AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/26/2019

1 – The California DMV Is Making $50M a Year Selling Drivers’ Personal Information

In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18. The document doesn’t name the commercial requesters, but some specific companies appeared frequently in Motherboard’s earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. 


2 – Check out this interview with Masako Wakamiya, the world’s oldest-known iPhone app developer

Nikkei Asian Review has shared an interview with Masako Wakamiya, who is thought to the world’s oldest known iPhone app developer. In the interview, she discussed topics including her first computer and her meeting with Apple CEO Tim Cook. The report describes her saying: Masako Wakamiya obtained her first personal computer at age 58, just ahead of her retirement from a bank. Little did she know that she was beginning a journey that would make her the world’s oldest known iPhone app developer, at 81.


3 – Police arrest member of group that hijacked Jack Dorsey’s Twitter account

Law enforcement has struck a blow against the group that compromised Twitter chief Jack Dorsey’s account, albeit relatively late. Motherboard has learned that police arrested a former leader of Chuckling Squad (unnamed as the person is a child) roughly two weeks ago. The suspect allegedly used SIM swapping to obtain Dorsey’s phone number, while others in the group helped with defacing the CEO’s account with random messages and slurs. Debug, another member of the group, also claimed that the suspect was responsible for multiple other hijacks, including one against Santa Clara County’s Deputy District Attorney Erin West. The attack was a response to West convicting Joel Ortiz, a SIM swapper who pleaded guilty to using the swap to steal $5 million in cryptocurrency.


4 – Rouen hospital turns to pen and paper after cyber-attack

A cyber-attack on a hospital in Rouen last week caused “very long delays in care”, reports the AFP news agency. Medical staff at the French city’s University Hospital Centre (CHU) were forced to abandon PCs as ransomware had made them unusable, a spokesman said. Instead, staff returned to the “old-fashioned method of paper and pencil”, said head of communications Remi Heym. No patients were endangered as a result of the cyber-attack, the hospital said, in a statement published on Facebook.


5 – The ACLU wants details about videos of Boston Dynamics robot in police exercises

Back in April at our robotics event at UC Berkeley, Boston Dynamics head Marc Raibert showed off video of the company’s Spot robot in a number of different real world scenarios. Some, like construction and first responders, were familiar to anyone who has been following the company — and automation in general.  Another scenario, which found the robot opening doors during a training exercise for the Massachusetts State Police, was something different entirely. It was a brief video that demonstrated how the robot could potentially be used to help get human officers out of harm’s way during a terrorist or hostage situation.


6 – National Veterinary Associates catches dose of ransomware

Ransomware attacks don’t discriminate. They are just as happy targeting those with four legs as those with two. Anonymous sources told cybersecurity reporter Brian Krebs this week that National Veterinary Associates (NVA) has fallen victim to a ransomware attack that has affected hundreds of hospitals. NVA describes itself as one of the largest veterinary pet care services organisations in the world. It partners with over 700 general practice veterinary hospitals, spanning general practice clinics, equine hospitals, and pet resorts in a network spanning the US, Canada, Australia, and New Zealand. Founded in 1996 by Dr. Stan Creighton, it began by buying hospitals from retiring veterinarians. It now has 2,600 veterinarians in its network.


7 – Court says suspect can’t be forced to reveal 64-character password

The dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession. The gut punch: The defendant is a man previously convicted over distribution and possession of child abuse imagery who, on the ride over to his arraignment, openly chatted with cops about how much he likes watching sexual videos featuring 10- to 13-year-old victims. The ruling, handed down last Wednesday, quoted appellant Joseph J. Davis’s response when asked for his passcode.


8 – Singapore invokes ‘fake news’ law for first time over Facebook post

A politician in Singapore has corrected a Facebook post that questioned the independence of state investment firms after a government request, in the first use of the country’s “fake news” law. Brad Bowyer used “false and misleading” statements alleging that the government had influenced decisions made by the state investors Temasek Holdings and GIC, according to a statement on the official government factchecking website. Bowyer said he had placed a correction notice with a link to the government statement above his Facebook post after a request to do so under the Protection from Online Falsehoods and Manipulation Act (POFMA).


9 – UK Government Invites Bids for New Cybersecurity Platform

The UK’s Ministry of Justice is inviting bids for the creation of a single, centralized cybersecurity log collection and aggregation platform. With a diverse digital estate and a wide variety of suppliers and technical systems, the MoJ is in need of a platform to enable log collection, aggregation, storage, analysis, and targeted forwarding capabilities. Explaining the problem that bidders must solve, a spokesperson for the MoJ wrote: “The Ministry of Justice is currently constrained in its ability to understand the cybersecurity posture of its current estates due to security logs being held in multiple systems. 


10 – Exploit code published for dangerous Apache Solr remote code execution flaw

Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought. Apache Solr is a Java-based open-source search engine, initially developed to add search functionality to the CNET website. The project was donated to the Apache Software Foundation in 2006, from where it gained worldwide usage due to its speed and expanded feature-set.

Related Posts