AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/09/2019

1 – Facebook accuses two Chinese nationals of using hacked accounts to spread ads

Facebook is taking action against two Chinese nationals and a Hong Kong advertising firm for allegedly using the social media platform to distribute malware, then push misleading advertisements to try to make money. The lawsuit filed Thursday in the Northern District of California accuses ILikeAd Media International Company Ltd. and two individuals, Chen Xiao Cong and Huang Tao, of involvement with a scheme to dupe users into downloading malware. Then, the suit states, conspirators would use hacked accounts to advertise counterfeit goods and diet pills. Since April, Facebook has been notifying hundreds of thousands of users that their accounts may have been compromised by the scheme and instructing them to change their passwords, according to the complaint.


2 – Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

A couple of weeks ago, one of the industry’s most famous VPN providers, Private Internet Access (PIA) was acquired by Kape Technologies, an Israeli based firm as a result of its parent company, LTMI Holdings agreeing to a merger. Reportedly, $95 million was paid as a part of the deal and this happens to be the third one on the part of Kape who has also acquired CyberGhost and ZenMate in the past. Moreover, it is reported that PIA’s debts of $32.1 million will also be paid off through this acquisition allowing them to progress further in terms of product development and innovation.


3 – SpaceX rocket launches blockchain tech to International Space Station

SpaceChain launched hardware Thursday that will support blockchain wallet applications as it builds its low-Earth-orbit satellite network for digital transactions. The hardware is the first blockchain demonstration project aboard the International Space Station and it will be used to show how documents that require multiple signatures or approvals can be secured through a space-based network. And it will be hosted on a commercial platform called Nanoracks on the station.


4 – Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War?

By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were greeted by an even more unsettling message when they turned on their PCs. A pink font glowed with a warning: “Ooops, your important files are encrypted. … We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment …” The cost was $300 in Bitcoin per computer.


5 – BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019. BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries. Following the discovery, the hackers were allowed to stay active with the probable end purpose of collecting more info on who they were, how many systems they managed to compromise, and what data they were after, if any, as Munich-based Bayerischer Rundfunk’s reports.


6 – Google to add eye detection to Pixel 4 after privacy concerns

Google has said it will update its new Pixel 4 phones to prevent them being unlocked using the sleeping faces of their owners. The phones, which are not yet in shops, are the first from Google to include a secure face unlock feature, in place of the fingerprint sensor used on previous iterations. The feature is also used to confirm payments and sign in to apps. Unlike the similar feature on iPhones, FaceID, the Pixel face unlock does not require the user to be looking at the phone – or even to have their eyes open. Google has announced an update that will offer a more secure option. 


7 – California man given 27 years for school credit card fraud

A California man has been sentenced to 27 years in prison for a credit card scheme that targeted students in the San Juan Unified School District. The Sacramento Bee reported 41-year-old Ruslan Kirilyuk of Beverly Hills was convicted of 24 counts of wire fraud and other charges. Authorities say more than $3.4 million was charged to 119,000 stolen accounts between October 2011 and March 2014. The U.S. Attorney’s Office for the Eastern District of California says Kirilyuk and three other conspirators created fake companies using the personal information of more than 200 students in the Sacramento County school district.


8 – Global watchdogs urge ‘vigilant monitoring’ as big tech companies shift into financial services

Google, Alibaba and other “Big Tech” companies could be forced to share data on financial services customers with banks and financial technology firms to prevent unfair competition. As Facebook’s plan for its Libra “stablecoin” faces scrutiny, a global body of regulators from the world’s main financial centers said that Big Tech’s growing tentacles raised questions for financial stability, competition and data privacy. The Financial Stability Board (FSB) called in a report released on Sunday for “vigilant monitoring” of Big Tech’s shift into financial services, which it said could crimp the ability of banks to generate capital through retained profits.


9 – In A BYOD World, Everybody Needs Cybersecurity Chops

Technology alone won’t fix the security woes that have been rampaging through the connected business world. What is needed is the full engagement of the workforce. Carl Cadregari, executive vice president of The Bonadio Group’s Enterprise Risk Management team, is an advocate for preparing the workforce — the entire workforce — for the cybersecurity challenges ahead. The cybersecurity industry is constantly scrambling to keep up with the latest tools and tricks. The threats may change, but one thing remains consistent: untrained users who don’t understand their roles and responsibilities in preventing an attack. More employee training is needed, and urgently.


10 – How successful was Britain’s plan for its own Silicon Valley?

Who doesn’t want their own Silicon Valley? David Cameron certainly did. In November 2010, he announced the “Tech City” programme, aiming to grow a digital cluster in Shoreditch, east London. The plan was to use branding to get firms in, networking to ensure those ideas get flowing with focused support for high-potential firms. But did it work? Surprisingly, we’re only now getting the first detailed answer, courtesy of Dr Max Nathan, an academic leading great work on what policy does (and doesn’t) do to drive local economic growth.

Related Posts