AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities

The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners of insecure, unpatched systems or devices that were connected to the internet. They requested Congress grant them new authorities to issue administrative subpoenas that would compel internet service providers to turn over basic subscriber information so the agency could contact the owners, notify them and offer assistance. The idea was endorsed by the Cyberspace Solarium Commission and eventually worked its way into the House and Senate versions of the NDAA.


Flash Dies but Warning Signs Persist: A Eulogy for Tech’s Terrible Security Precedent

As they promised way back in July 2017, Adobe will stop distributing, updating, or issuing patches for Flash Player after Dec. 31. Across a seven-year rampage from 2010 to 2017, Flash affected 1 billion users, dishing up more than 1,500 critical vulnerabilities — peaking with nearly one new vulnerability reported every day in 2015. Flash continued to grow despite very vocal, very prominent critics. Grassroots movements like Occupy Flash were founded, and major players like Facebook and Mozilla called to retire Flash. One towering figure in particular, Steve Jobs, took a major aim at Flash. He had a complicated relationship with the software, initially embracing it, then becoming its biggest critic. In an infamous open letter, “Thoughts on Flash,” in 2010, Jobs outlined his decision to ban Flash from iOS devices. In the letter, Jobs pointed out how Symantec had condemned Flash for having an abysmal security track record.


Kmart nationwide retailer suffers a ransomware attack

US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. While Kmart has been a household name in the USA, its number has dwindled over the past two years to only 34 stores remaining. BleepingComputer has learned that Kmart suffered a cyberattack by the Egregor ransomware operation this week that encrypted devices and servers on the network.  A ransom note shared with BleepingComputer shows that the ‘KMART’ Windows domain was compromised in the attack. While online stores continue to operate, the ‘Transformco Human Resources Site,’ 88sears.com, is currently offline. Employees said that the outage is caused by the recent ransomware attack.


Verizon has been leaking customers’ personal information for days (at least)

Verizon is struggling to fix a glitch that has been leaking customers’ addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location. The personal details appear when people click on a link to chat with a Verizon representative. When the chat window opens, it contains transcripts of conversations that other customers, either prospective or current, have had. The transcripts include full names, addresses, phone numbers, account numbers (in the event they already have an account), and various other information. Some of the transcripts viewed by Ars date back to June. A separate Window included customers’ addresses, although it wasn’t clear who those addresses belonged to.


FBI: You may be a money mule and not even know it

The FBI has warned of an increasing number of scammers preying on unemployed Americans by trying to recruit them into their money mule schemes and use them to launder funds obtained via fraud, online scams, and other types of criminal activities. Money mules are individuals who transfer or move illegally acquired funds on behalf of criminals using their own or fraudulently opened bank accounts, with or without being aware that they are supporting a criminal operation’s money laundering efforts. There are multiple types of money mules: witting money mules are those who ignore all the red flags, complicit ones are those that are actively involved in the fraudulent scheme, and unwitting (or unknowing) ones are individuals who are unaware of their role and act based on trust.


Related Posts