AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/25/2019

1 – Google ups bug bounties for Android flaws, exploits

ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS,” Google clarifies. As it’s usual with bug bounty programs, the final amount received by vulnerability reporters depends on many things: the severity of the flaw, the quality of their write-up, the amount of user interaction required for the exploit to work, the reliability of the exploit, and more.

 

2 – T-Mobile Says Security Incident Might Have Affected Some Customer Data

Wireless network operator T-Mobile revealed that a security incident might have exposed the personal information of some of its customers. In a statement posted on its website, T-Mobile said that its security teams had discovered an instance of “malicious, unauthorized access” to some of its prepaid wireless account holders’ information. The notice clarified that the security incident had not exposed affected customers’ financial data, Social Security Numbers or passwords. But it did say that the event might have compromised customers’ names and billing addresses, phone numbers, account numbers, rate plans and features.

 

3 – Twitter will finally let you turn on two-factor authentication without giving it a phone number

Two-factor authentication is good! SMS-based two-factor authentication? Not the best option. After countless tales of people having their phone numbers and inbound SMS hijacked by way of SIM swapping, it’s clear that SMS just isn’t the right solution for sending people secondary login codes. And yet, for many years, it’s been the mandatory go-to on Twitter . You could switch to another option later (like Google Authenticator, or a physical Yubikey) — but to turn it on in the first place, you were locked into giving Twitter a phone number and using SMS. Twitter is getting around to fixing this, at long last. 

 

4 – Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. This is an unfortunate story and one that BleepingComputer does not enjoy telling, but with Maze’s actions it is important to be told. With this escalated attack, victims now need to not only be concerned about recovering their encrypted files, but what would happen if their stolen unencrypted files were leaked to the public.

 

5 – Hyundai and Seoul set to test self-driving cars on city roads starting next month

Hyundai has signed a memorandum of understanding (MOU) with the city of Seoul to begin testing six autonomous vehicles on roads in the Gangnam district beginning next month, BusinessKorea reports. The arrangement specifics that six vehicles will begin testing on 23 roads in December, and then looking ahead to 2021, there will be as many as 15 of the cars, which are hydrogen fuel cell electric vehicles, on the roads in testing. Seoul will provide smart infrastructure to communicate with the vehicles, including connected traffic signals, and will also relay traffic and other info as frequently as every 0.1 seconds to the Hyundai vehicles. That kind of real-time information flow should help considerably with providing the visibility necessary to optimize safe operation of the autonomous test cars. On the Hyundai said, they’ll be sharing information too – providing data around the self-driving test that will be freely available to schools and other organizations looking to test their own self-driving technology within the city.

 

6 – FCC votes 5-0 to bar China’s Huawei, ZTE from government subsidy program

The U.S. Federal Communications Commission (FCC) voted 5-0 Friday to designate China’s Huawei and ZTE as national security risks, barring their U.S. rural carrier customers from tapping an $8.5 billion government fund to purchase equipment or services. The U.S. telecommunications regulator also voted to propose requiring those carriers to remove and replace equipment from Huawei Technologies Co Ltd and ZTE Corp from existing networks. This is the latest in a series of actions by the U.S. government aimed at barring American companies from purchasing Huawei and ZTE equipment. Huawei and ZTE will have 30 days to contest the designation and a final order compelling removal of equipment is not expected until next year at the earliest.

 

7 – Finland prepares for cyberwarfare after receiving 235 Bitcoin ransom threats

Finland is preparing to defend itself against a mysterious activist group threatening to carry out cyberattacks — unless it gets some Bitcoin. More than 200 Finnish public organizations and municipalities have taken part in the drills. The scenario reportedly involves a hypothetical hacking crew demanding payment before waging various cyberattacks, Yleisradio Oy (YLE) reports. These measures are in direct response to threats made by an activist group calling itself #Tietovuoto321 (“data breach 321”), which sent Bitcoin $BTC6.23% ransom demands to 235 public organizations across Finland on October 10.

 

8 – Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media sources like Facebook and LinkedIn, combined with names, personal and work email addresses, phone numbers, Twitter and Github URLs, and other data commonly available from data brokers – i.e., companies which specialize in supporting targeted advertising, marketing and messaging services. Taken together, the profiles provide a 360-degree view of individuals, including their employment and education histories. All of the information was unprotected, with no login needed to access it.

 

9 – Russian Hacker Gets 4 Years in U.S. Prison for Malware Attacks

A Russian hacker who admitted to using malicious software known as NeverQuest to steal hundreds of thousands of dollars from online banking accounts was sentenced to four years in a U.S. prison. Stanislov Lisov, 33, also known as “Black” or “Blackf,” pleaded guilty in February to conspiracy for using the malware to infect computers, steal login information for online banking accounts and drain the accounts of more than $800,000. He was extradited from Spain to New York in 2017. He had faced as much as five years in prison if convicted at trial.

 

10 – Waterloo Brewing loses $2.1 million in cyberattack

Waterloo Brewing says it lost $2.1 million in a recent cyberattack, and there are no assurances the company will recover all or even a portion of the funds. The Kitchener-based beer maker said Thursday that a “social engineering cyberattack” by a sophisticated third party resulted in a wire transfer of the company’s funds to a fraudulent account. The incident occurred in early November and involved the impersonation of a creditor employee. Waterloo Brewing CEO George Croft declined an interview request Thursday.

 

11 – FBI says hackers are targeting US auto industry

The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. In the bulletin disseminated this week to a select group of private companies, the FBI warned of efforts by hackers to successfully compromise auto industry computer systems using sophisticated techniques and by taking advantage of network vulnerabilities. The cyber attacks “have resulted in ransomware infections, data breaches leading to the exfiltration of personally identifiable information, and unauthorized access to enterprise networks,” the FBI said.

Related Posts