AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/05/2019

1 – Conveyancing law firms targeted in new multimillion-rand cyber scam

A new multimillion-rand cyber fraud scam allegedly headed by Nigerians and targeting attorneys dealing with big-money property transactions has been exposed in a graft case in the Joburg Commercial Crime Court. Olutunji Abdul, a Nigerian, and Siphosihle Sithole, a South African, are standing trial in a R7.8million matter in what investigators termed the new “business email compromise” (BEC) fraud. Last week in the Joburg Commercial Crime Court sitting in Palmridge, Captain William Mopedi testified that DM 5, a conveyancing law firm, had its email spoofed during a transaction it was handling on behalf of Polokwane-based Amohelang Holdings, which primarily provides student accommodation.


2 – Cybersecurity Executives Say Cost of Security Reasonable: Survey

FireEye has surveyed over 800 cybersecurity executives from around the world for its inaugural 2020 Cyber Trendscape Report and most of them do not believe that cybersecurity solutions are expensive for the value they provide. The report, which FireEye published on Monday, is based on responses from individuals with senior cybersecurity organizational roles, including C-level executives, senior directors and VPs. Respondents represent a wide range of industries and countries, including the US, Canada, France, Germany, the UK, China, Japan and South Korea.


3 – Facebook’s new branding distinguishes app from acquisitions

Facebook wants more people to know it owns Instagram, WhatsApp, and Oculus while still maintaining an identity for its main app. So today Facebook launched a new capitalization and typography format for its company name, using all capital letters and a shifting color scheme that highlights Instagram’s purple gradient and WhatsApp’s green tint. “Over the coming weeks, we will start using the new brand within our products and marketing materials, including a new company website” Facebook writes. For example, the “from FACEBOOK” branding will appear at the bottom of the Instagram login screen and settings menu.


4 – Marriott Reports Exposure of Associates’ Social Security Numbers

Marriott International notified some of its associates of an incident that exposed their social security numbers (SSNs) to an unknown party. An unknown individual may have accessed the information from the network of an unnamed vendor that was acting as the hotel’s agent for receiving service of official documents. Marriott learned on September 4 that someone accessed sensitive information available in official papers, like subpoenas and court documents, present on the systems of an outside vendor, formerly used by Marriott.


5 – This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army

Tens of thousands of Wi-Fi routers are potentially vulnerable to an updated form of malware that takes advantage of known vulnerabilities to rope these devices into a botnet for the purposes of selling distributed denial of service (DDoS) attack capabilities to cyber criminals.  A new variant of Gafgyt malware – which first emerged in 2014 – targets small office and home routers from well-known brands, gaining access to the devices via known vulnerabilities. Now the authors of Gafgyt – also known as Bashlite – have updated the malware and are directing it at vulnerabilities in three wireless router models. The Huawei HG532 and Realtek RTL81XX were targeted by previous versions of Gafgyt, but now it’s also targeting the Zyxel P660HN-T1A. 


6 – Europol on Methodology Behind Successful Spear Phishing Attacks

“Spear phishing… remains the principal attack vector for most cybercrimes,” says Europol in a new report. Sixty-five percent of targeted attack groups use it as their primary infection vector, while 32% of breaches involve phishing. During 2018, up to 0.55 % of all incoming emails were phishing emails, while phishing was present in 78% of cyber espionage incidents. In its attempt to alleviate cybercrime, Europol has established advisory groups for financial services, communication providers and internet security. It meets with private sector partners in these advisory groups to discuss industry-specific cybercrime threats and trends to enable development and cooperation on joint public/private action plans.


7 – First Bluekeep Exploit Found in the Wild

Bluekeep, a remote code execution vulnerability in Microsoft’s Remote Desktop Services, has been exploited in the wild. The vulnerability, designated CVE-2019-0708, was discovered earlier this year and patched in May. The critical vulnerability was considered so significant that Microsoft took the unusual step of issuing patches for out-of-support Windows versions in an attempt to stop exploitation. Kevin Beaumont (@GossiTheDog), who discovered Bluekeep, found the exploit when his Bluekeep honeypots began crashing this past weekend. He shared his data with researcher Marcus Hutchins, who verified the results. In analyzing the code crashing the honeypots, Hutchins found the obfuscated payload ultimately installed a cryptocurrency miner on the victim system.


8 – The Internet Archive Fights Wiki Citation Wars With Books

Last week, the Internet Archive announced that it’s been filling out Wikipedia’s book citations with links to two-page previews of the scanned book, so that the cited passage can be viewed with a bit of surrounding context. So long as no one else has borrowed it, you can check out the book for 14 days, similar to a lending library; if the book predates 1923, and is therefore in the public domain, you can likely see the whole thing. So far, the IA claims to have turned 130,000 references into live links from 50,000 books in English, Greek, and Arabic. They hope, in the words of WayBack Machine director Mark Graham, to “achieve Universal Access to All Knowledge.”


9 – Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019

Microsoft today kicked off its 2019 Ignite conference, bringing with it a wave of security-related announcements across its products and services. A few key focus areas surrounding today’s updates are data protection and governance, insider risk management, and threat detection. While the industry often talks about advanced attacks, what businesses need to focus on is basic protective steps and defending against the threats they face on a daily basis, says Rob Lefferts, corporate vice president at Microsoft Security. “Unfortunately, we continue to see success with the same sets of techniques,” he explains, noting “there is a need to swing the pendulum to think about protection.” Defenders have a “truly endless” to-do list in terms of what they can do to improve on threat prevention.


10 – Google employees urge company to commit to zero emissions by 2030

Google employees on Monday called on company management to take action against climate change. More than 1,000 workers signed an open letter to Ruth Porat, Google’s chief financial officer, demanding the search giant to release a plan addressing carbon emissions and political lobbying.  Specifically, the letter demands a commitment from Google to zero emissions by 2030, as well as no contracts that “enable or accelerate the extraction of fossil fuels.” The employees also called on the company to ban funding to climate-denying or climate-delaying think tanks, lobbyists or politicians. Additionally, they want the company to vow not to collaborate with groups that harm refugees or other groups affected on the “frontline” of climate change.


11 – Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home

In the spring of last year, cybersecurity researcher Takeshi Suguwara walked into the lab of Kevin Fu, a professor he was visiting at the University of Michigan. He wanted to show off a strange trick he’d discovered. Suguwara pointed a high-powered laser at the microphone of his iPad—all inside of a black metal box, to avoid burning or blinding anyone—and had Fu put on a pair of earbuds to listen to the sound the iPad’s mic picked up. As Suguwara varied the laser’s intensity over time in the shape of a sine wave, fluctuating at about 1,000 times a second, Fu picked up a distinct high-pitched tone. The iPad’s microphone had inexplicably converted the laser’s light into an electrical signal, just as it would with sound. Six months later Suguwara—visiting from the Tokyo-based University of Electro-Communications—along with Fu and a group of University of Michigan researchers have honed that curious photoacoustic quirk into something far more disturbing. They can now use lasers to silently “speak” to any computer that receives voice commands—including smartphones, Amazon Echo speakers, Google Homes, and Facebook’s Portal video chat devices. 


12 – Eye Clinic Breach Reveals Data of 20,000 Patients

A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal. The breach at the Utah Valley Eye Center in Provo, Utah, that exposed patient emails once again highlights third-party risk in terms of data security. It also sheds light on the added requirements of medical providers under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when data breaches occur.

Related Posts