AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/06/2019

1 – How Internet resources worth R800 million were stolen and sold on the black market

The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC is also a shareholder of a company that received money for selling IP addresses. That insider is Ernest M. Byaruhanga, Guilmette said. Byaruhanga was the second employee to be hired at AFRINIC in 2014, after former CEO Adiel Akplogan.

 

2 – ‘Evil Corp’: Feds charge Russians in massive $100 million bank hacking scheme

The U.S. Justice and Treasury departments took action Thursday against a Russian hacking group known as “Evil Corp.,” which stole “at least” $100 million from banks using malicious software that swiped banking credentials, according to a joint press release. “Evil Corp.” is a name reminiscent of the nickname for the key malevolent corporation in the popular television drama “Mr. Robot.” In all, the action targets 17 individuals associated with the organization, including Evil Corp.’s leader, Maksim Yakubets. The State Department has offered a $5 million reward for information on Yakubets.

 

3 – Hackers Trick Venture Capital Firm Into Sending Them $1 Million

Security researchers at Check Point say the company has uncovered evidence that Chinese hackers managed to hijack $1 million in seed money during a wire transfer between a Chinese venture capital firm and an Israeli startup—without either side realizing anything was wrong. The VC firm and the startup, whose names Check Point hasn’t released, reached out to the security firm after the funds failed to arrive. Once Check Point dug into the details, it discovered a man in the middle attack that took a lot of planning and plenty of patience.

 

4 – The US shows a ‘concerning lack of regard for the privacy of people’s biometric data’

When it comes to the extensive and invasive use of biometric data, the USA is one of the worst offenders in the world, faring only slightly better than China. According to research conducted by Comparitech, which rated 50 countries according to how, where and why biometrics were taken and how they are stored, the US ranked as the fourth worst country. Topping the list is China, followed by Malaysia and Pakistan. While Comparitech did not look at every country in the world, its study did compare 50 of them. To give a country a rating out of 25, each was rated out of five in four categories (storage, CCTV, workplace, and visas) according to how invasive and pervasive and the collection and use of biometrics is.

 

5 – SAP apologises after NZ firearms registry upgrade privacy breach

A systems update by SAP for the cloud platform used by the New Zealand police as part of its government-mandated gun buyback of semi-automatic rifles caused a privacy breach, leading to the entire online system being shut down. Deputy commissioner Mike Clement said the problem was reported to NZ police by an arms dealer with legitimate access to the firearm buyback site, who was able to view details of gun owners.

 

6 – Tetris game app used to distribute PyXie Python RAT

A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries. The RAT has been tracked being delivered through malicious TETRIS apps to load and execute the pen testing tool Cobalt Strike and a custom shellcode loader. “The loader is a Trojanized open source Tetris game. It has been modified to load an encrypted shellcode payload named ‘settings.dat’ from an internal network share and inject it into a new process,” Cylance said.

 

7 – The iPhone 11 Pro’s Location Data Puzzler

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy. The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

 

8 – A Sprint contractor left thousands of US cell phone bills on the internet by mistake

A contractor working for cell giant Sprint stored on an unprotected cloud server hundreds of thousands of cell phone bills of AT&T, Verizon and T-Mobile subscribers. The storage bucket had more than 261,300 documents, the vast majority of which were phone bills belonging to cell subscribers dating as far back as 2015. But the bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone to access the data inside. It’s not known how long the bucket was exposed.

 

9 – 2020 U.S. census plagued by hacking threats, cost overruns

In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize the nation’s once-a-decade population count: build a system for collecting and processing data in-house, or buy one from an outside contractor.  The bureau chose Pegasystems Inc, reasoning that outsourcing would be cheaper and more effective. Three years later, the project faces serious reliability and security problems, according to Reuters interviews with six technology professionals currently or formerly involved in the census digitization effort. And its projected cost has doubled to $167 million — about $40 million more than the bureau’s 2016 cost projection for building the site in-house.

 

10 – Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM’s Aspera software. The SwiftOnSecurity Twitter account revealed that Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service, to enable the Atlassian Companion app to edit files in a preferred local application and save the files back to Confluence.

Related Posts