AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/16/2019

1 – Google rolls out Verified SMS and Spam Protection in Android

Google announced today two updates for Messages, the default SMS app in the Android mobile operating system. Starting today, Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. As the name of the first feature hints, Verified SMS works by confirming the identity of the SMS sender. “When a message is verified-which is done without sending your messages to Google-you’ll see the business name and logo as well as a verification badge in the message thread,” said Roma Slyusarchuk, a Google Software Engineer on the Messages app.


2 – VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA. Three attacks that targeted organizations in this type of attack with the end goal of scraping payment card data were observed during the summer of 2019, according to the Visa Payment Fraud Disruption (PFD). This alert follows a previous warning from November that also mentions such merchants being an increasingly attractive target for threat groups “due to the lack of secure acceptance technology, (e.g. EMV Chip, Point-to-Point Encryption, Tokenization, etc.) and non-compliance with PCI DSS.”


3 – Long wait seen for electric planes despite historic first flight

The pioneers behind the world’s first fully electric, commercial flight say they have made history, but climate-change activists see electric air travel as a dream yet to come true. The Harbour Air seaplane – which seats six – took off close to Vancouver in Canada on Tuesday and flew for less than 15 minutes. Its pilot, Greg McDougall, declared the mission a success, saying in a statement: “We made history.” It was the first time an all-electric commercial plane had taken to the skies, unleashing hopes that fuel-guzzling jets – a key cause of global warming – could be replaced by a green alternative.


4 – Another Ransomware Will Now Publish Victims’ Data If Not Paid

The operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and data as leverage to get victims to pay ransoms. A new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom. While we have seen these threats in the past, only recently have Ransomware operators, such as Maze, actually followed through. In a new post to a Russian malware and hacker forum shared with us by security researcher Damian, the public-facing representative of the REvil ransomware known as UNKN states that a new “division” has been created for large operations.


5 – Senate’s CISA subpoena bill adds privacy protections to DHS proposal

The Senate Homeland Security and Governmental Affairs Committee is preparing to release legislation that would give the Department of Homeland Security administrative subpoena powers to obtain subscriber information for vulnerable devices and systems connected to critical infrastructure. The Cybersecurity Vulnerability Identification and Notification Act of 2019 would allow CISA to subpoena subscriber information for enterprise devices or systems, defined as those “commonly used to perform industrial, commercial, scientific, or governmental functions or processes that relate to critical infrastructure, including operational and industrial control systems, distributed control systems, and programmable logic controllers.”


6 – We Are Actually Begging You to Make Your Venmo Transactions Private

We get it, it’s fun to choose the perfect emoji when sending or requesting money from friends on Venmo. It shouldn’t be so much fun, but somehow, it is. But everyone needs to find a new way to get three seconds of joy, because you’re putting yourself at risk if you don’t have your Venmo account set to “private.” The newest scam targeting users: a flood of payment requests from strangers. According to a report from BuzzFeed News, users who have recently made public transactions are being hit with a flurry of requests, for money and to be friends on the app.


7 – Emotion-detecting tech should be restricted by law – AI Now

A leading research centre has called for new laws to restrict the use of emotion-detecting tech. The AI Now Institute says the field is “built on markedly shaky foundations”. Despite this, systems are on sale to help vet job seekers, test criminal suspects for signs of deception, and set insurance prices. It wants such software to be banned from use in important decisions that affect people’s lives and/or determine their access to opportunities. The US-based body has found support in the UK from the founder of a company developing its own emotional-response technologies – but it cautioned that any restrictions would need to be nuanced enough not to hamper all work being done in the area.


8 – Watch this machine made out of Lego sort other Lego using AI

Dubbed the “Universal Lego Sorting Machine” by its creator, Daniel West, it’s a pretty neat contraption that’s far more useful than any of the Lego science projects I used to make. The machine is apparently able to use AI to sort Lego into one of 18 different buckets at a rate of “about one brick every two seconds.” West says he trained the neural network that sorts the bricks using 3D images of Lego parts, and he says the network can learn to recognize any piece as long as there’s a 3D image to train on.


9 – Google, Facebook Market Power Gets More Scrutiny in Australia

Google and Facebook Inc. will come under greater scrutiny from Australia’s competition regulator as the government seeks to rein in the market dominance of the digital giants. Prime Minister Scott Morrison said a special unit will be set up within the competition watchdog to monitor digital platforms, with an immediate focus on online advertising. The government will also review privacy laws to better protect consumers. Morrison pledged to tackle the “power imbalance” between tech companies and traditional media and will force them to negotiate over revenue sharing and the use of news content.


10 – 460,000 Turkish card details put up for sale, web skimmers suspected

Details for 463,378 Turkish payment cards are currently being sold online, ZDNet has learned today. The card dump was put up for sale on Joker’s Stash, the internet’s largest carding shop, security researchers at Group-IB told ZDNet. The data, published in four batches between October 28 and November 27, represents the largest sale of Turkey-based payment card details in recent years. “Cards from Turkey are very rare on cardshops,” Group-IB told ZDNet. “In the past 12 months, this is the only big sale of payment cards related to Turkish banks.”



Researchers at the AI firm Kneron were able to easily fool facial recognition systems at a variety of high security locations — including banks, border crossing checkpoints, and airports — using a high quality mask, Fortune reports. They suggest that anybody with the capability of creating such a mask could easily fool these systems as well — a grave reality check for widespread facial recognition tech. Using the mask, the researchers fooled payment systems by Chinese tech giants Alibaba and WeChat. Some systems were even easier to fool than that — they managed to get through a self-boarding terminal at Schiphol Airport in the Netherlands by using a picture of a face on a phone screen.


12 – This 3D-printed Stanford bunny also holds the data for its own reproduction

It’s now possible to store the digital instructions for 3D printing an everyday object into the object itself (much like DNA stores the code for life), according to a new paper in Nature Biotechnology. Scientists demonstrated this new “DNA of things” by fabricating a 3D-printed version of the Stanford bunny—a common test model in 3D computer graphics—that stored the printing instructions to reproduce the bunny. DNA has four chemical building blocks—adenine (A), thymine (T), guanine (G), and cytosine (C)—which constitute a type of code. Information can be stored in DNA by converting the data from binary code to a base 4 code and assigning it one of the four letters.

Related Posts