AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/15/2019

1 – Ransom payments averaging $41,000 per incident

The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not enough to offset malicious actors using Sodinokibi and Globelmposter variants to go after big-game targets, like managed service providers and large enterprises, that potentially offer massive payouts. And in many cases the payouts were excessive with Coveware noting that daily ransom payment amounts surpassed $100,000 on many occasions during the third quarter.


2 – Soldiers with top-secret clearances say they were forced to use an app that could endanger them

Army Col. Deitra L. Trotter, the commander of Fort Hood’s 504th Military Intelligence Brigade, told her soldiers in late October a new app developed for the unit could provide weather updates, training changes and other logistics. She then told the soldiers to download it onto their personal smartphones, according to the Texas-based soldiers in the unit. But the soldiers — many of whom have jobs in interrogation, human intelligence and counterintelligence — soon noticed that the app’s terms of service said it could collect substantial amounts of personal data and that the developer has a presence overseas.


3 – I’m the Google whistleblower. The medical data of millions of Americans is at risk

I didn’t decide to blow the whistle on Google’s deal, known internally as the Nightingale Project, glibly. The decision came to me slowly, creeping on me through my day-to-day work as one of about 250 people in Google and Ascension working on the project. When I first joined Nightingale I was excited to be at the forefront of medical innovation. Google has staked its claim to be a major player in the healthcare sector, using its phenomenal artificial intelligence (AI) and machine learning tools to predict patterns of illness in ways that might some day lead to new treatments and, who knows, even cures.


4 – Two Massachusetts Men Arrested and Charged with Nationwide Scheme to Steal Social Media Accounts and Cryptocurrency

Two Massachusetts men were arrested today and charged in U.S. District Court in Boston with conducting an extensive scheme to take over victims’ social media accounts and steal their cryptocurrency using techniques such as “SIM swapping,” computer hacking and other methods.  Eric Meiggs, 21, of Brockton, Massachusetts, and Declan Harrington, 20, of Rockport, Massachusetts, were charged in an 11-count indictment, charging them with one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse and one count of aggravated identity theft.


5 – Cybersecurity expert Alex Stamos on Facebook’s counter terrorism team and the private-public divide

Alex Stamos  rose to fame as the former chief security officer for Yahoo and then Facebook. But today he’s the director of Stanford’s Internet Observatory, where he’s immersed in teaching and research safe tech — and understands better than most the threats that the U.S. is facing, particularly as we sail toward the next U.S. presidential election. Last night, at a StrictlyVC event in San Francisco, he talked with New York Times cybersecurity correspondent Sheera Frenkel about a small number of these massively impactful issues, first by revisiting what happened during the 2016 president election, then catching up the audience on whether the country’s defenses have evolved since.


6 – Officials warn about the dangers of using public USB charging stations

Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week. USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.


7 – Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers

Venafi, a company that helps organizations secure cryptographic keys and digital certificates, says it has uncovered over 100,000 typosquatted domains with valid TLS certificates that appear to target major retailers. With the holiday shopping season right around the corner, Venafi has conducted an analysis of lookalike domains targeting 20 major retailers in the United States, the United Kingdom, Australia, Germany and France. The analysis led to the discovery of 109,045 lookalike domains that use valid TLS certificates to make them appear more trustworthy. This is more than double compared to last year and the company has pointed out that only less than 20,000 certificates have been issued for legitimate retail domains.


8 – TX: City of San Angelo investigating Click2Gov breach

The City of San Angelo is investigating a security breach with the city’s online water billing system after fears customer’s credit card information may have been stolen. “Some water customers may have noticed irregularities with their credit and debit card accounts after recently paying their monthly statement through the City’s online payment system,” according to a news release issued Wednesday. This latest breach is not the first time San Angelo residents have had to closely monitor their accounts. San Angelo resident’s credit card information from the city’s online water billing services was compromised in August 2018.


9 – GitHub Security Lab aims to make open source software more secure

“Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in critical open source projects,” said Jamie Cool, VP of Product Management, Security at GitHub. GitHub Security Lab is a program aimed at researchers, maintainers, and companies that want to contribute to the overall security of open source software. Current contributors/partners include companies like Microsoft (GitHub is a Microsoft subsidiary), Google, HackerOne, Intel, IOActive, LinkedIn, Mozilla, NCC Group, Oracle, Trail of Bits, Uber, VMware, F5 and J.P. Morgan, which will be “donating their time and expertise to find and report vulnerabilities in open source software.”


10 – Carding Bots Testing Payment Info Ahead of Big Shopping Events

As the main events of this year’s holiday shopping season are closing in, cybercriminals are also getting ready for the plunder by validating their stolen card details with low-value purchases on retailer’s websites. Two new such carding bots have been spotted exploiting top e-commerce platforms and card payment vendor APIs for websites or mobile apps. With the deluge of data breaches, stolen payment card info is available in spades. Cybercriminals know that they can’t rely on the cards indefinitely and that many become invalid in a short time.


Related Posts