AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/14/2019

1 – Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded

The state of Iowa contracted with a prominent cybersecurity company to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses.  In September, two employees of the company were arrested in the course of doing their jobs. The charges still have not been dropped. The incident has sparked concern across the cybersecurity industry, including worries that ramped-up efforts by many firms to test facilities, including voting and election facilities in advance of the 2020 presidential election, may put security professionals at risk.


2 – Hoster SmarterASP.NET Taken Down by Ransomware

A major US hosting provider has been hit by a serious ransomware attack, impacting hundreds of thousands of customers. SmarterASP.NET claims to operate three ‘world-class’ data centers “delivering the reliability and flexibility necessary to support your mission-critical internet operations.” However, the websites of its 440,000+ customers, as well as its own, went offline yesterday following the attack. “Your hosting account was under attack and hackers have encrypted all your data. We are now working with security experts to try to decrypt your data and also to make sure this would never happen again,” SmarterASP.NET said in a notice dated today. 


3 – True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant

Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability. The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into Chipzilla’s processor line than previously thought. The ZombieLoad hole can be exploited by malware running on a vulnerable machine, or a rogue logged-in user, to snoop on processor cores and extract sensitive information from memory that should be out of bounds.


4 – Cyber Command flags North Korean-linked hackers behind ongoing financial heists

The Department of Defense has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heists, including past attacks on the interbank messaging system known as the Society for Worldwide Interbank Financial Telecommunication (SWIFT), CyberScoop has learned. Cyber Command assessed that the malware, which it posted to the information sharing platform VirusTotal, is being used in ongoing cyberattacks aimed at the financial sector.


5 – YouTube BitCoin Videos Pushing Predator Info-Stealing Trojan

A new scam is underway on YouTube that uses videos to promote a tool that can allegedly generate the private key for a bitcoin address. The attackers then claim this key would then allow you to gain access to the bitcoins stored in the bitcoin address, when in reality the victims will be infected with a password and data stealing Trojan. This campaign was discovered by security researcher Frost who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, which in this particular case is the Predator the Thief information-stealing Trojan.


6 – The Chinese suicides prevented by AI from afar

Li Fan, a 21-year-old student, attempted suicide after posting a brief message on the Chinese Twitter-like platform Weibo just after Valentine’s Day. “I can’t go on anymore. I’m going to give up,” he wrote. Soon after, he lost consciousness. He was in debt, had fallen out with his mother and was suffering from severe depression. Some 8,000km (5,000 miles) away from his university in Nanjing, his post was detected by a program running on a computer in Amsterdam. It flagged the message, prompting volunteers from different parts of China into action. When they were unable to rouse Mr Li from afar, they reported their concerns to local police, who eventually saved him.


7 – Google is getting into banking with the search giant set to offer checking accounts next year

Google will offer checking accounts next year, according to a source familiar with the company’s plans, representing Big Tech’s boldest move yet into the consumer banking business. Most previous efforts have focused on credit cards and payment platforms. The accounts for the project will be run by Citigroup and the Stanford Federal Credit Union, the source said, confirming a report in The Wall Street Journal. As part of a project code-named Cache, the company will become the latest Silicon Valley leader to try its hand at the banking space. Previous attempts by Apple and Facebook faced obstacles, with consumers growing increasingly skeptical over providing large technology companies with their personal information.


8 – Exclusive: U.S. manufacturing group hacked by China as trade talks intensified

As trade talks between Washington and Beijing intensified earlier this year, suspected Chinese hackers broke into an industry group for U.S. manufacturers that has helped shape President Donald Trump’s trade policies, according to two people familiar with the matter. The National Association of Manufacturers (NAM) was hacked over the summer and hired a cybersecurity firm, which concluded the attack came from China, the two sources said. The security firm, which the sources did not name, made the assessment based on the usage of tools and techniques previously associated with known Chinese hacking groups, they said.


9 – Malware attacks on hospitals are rising fast, and the problem is about to get a lot worse

Trojan malware attacks targeting hospitals and the healthcare industry have risen significantly over the course of this year as hackers increasingly look to exploit a sector that is often viewed as an easy target by those with the aim of stealing sensitive personal data. Figures in The State of Healthcare Cybersecurity report from Malwarebytes state there’s already been a 60% increase in trojan malware detections in the first nine months of 2019 compared with the entirety of 2018. The rise has been particularly significant in the third quarter of this year, with an 82% increase in detections when compared with the previous quarter.


10 – Company discovered it was hacked after a server ran out of free space

A Utah-based IT company found out it was hacked only after it received an alert about one of its servers running out of free disk space. The hack impacted InfoTrax Systems, a US company based in Orem, Utah, that provides hosted applications for multi-level marketers (MLMs). Companies rent access on InfoTrax servers so they can manage MLM operations, and store data on customers and employees, using InfoTrax’s applications. In 2016, the company announced a security breach during which a hacker stole the personal details of around one million users. Following tips that the company had failed to secure its servers, the Federal Trade Commission (FTC) started an investigation into the hack.


Related Posts