This information included email addresses, names, passwords, and usernames, “In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to “JimScott.Sec@protonmail.com”.”

Iran hackers targeted presidential campaign, journalists

A threat group, dubbed Phosphorus, that Microsoft believes to be linked to Iran’s government targeted email accounts associated with a presidential campaign as well as government officials, journalists and prominent Iranians living outside the country. “In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts,” Tom Burt, Microsoft corporate vice president of customer security and trust, wrote in a blog post, noting that four accounts – not those of journalists or associated with the presidential campaign – were compromised.

Fifa 20 error exposes players’ details

The company behind the Fifa video games says it is investigating why some players’ personal information was exposed to other gamers. Fans signing up for the new Fifa 20 Global Series found the online registration form was already filled in with other people’s information. Popular online gaming live-streamers were among those who had their details exposed. EA Sports, which publishes the game, apologised for the mistake. “Player privacy and security are of the utmost importance to us, and we deeply apologise that our players encountered this issue today,” it said in a statement.

UAB Medicine Data Breach Exposes Patient Info in Phishing Attack

UAB Medical is the victim of a phishing attack that targeted the medical center’s payroll department. This allowed attackers to gain access to numerous employee emails that contained the health information for 19,557 patients. On August 7th, 2019, attackers began sending emails to employees that pretended to be an executive asking them to fill out a survey. As part of this survey, it was requested that the employees provide their username and password, which some submitted. This allowed the attackers to gain access to UAB Medical’s payroll system where they were trying to redirect employee payments to bank accounts under the attacker’s control.

Human body inspired cybersecurity method being developed at UA

University of Arizona researchers are developing a form of cybersecurity inspired by the human body and capable of detecting threats in their earliest stages. This cybersecurity model would respond to security threats in computers and smartphones just as the nervous system responds to health threats within the human body. Think of the biological response that instinctively pulls your hand away from a hot stove or protects your immune system from a virus, but in this case, it’s a dangerous security threat.

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

According to the UK’s National Cyber Security Centre (NCSC), advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. This week the NCSC issued an alert to warn organizations using the vulnerable products. “The NCSC is investigating the exploitation, by Advanced Persistent Threat (APT) actors, of known vulnerabilities affecting Virtual Private Network (VPN) products from vendors Pulse secure, Palo Alto and Fortinet.” reads the alert issued by the NCSC.

Medical data breach puts details of a million New Zealanders at risk

Nearly a million New Zealanders face the risk that their medical data has been accessed illegally after a cyber attack on the website of Tū Ora Compass Health, the company said on Saturday. The website was hacked in August, but investigations also uncovered previous attacks dating from 2016 to March 2019, the health firm, which collects and analyses patient information from medical centres, said in a statement. “While this was illegal and the work of cyber criminals, it was our responsibility to keep people’s data safe and we’ve failed to do that,” Martin Hefford, Chief Executive Officer of Tū Ora, said in the statement. Both Tū Ora and New Zealand’s Ministry of Health said they have not been able to determine whether the cyber attacks resulted in any information being accessed.

State attorneys general meet in Washington to discuss Facebook

U.S. state attorneys general investigating Facebook Inc (FB.O) met on Monday with officials of the Justice Department and the Federal Trade Commission, both of which are probing the social media giant. New York Attorney General Letitia James confirmed the meeting in a statement. “As we have said in the past, we have grave concerns over potential anticompetitive practices by large tech companies,” she said in the statement, adding that Facebook’s actions may have put consumer data at risk of being stolen in data breaches.

US blacklists 8 Chinese tech companies over human rights issues

The US Commerce Department said Monday it had placed eight Chinese companies on its economic blacklist, including Hikvision, the world’s largest video surveillance gear maker. The move was spurred by accusations of human rights violations against Uighur Muslims and other predominantly Muslim ethnic minorities. Companies added to the “Entity List” include fellow video surveillance company Zhejiang Dahua Technology, as well as IFLYTEK, Xiamen Meiya Pico Information and Yixin Science and Technology. Nineteen government agencies, including Xinjiang region’s public security bureau and the province’s police college, were also placed on the list.

Microsoft wants to connect another 40 million global internet users

Microsoft’s Airband initiative is going international, with a newly formalized goal to get 40 million more people connected to the internet by July 2022. The program, which launched in 2017 with the goal of improving rural internet access across the US, is expanding to offer better internet access across Latin America and Sub-Saharan Africa. In America, Microsoft is relying on unused TV white space (TVWS) operating in the 600 MHz spectrum to offer broadband access to 3 million Americans. Internationally, however, Microsoft’s efforts will rely both on TVWS as well as other “innovative technologies.”

Related Posts