AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/24/2019

1 – Ransomware Hits B2B Payments Firm Billtrust

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said it was consulting with law enforcement officials and with an outside security firm to determine the extent of the breach.


2 – In a First, FTC Bans Company From Selling ‘Stalkerware’

This morning the Federal Trade Commission (FTC) announced it has barred a company behind three pieces of so-called stalkerware from selling any more apps that monitor mobile devices unless they take steps to ensure their software is only used for legitimate purposes. Stalkerware is malicious software that is installed on phones or computers. Depending on the particular app, stalkerware can intercept text messages and calls, track GPS locations, and much more. Stalkerware is often used in abusive relationships, even if companies selling the software claim it is only to be used for legally monitoring children or employees. In this case, the FTC case is against a company called Retina-X and its owner James N. Johns Jr.


3 – CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites

Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites. The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).


4 – EU-US Privacy Shield passes third Commission ‘health check’ — but litigation looms

The third annual review of the EU-US Privacy Shield data transfer mechanism has once again been nodded through by Europe’s executive. This despite the EU parliament calling last year for the mechanism to be suspended. The European Commission  also issued US counterparts with a compliance deadline last December — saying the US must appoint a permanent ombudsperson to handle EU citizens’ complaints, as required by the arrangement, and do so by February.


5 – Billing Provider Billtrust Suffers Outage After Malware Attack

U.S. financial services provider Billtrust experienced an outage affecting all of its services after some of the company’s computing systems were impacted by a malware attack on October 17. While Billtrust did not make the attack public, a service interruption notice published by one of their customers, Wittichen Supply Company, says that the customer invoicing and online bill payment vendor notified them of a malware attack. “We were notified late yesterday that BillTrust, our third party vendor for customer invoicing and online bill payment, was the subject of a Malware attack. BillTrust is working with federal law enforcement and cyber security firms to investigate and remediate the attack,” says the notice.


6 – Google claims ‘quantum supremacy’ for computer

Google says an advanced computer has achieved “quantum supremacy” for the first time, surpassing the performance of conventional devices. The technology giant’s Sycamore quantum processor was able to perform a specific task in 200 seconds that would take the world’s best supercomputers 10,000 years to complete. Scientists have been working on quantum computers for decades because they promise much faster speeds. The result appears in Nature journal.


7 – Japanese hotel chain sorry that hackers may have watched guests through bedside robots

Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices. The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room. Facial recognition tech will let customers into their room and then a bedside robot will assist with other requirements. However several weeks ago a security researcher revealed on Twitter that he had warned HIS Group in July about the bed-bots being easily accessible, noting they sported “unsigned code” allowing a user to tap an NFC tag to the back of robot’s head and allow access via the streaming app of their choice.


8 – Verizon’s 5G network can’t cover an entire basketball arena, either

Verizon on Friday announced that its 5G network is now available in three NBA arenas and is coming to seven more by the end of the 2019-2020 basketball season. But there’s a big caveat, just like there is with Verizon’s 5G coverage in NFL stadiums: Verizon 5G only covers some of the seating areas. Verizon’s 5G-in-arenas announcement on Friday did not mention this significant limit. But when contacted by Ars, Verizon said the 5G network doesn’t cover the whole arena for any of these NBA facilities. “Just certain seating areas” in the NBA arenas have access to 5G, a Verizon spokesperson told us.


9 – Texas Man Gets 145 Months in Prison for Hacking LA Superior Court

A Texas man found guilty of hacking into the Los Angeles Superior Court (LASC) computer system and abusing it to send phishing emails was sentenced to federal prison this week. The man, Oriyomi Sadiq Aloba, 33, of Katy, Texas, was found guilty of using the hacked LASC computer system to send around 2 million malicious phishing emails and of obtaining hundreds of credit card numbers. He was sentenced to 145 months in federal prison. Aloba and his co-conspirators targeted LASC in July 2017 by compromising the email account of one court employee. He then used that account to send phishing emails to the victim’s coworkers, linking to a bogus website that requested the users’ LASC email addresses and passwords.


10 – Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History

Internet giant Comcast is lobbying U.S. lawmakers against plans to encrypt web traffic that would make it harder for internet service providers (ISPs) to determine your browsing history, according to a lobbying presentation obtained by Motherboard. The plan, which Google intends to implement soon, would enforce the encryption of DNS data made using Chrome, meaning the sites you visit. Privacy activists have praised Google’s move. But ISPs are pushing back as part of a wider lobbying effort against encrypted DNS, according to the presentation. Technologists and activists say this encryption would make it harder for ISPs to leverage data for things such as targeted advertising, as well as block some forms of censorship by authoritarian regimes.


11 – White House kicks infosec team to curb in IT office shakeup

An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White House’s computer network defense branch—who wrote the memo after submitting his resignation—warned that the White House was likely headed toward another network compromise and theft of data.


12 – Swedish police cleared to deploy spyware against crime suspects

Sweden’s police force has been granted new powers this week, including the ability to deploy spyware on suspects’ devices to intercept encrypted communications and turn on microphones and cameras. The decision was announced by Sweden’s Interior Minister Mikael Damberg in a press conference on Tuesday, October 22. The new technical capabilities granted to Swedish police are part of a 34-point plan to upgrade law enforcement powers when investigating gang or violent crimes.


Related Posts