AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/08/2019

1 – Cisco: All these routers have the same embedded crypto keys, so update firmware

Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues. The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key. The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access to the affected routers. The issue means all devices with the affected firmware use the same keys. Cisco admits it was an oversight by its developers, but downplayed the seriousness of the error because the certificates and keys were never intended for shipping products. 


2 – Two former Twitter employees charged with spying for Saudi Arabia

Two former Twitter employees have been charged with spying on user accounts on behalf of the Saudi Arabian government, according to The Washington Post. The Justice Department announced the charges today after one of the former employees was reportedly arrested. That suspect, Ahmad Abouammo, was charged with spying on three Twitter accounts for the government, according to the Post. Another former employee was charged with accessing data on more than 6,000 Twitter accounts, including one tied to a confidant of murdered journalist and critic of the Saudi government, Jamal Khashoggi. A third man, who prosecutors said acted as an intermediary between the employees and the Saudi government, was also charged. Those two suspects are still at large.


3 – China to curb gaming addiction by imposing time limits on younger players

China’s National Press and Publication Administration announced the regulations, which forbid those under 18 from playing games between 10 p.m. and 8 a.m. They also limit play time to 90 minutes per day during the week and three hours per day at weekends and holidays. Other rules include obliging young players to use their real names and limiting how much gamers can spend on downloadable content like in-game weapons and outfits to $28 to $57 a month depending on age.


4 – Brooklyn Hospital lost patient records after a ransomware infection

A ransomware attack has infected several computer systems at the Brooklyn Hospital Center in New York, the organization permanently lost patient data. The patient records encrypted in the attack include names and certain dental or cardiac images. The news of the attack was disclosed this week, but the incident took place in late July. The hospital did not pay the ransom, it attempted to recover the data but without success. The Brooklyn Hospital Center immediately investigated the incident with the help of a third-party digital forensics firm and confirmed to have taken “diligent remediation efforts.”


5 – Capital One replaces security chief after data breach

Capital One has replaced its cybersecurity chief, four months after the company disclosed a massive data breach involving the theft of sensitive data on more than 100 million customers. A spokesperson for Capital One confirmed the news in an email to TechCrunch. “Michael Johnson is moving from his role as chief information security officer to serve as senior vice president and special advisor dedicated to cyber security,” said the spokesperson. Mike Eason, who served as chief information officer for the company’s commercial banking division, has replaced Johnson as interim cybersecurity chief while a permanent replacement is found.


6 – Facebook reveals another privacy breach, this time involving developers

Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible. Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information. Despite restricting information access to just the group’s name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained access to this additional data until recently. 


7 – Mysterious hacker dumps database of infamous IronMarch neo-nazi forum

A mysterious hacker has published today a database dump of one of the internet’s most infamous neo-nazi meeting places — the IronMarch forum. The data published today includes a full copy of its content, including sensitive details such as emails, IP addresses, usernames, and private messages. The database dump is currently being analyzed by a multitude of entities, including law enforcement, in the hopes of linking forum members to accounts on other sites and potentially exposing their real-world identities.


8 – Valentine’s Day text glitch causes mass confusion

Text messages received overnight on Wednesday confused thousands of mobile phone users in the US. The messages were sent on Valentine’s Day, but bizarrely arrived eight months later, carrying Wednesday’s time stamp. The issue occurred across all major carriers in the US, and affected both Apple and Android devices. Syniverse, which provides services for major telecommunications companies, placed the blame for the error on an “internal maintenance cycle”. Thousands of T-Mobile, AT&T, Sprint and Verizon customers rushed to Twitter to air their frustrations over the confusing error.


9 – China’s top chip maker urges U.S. firms to help ease tensions

The head of China’s top state-run semiconductor maker, Tsinghua Unigroup Ltd, called on U.S. companies to “do better” in efforts to overcome China-U.S. tech tensions given they continue to profit from the Chinese market. Semiconductors have been a major flash point in the ongoing trade war between the two countries, with U.S. officials criticizing what they say are state-subsidised efforts to undermine the U.S. chip industry. In recent years China has invested billions of dollars in its semiconductor industry, including contributions to a high-end Tsinghua Unigroup memory chip plant said to be worth $24 billion.


10 – IT services pro hacked former client’s email

An IT project manager has pleaded guilty to accessing the email account of a former client’s CEO, said reports this week. According to the Register, 27-year-old Leeds resident, Scott Burns, was charged under the Computer Misuse Act for tinkering with systems owned by Dart Group, which owns the Jet2 airline. The hapless hacker was reportedly an IT project manager at Blue Chip Data Systems, which offers IT support and managed services. He accessed the email inbox of Steve Heapy, the CEO of Jet2 and its sister company Jet2holidays, although it isn’t clear what Burns was using the information for.


Related Posts