AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/19/2019

1 – Phishers Targeting Microsoft Office 365 Admin Credentials

Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations. The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from validated domains that don’t belong to Microsoft. Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations.


2 – The House and Senate finally agree on something: Robocalls

In these times of political strife, it’s nice that despite our differences we can still band together as a nation in the face of a catastrophe that affects us all equally. I speak, of course, of robocalls, and it seems that the House and Senate have put their differences aside for the present in order to collaborate on a law combating this scourge. Despite a great deal of FCC bluster, a few high-profile fines and some talk from telecoms about their plans to implement new anti-robocall standards, half the country’s phones are still blowing up regularly with recordings and scammers on the other side.


3 – Perhaps Google Will Kill Bitcoin, After All

Google, in partnership with U.S. banking giant Citigroup, has said it’s planning to launch its own fully-fledged “smart checking” bank accounts via Google Pay–piling pressure on bitcoin developers to improve user experience and adoption or face redundancy.  Google’s planned bank account, code-named Cache and expected to allow users to add Google’s analytic tools to traditional banking products, is due to be launched sometime next year, alongside Facebook’s planned bitcoin rival, libra. “Our approach is going to be to partner deeply with banks and the financial system,” Google executive Caesar Sengupta told the Wall Street Journal newspaper, which first reported the story.


4 – Interpol plans to condemn encryption spread, citing predators, sources say

The international police organization Interpol plans to condemn the spread of strong encryption in a statement Monday saying it protects child sex predators, three people briefed on the matter told Reuters.  At the group’s conference in Lyon, France on Friday, an Interpol official said a version of the resolution introduced by the U.S. Federal Bureau of Investigation would be released without a formal vote by representatives of the roughly 60 countries in attendance, the sources said. Echoing a joint letter last month from the top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants.


5 – New code for internet-connected devices to stop hackers

Web-connected devices including smart TVs, watches and home speakers will be subject to a new industry code to protect families, businesses and Australia’s national security from cyber hackers. Home Affairs Minister Peter Dutton will on Tuesday raise the alarm on poor cyber security features in many devices, calling on companies to do more to stamp out cyber crime. The voluntary code would require companies to develop a “vulnerability disclosure policy”, make their systems resilient to outages and ensure their software updates are secure. The Morrison government also hopes it will spark manufacturers to develop devices with security built in by design.


6 – Louisiana government computers knocked out after ransomware attack

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it.


7 – Macy’s Customer Payment Info Stolen in Magecart Data Breach

Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer. According to a ‘Notice of Data Breach’ issued by Macy’s, their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages. If any payment information was submitted on these pages while they were compromised, the credit card details and customer information was sent to a remote site under the attacker’s control.


8 – New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry due to the extension appended to encrypted files and that it targets clients of the NextCloud file sync and share service. The malware targets Nextcloud instances and for the time being there is no free decryption tool available for victims. xact64, a Nextcloud user, posted on the BleepingComputer forum some details about the malware in an attempt to find a way to decrypt personal files.


9 – Magic the Gathering and MTG Arena users urged to change passwords following data breach

The creators of Magic the Gathering have contacted MTG Arena and Magic Online players following a data breach that leaked users’ names, email addresses, and passwords. In an email sent to those affected by the incident, Wizards of the Coast explained that an internal database from a “decommissioned version of the WotC login” was accidentally “made accessible” online. While the incident has reportedly been described as isolated and WotC has no reason to believe “that any malicious use has been made of the data”, information was nevertheless obtained outside the company.


10 – AI algorithm can predict chances of death from heart attack more accurately than human doctors

Artificial intelligence at a US health centre can predict a person’s chances of dying from heart test results, including those that look normal to doctors, but how it works remains a mystery. Algorithms developed by researchers at the health care provider Geisinger in Pennsylvania can calculate a patient’s survival rate within a year by analysing echocardiogram (ECG) results, according to an article published by New Scientist earlier this month. The AI examined 1.77 million ECG results from 400,000 patients before concluding whether the patients would survive for the next year.

Related Posts