AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/02/2019

1 – Top Senate Democrats unveil new online privacy bill, promising tough penalties for data abuse

Senate Democrats on Tuesday proposed tough new punishments for Facebook, Google and other Silicon Valley tech giants that mishandle their users’ personal data, unveiling a sweeping new online privacy bill that aims to provide people their “Miranda rights” for the digital age. The effort, led by Sen. Maria Cantwell, a Washington state Democrat who previously worked in the tech industry, marks a significant attempt by Congress to write the country’s first-ever national consumer-privacy law after years of false starts — and massive data scandals that illustrated the costs of the U.S. government’s inaction.


2 – Catch Restaurants Hit by Point-of-Sale Malware

Catch Hospitality Group alerted its restaurant customers that cybercriminals managed to infect some of its point-of-sale (“PoS”) devices with credit card data scraping malware. The company is notifying customers of Catch NYC (including Catch Roof) and Catch Steak about the incident, informing them that the discovered malware was designed to search for track data (such as cardholder name, card number, expiration date, and internal verification code) on its PoS devices. According to Catch, however, the impact appears to be limited, as the malware was found on only one of the two different PoS devices used at Catch NYC and Catch Steak. 


3 – Most Organizations Have Incomplete Vulnerability Information

A new report shows companies that rely solely on the Common Vulnerabilities and Exposures (CVE) system for their vulnerability information are leaving themselves exposed to a substantial number of security issues they don’t know about. Risk Based Security’s researchers have so far this year identified 5,970 more vulnerabilities than reported in the CVE and National Vulnerability Database (NVD). Of them, 18.4% had a CVSS v2 score ranging from 9 to 10, meaning they were considered critical. When vulnerabilities with a severity rating of 7 to 9 were also counted, some 43.5% of the 5,970 flaws not reported in the CVE/NVD system were either high risk or critical. Flaws not listed in CVE/NVD included those involving products from major vendors including Oracle, Microsoft, and Google.


4 – On The Border suffers potential cybersecurity incident with payments

On The Border Grill & Cantina is grappling with a potential cybersecurity incident. The Dallas-based Mexican restaurant chain said the company is investigating a security incident that involves a payment processing system that’s used at some of its restaurants. On Nov. 14, it determined some card information was accessed through malware, it said in a statement Tuesday. “Our company has retained a leading forensics firm and is conducting an investigation to determine the extent to which information in On the Border’s system has been impacted,” it said in the release. “We are cooperating with law enforcement and have also notified payment card networks of the investigation.”


5 – Windows 7 end-of-life is coming. How much should you worry?

Every few years, Microsoft causes some panic across industry sectors by announcing the end-of-life of one of its older Windows operating systems. In this case, Windows 7 is going “end of life” on Jan. 14, meaning Microsoft will no longer be regularly updating the system with fixes when a security vulnerability is found. The company is urging users – both consumer and enterprise – to update their systems to the latest operating system: Windows 10.


6 – Senior DHS cyber official to step down

Jeanette Manfra, a top official within the Department of Homeland Security’s (DHS) cyber agency, announced Thursday that she will leave her position at the end of the year. Manfra, who serves as the assistant director for Cybersecurity and Communications within the DHS Cybersecurity and Infrastructure Security Agency (CISA), tweeted that stepping down was “not an easy decision.” “After 12 years at DHS, I’ll be leaving @CISAgov at the end of this year,” Manfra wrote. “This is not an easy decision, as it’s been one of my greatest honors to work alongside such a remarkable team on this incredibly important mission.”


7 – Auditors Uncover Tens of Thousands of Critical Security Gaps At Energy Facilities

The Energy Department continues to botch the same cybersecurity practices year after year, leaving unclassified systems in the nation’s nuclear facilities and other critical infrastructure exposed to digital attacks, according to a federal watchdog. In general, the agency is capable of fixing vulnerabilities after they’re uncovered, but officials have struggled to put in place policies to ensure they aren’t repeating the same mistakes, the Energy inspector general said. In their annual audit of the department’s cybersecurity program, investigators uncovered multiple recurring weaknesses related to configuration management, access controls, personnel training programs and security testing. 


8 – Interpol group delays criticism of encryption after objections

The international police organization Interpol put off plans to condemn the spread of strong encryption after objections by tech companies and civil liberties advocates, according to two people familiar with the matter. Interpol’s group on crimes against children had discussed a resolution on the topic put forward by the U.S. Federal Bureau of Investigation at the group’s conference in Lyon two weeks ago. At the close of the conference, leaders told attendees they would release a statement calling on tech companies to design products that allow governments to “obtain access to data in a readable and useable format,” Reuters reported on Nov. 17.


9 – This is Tim Berners-Lee’s grand plan to save the web from digital dystopia

Web inventor Tim Berners-Lee has published his plan to save the web, warning that a ‘digital dystopia’ lies ahead if big tech companies and governments don’t change their ways. Berners-Lee unveiled the first part of the Contract for the Web — nine high-level principles for governments, tech companies and individuals — in November last year. The contract says, for example, that governments should ensure everyone can connect to the internet, and should keep all of the internet available all the time, while tech companies are urged to make the internet affordable and accessible to everyone, and respect consumers’ privacy and personal data.


10 – Hackers Demand Beer

An unusual demand was issued to a Ugandan beer manufacturer whose website was hacked on Tuesday.  Threat actors targeting Nile Breweries Limited removed the contents from the organization’s website nilebreweries.com before demanding that a secret beer recipe stored on the brewery’s servers be put into production. To persuade the brewery to comply with their demands, the unidentified cyber-criminals threatened to expose the classified recipe to the public. Visitors to the brewery’s homepage were confronted with looped video footage of an unidentifiable assailant dressed in a black hoodie. The video depicts the threat actor vocalizing the following curious missive in an electronically disguised voice.


11 – Europol Shuts Down ‘Imminent Monitor’ RAT Operations With 13 Arrests

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim’s computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users.


12 – Mixcloud data breach exposes over 20 million user records

A data breach at Mixcloud,  a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to examine and verify the authenticity of the data. The data contained usernames, email addresses, and passwords that appear to be scrambled with the SHA-2 algorithm, making the passwords near impossible to unscramble. The data also contained account sign-up dates and the last-login date. It also included the country from which the user signed up, their internet (IP) address, and links to profile photos.

Related Posts