AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/06/2019

1 – Porcelain business raises suspicion amid China’s blockchain renaissance

A porcelain and education business has attracted the suspicion of Chinese regulators after its stock recently boomed, CoinDesk reports. Guangdong Great Wall Group’s stock price rose for five consecutive days after Chinese President Xi Jinping encouraged civilians to embrace blockchain technology — and is now under investigation by the China Securities Regulatory Commission (CSRC). Founded in 1996, Great Wall Group started off as a creative porcelain business. However, its 2018 annual report, featured details about six blockchain projects. Investigators are keen to find out whether the company‘s blockchain drive is indeed genuine.


2 – Ransomware Attacks Hit Everis and Spain’s Largest Radio Network

Everis​, an NTT DATA company and one of Spain’s largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain’s largest radio station Cadena SER (Sociedad Española de Radiodifusión). While the ransomware attacks were not yet publicly acknowledged by the company, the ransom note left on Everis’ encrypted computers has already leaked and BleepingComputer can confirm that the MSP’s data was infected using the BitPaymer ransomware.


3 – Hackers can steal the contents of Horde webmail inboxes with one click

A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the wider open-source community. It’s used by universities, libraries and many web hosting providers as the default email client.


4 – Actively exploited bug in fully updated Firefox is sending users into a tizzy

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. The attack works on both Windows and Mac versions of the open source browser. The only way to close the window to is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.


5 – A network of ‘camgirl’ sites exposed millions of users and sex workers

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.


6 – Microsoft is banking Cortana’s success on the idea of a multi-assistant world

In the competitive landscape of virtual assistants, Cortana has struggled to find its place. It lags behind competitors like Google Assistant, Alexa, and Siri in the delivery of satisfactory responses to questions, and with no smart speaker or mobile operating system, it lacks native access to two of the most common devices people use to speak with AI assistants. It may still have the power to act as a general purpose assistant, but Microsoft wants Cortana to become your assistant at work. The focus is on making Cortana a larger part of Microsoft 365 productivity software for the workplace, which sees applications like Outlook, Word, and PowerPoint currently being used by more than 180 million monthly active users. “We are really focusing on this experience, embedding [Cortana] across M365. That’s really the message,” said Microsoft corporate VP Andrew Shuman.


7 – AT&T to pay $60 million for allegedly misleading customers about ‘unlimited’ data plans

AT&T is paying $60 million to settle with the Federal Trade Commission after allegedly misleading customers with its “unlimited” data plans. The FTC announced this settlement Tuesday after in 2014 suing AT&T, saying the company failed to “adequately disclose” to those who signed up for its unlimited data plans that their data speeds would be throttled if they used a certain amount in a billing cycle. Under the settlement, AT&T is “prohibited from making any representation about the speed or amount of its mobile data, including that it is ‘unlimited,’ without disclosing any material restrictions on the speed or amount of data,” the FTC said Tuesday. The $60 million will be put into a fund used to provide partial refunds to customers who signed up for unlimited data plans prior to 2011.


8 – Tipped off by an NSA breach, researchers discover new APT hacking group

With a tip that came from one of the biggest breaches in US National Security Agency history, researchers have discovered a new hacking group that infected targets with a previously unknown piece of advanced malware. Hints of the APT—short for advanced persistent threat—group first emerged in April 2017. That’s when a still-unidentified group calling itself the Shadow Brokers published exploits and code developed by, and later stolen from, the NSA. Titled “Lost in Translation,” the dispatch was best known for publishing the Eternal Blue exploit that would later power the WannaCry and NotPetya worms that caused tens of billions of dollars’ worth of damage worldwide. But the dump included something else: a script that checked compromised computers for malware from a variety of APTs.


9 – Huawei calls hackers to Munich for secret bug bounty meeting

Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present its new bug bounty program, which would allow researchers to get financial rewards for submitting security vulnerabilities. The sources said the bug bounty will be focused on past and future mobile devices, as well as its new mobile operating system, HarmonyOS, Huawei’s Android competitor. Other phone makers, including Apple, Google and Samsung, also have bug bounties.


10 – Founders of ‘worthless cryptocurrency’ ATM Coin fined over $4.25m scam

The US Commodity Futures Trading Commission (CFTC) on Friday announced that it’s fining the founders of a “worthless cryptocurrency” that ran a $4.25m, so-called “binary options” scam involving a virtual currency known as ATM Coin. Their pie-in-the-sky financial promises were rigged with software that put a finger on the scale to tip it away from a customer’s chance to make a profit on their binary-options gamble. Add a dollop of “Let’s stash your money in St. Kitts and Nevis where it’s conveniently tough to trace funds,” and the equation balances out to that $4.25m fine for fraud and misappropriation of client funds.

Related Posts