AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/11/2019

1 – Brazilian government announces creation of AI lab network

The Brazilian government has announced it will create a network of eight research facilities focused on artificial intelligence (AI). The minister of science, technology, innovation and communications, Marcos Pontes, made the announcement during the opening speech of an event focused on public sector innovation in the country’s capital, Brasília. “[The creation of the centers] has been one of the priorities [for the Ministry] in order to improve the country’s capabilities around AI,” Pontes said. Specific timescales and details around locations, investment and potential partners are currently being defined and should be announced in a soon-to-be-released tender.

 

2 – How Girl Scouts built a cyber challenge that made girls feel included

Engaging girls in STEM education has been a strong focus for the Girl Scouts of the USA, but including students in the development of curriculum and projects has opened up a new way to help solidify their interest in technical subjects. The first-ever Girl Scouts Cyber Challenge, developed in partnership with the defense contractor Raytheon, was designed to give girls a sense of what a career in science, technology, engineering or mathematics could look like. Last month, nearly 3,000 Girl Scouts from 10 cities participated in the challenge in which teams immersed themselves in an “adrenaline-filled simulation” to defend the oxygen supply of a fictitious moon colony from hackers, by using cybersecurity and coding concepts.

 

3 – FBI Releases Wanted Posters For Saudi Suspects In Twitter Spying Case

Ali Alzabarah, 35, and Ahmed Almutairi, 30, are Saudi citizens and currently believed to be in Saudi Arabia. A third man, Ahmad Abouammo, 41, a U.S. citizen accused of working with the others, was arrested in Seattle on Wednesday.  Abouammo and Alzabarah are former Twitter employees who are accused of using their employment to access this information on Saudi government critics in exchange for money and other benefits, according to the FBI. Almutairi, aka Ahmed Aljbreen, is alleged to have acted as the point person to facilitate communications between the Saudi government and the other defendants.

 

4 – Kepler achieves a world-first for satellite broadband with 100Mbps connection to the Arctic

Small-satellite startup Kepler has done something never before accomplished with satellite-based broadband connectivity: providing a high-bandwidth to the Arctic. Kepler’s nanosatellites have successfully demonstrated achieving over 100Mbps of network speed to a German icebreaker sea vessel that acts as a mobile lab for the MOSAiC research expedition. This is the first time there’s been a high-bandwidth satellite network for any central Arctic ground-based use, Kepler says, and this connection isn’t just a technical demo: it’s being used for the researchers in the MOSAiC team, which is made up of hundreds of individuals, to transfer data back and forth between the ship and shore-based research stations, which improves all aspects of working with the considerable quantities of data being gathered by the team.

 

5 – Microsoft warns users to stay alert for more BlueKeep attacks

Microsoft’s security team believes that more destructive BlueKeep attacks are on the horizon and urges users and companies alike to apply patches if they’ve been lagging. The company’s warning comes after security researchers detected the first-ever malware campaign that weaponized the BlueKeep vulnerability. The attacks, which were detected last weekend, used BlueKeep to break into unpatched Windows systems and install a cryptocurrency miner. Many security researchers considered the attacks underwhelming and not living up to the hype that was built around BlueKeep for the past six months.

 

6 – Man pleads guilty to stalking and controlling ex-girlfriend’s car with his computer

A Hobart man deliberately downloaded and set up an online application that gave him control over the stop and start function of his ex-girlfriend’s car and allowed him to track her movements, a court has heard.  The 38-year-old pleaded guilty in the Magistrates Court in Hobart to stalking his ex-girlfriend last year. The two had dated for six months.  “What he did is despicable and I am still trying to come to terms with the scope of violation and trauma I have experienced. “The court heard the mechanic had made a “concerted attempt” to monitor his ex-partner’s movements both by “physical covert surveillance” and “review of data”.

 

7 – A flaw in Amazon’s Ring doorbells leaked customers’ Wi-Fi credentials

Internet-connected doorbells sold by Amazon’s Ring service contained a security vulnerability that would have made it possible for hackers to intercept a customer’s Wi-Fi username and password, then launch a larger attack on the network, according to findings made public Thursday. Researchers from the Romanian security firm Bitdefender discovered earlier this year that when a user first configured their Ring doorbell app, it accepted credentials in an unsecure format as it created a new digital access point. Then, when that network went live, the Ring app automatically obtained the Wi-Fi credentials and sent them to the local network.

 

8 – Holiday Shopping, Phishing, and Malware Scams

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions: Avoid clicking on links in unsolicited emails and be wary of email attachments. Use caution when shopping online. Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.

 

9 – We’re almost into the third decade of the 21st century and we’re still grading security bugs out of 10 like kids. Why?

The way we rate the severity of computer security vulnerabilities and bugs needs to change to better protect people and businesses from malware and cyber-crime. So says Marc Rogers, executive director of cybersecurity at Okta and head of security at the world’s biggest hacking conference DEF CON. Speaking to The Register at Okta’s Disclosure conference in San Francisco this week, Rogers reckoned today’s methods of scoring and classifying security vulnerabilities reflect a dated system that didn’t take into account the way that modern attackers operate.

 

10 – PayPal Upsets Microsoft as Phishers’ Favorite Brand

PayPal was the most frequently spoofed brand in the third quarter of 2019, unseating Microsoft, phishers’ usual favorite, which held the top spot for more than a year, Vade Secure reports. Microsoft has been the most impersonated brand for five consecutive quarters, or as long as Vade Secure has published its quarterly Phishers’ Favorites report. PayPal has consistently been a popular target; however, this year saw an uptick in PayPal attacks. Unique PayPal phishing URLs spiked 167.8% and 111.9% year-over-year in the first and second quarters, respectively. This quarter saw 69.6% growth with 16,547 unique PayPal phishing URLs, or nearly 180 per day.

 

 

11 – Riot Games’ Millionaire Founder Defrauded In $5 Million Amazon Cloud Cryptocurrency Mining Scam, DOJ Says

Marc Merrill, the cofounder of Riot Games, was the victim of a massive fraud that started in November 2014, when his American Express credit card information was used to buy up cloud computing power from Amazon, Google and others, according to a just-unsealed court filing discovered by Forbes. The man accused of stealing Merrill’s identity, Singaporean national Matthew Ho, was said by investigators to have used Amazon and Google servers to mine various cryptocurrencies, including Bitcoin and Ether. Before it was eventually noticed in January 2018, Ho had racked up bills totalling $5 million with Jeff Bezos’ tech giant, according to the government’s allegations.

 

12 – UAE: Emirates warns users about a fake newsletter and a spam survey

Dubai: Got an Emirates newsletter asking you to fill out a survey? Double-check the email address it came from.  An Emirates spokesperson confirmed to Gulf News that there is a fake newsletter making the rounds asking people to take a survey, followed by a request to share credit card details. The spammers emulate the distinctive design elements of Emirates Airlines in the newsletter, from the font to the images used. The subject of the email reads, “Notification! You have been given THIS surprise”.

Related Posts