AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/20/2022

How the FBI Stumbled in the War on Cybercrime 

Investigating cybercrime was supposed to be the FBI’s third-highest priority, behind terrorism and counterintelligence. Yet, in 2015, FBI Director James Comey realized that his Cyber Division faced a brain drain that was hamstringing its investigations. Retention in the division had been a chronic problem, but in the spring of that year, it became acute. About a dozen young and midcareer cyber agents had given notice or were considering leaving, attracted by more lucrative jobs outside government. As the resignations piled up, Comey received an unsolicited email from Andre McGregor, one of the cyber agents who had quit. In his email, the young agent suggested ways to improve the Cyber Division. 

 

Biden administration wants standard cyber security labelling for smart devices 

The Biden administration has accelerated its efforts to add cyber security labelling for consumer Internet of Things (IoT) devices, and may join other nations in adopting the scheme pioneered by Singapore. The administration’s efforts were unveiled at a Wednesday meeting attended by US deputy national security advisor for cyber and emerging technology Anne Neuberger, Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel, national cyber director Chris Inglis, and representatives from telcos and other tech companies including Google, AT&T, Cisco, Intel, Samsung and more. Google’s VP engineering, Dave Kleidermacher, took to the Chocolate Factory’s blog to confirm the company’s attendance at the workshop. 

 

GPS interference caused the FAA to reroute Texas air traffic. Experts stumped 

The Federal Aviation Administration is investigating the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly. The interference first came to light on Monday afternoon when the FAA issued an advisory over ATIS (Automatic Terminal Information Service). It warned flight personnel and air traffic controllers of GPS interference over a 40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory read in part: “ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF DFW.” An advisory issued around the same time by the Air Traffic Control System Command Center, meanwhile, reported the region was “experiencing GPS anomalies that are dramatically impacting” flights in and out of Dallas-Fort Worth and neighboring airports. It went on to say that some of the airports were relying on the use of navigation systems that predated GPS. 

 

Microsoft Misconfiguration Exposes Customer Data 

Microsoft has confirmed that a misconfigured endpoint unintentionally leaked business and personally identifiable information (PII) for some customers. The tech giant said it was informed about the incident by threat intelligence firm SOCRadar on September 24, and secured the endpoint soon after with authentication. “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” it said“The business transaction data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.” 

 

Australia’s Data Breach Debacle Expands 

Australia’s data breach debacle expanded on Thursday. Cyber extortionists who attacked Australian health insurer Medibank provided proof of their hack of medical data. Also, stolen data from Australian wine retailer Vinomofo was put up for sale on a Russian-language forum. Medibank revealed on Thursday the worst-case scenario: it says ransomware/extortionists have provided proof of their hack with 100 insurance policies that contain claims data, medical services and codes related to diagnoses and procedures plus basic bio data. 

 

Brazilian Police Arrest Lapsus$ Suspect 

Federal police in Brazil yesterday arrested a suspected member of the prolific Lapsus$ cybercrime collective, after launching an investigation this summer. A press release claimed the man was apprehended in Feira de Santana, a city in the north-east of the country, as a result of Operation Dark Cloud, which began in August. That policing effort was precipitated by Lapsus$ attacks that targeted dozens of Brazilian government agencies, including the Ministry of Health, Ministry of Economy, Comptroller General of the Union and the Federal Highway Police. According to the police, a breach at the health ministry enabled attackers to delete data and compromise a website used to manage COVID vaccine certificates. The data extortion group is said to have posted a message to the ministry’s website claiming the stolen information was in its hands. 

Related Posts