AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/17/2019

1 – Prosecutors say a man stole $88,000 from a bank vault. The FBI caught him after he flashed stacks of bills on social media.

If you’re systematically stealing money from a bank vault, it may not be a good idea to post the evidence on your social media pages. A bank employee in Charlotte, North Carolina, allegedly stole $88,000 from the bank’s vault, according to a release from the United States Attorney’s Office Western District of North Carolina. And he wasn’t bashful about advertising to his social media followers the life of luxury he was funding. The release said a criminal indictment was unsealed this week in federal court following the arrest of Arlando Henderson, 29, by the FBI in San Diego. The unsealed indictment alleges Henderson stole cash out of the vault in separate allotments on at least 18 different occasions this year.

 

2 – YouTube is growing up, and creators are frustrated by growing pains

Like death and taxes, seeing a version of “YouTube is over” trend on Twitter just hours after a new policy change goes into effect is a certainty. YouTube’s updated harassment policy is no exception. Under the rules announced last week, YouTube will “no longer allow content that maliciously insults someone based on protected attributes such as their race, gender expression, or sexual orientation.” Essentially, people can criticize a creator’s work, but the basis of those criticisms can’t be attacks on their person. YouTube says the rules are being implemented because bullying makes “people less inclined to share their opinions and engage with each other.”

 

3 – Cryptocurrency tycoon died leaving $145m in limbo. Now lawyers seek exhumation to check it’s really him

Lawyers representing users of the collapsed Quadriga CX cryptocurrency exchange platform are requesting that Canadian authorities exhume and examine the body of its late founder, Gerald Cotten, to check if the person buried there is really him. Cotten, co-founder and CEO of Quadriga, died of complications in December 2018 arising from Crohn’s Disease while traveling in India, the company said on Facebook. At the time, Quadriga — once Canada’s biggest cryptocurrency exchange — said it was unable to gain access to his digital assets. At least $145 million were left frozen in Cotten’s account.

 

4 – Feds Break Up Illegal Streaming Network That Dwarfs Netflix and Hulu Libraries

Two of the minds behind the nation’s largest pirate streaming services, iStreamItAll and Jetflicks, have pleaded guilty to criminal copyright infringement charges, federal officials said Friday. Now we all can rest easier knowing there are a few less bad actors getting one over on multi-billion-dollar giants like Netflix and Disney. A federal grand jury indicted the two men, Darryl Julius Polo, 36, and Luis Angel Villarino, 40, along with six other co-defendants back in August after feds busted their purported headquarters in Las Vegas, Nevada. In his plea agreement, Polo told DOJ officials that his illicit subscription-based service, iStreamItAll, offered more than 118,000 television episodes and 10,000 movies for a monthly fee. Both men also admitted to working as computer programmers for Jetflicks, another Las Vegas-based streaming service that Villarino claimed hosted close to 200,000 pirated TV episodes.

 

5 – Attackers Steal Credit Cards in Rooster Teeth Data Breach

Rooster Teeth Productions have suffered a data breach that allowed attackers to steal credit card and other payment information from shoppers on the company’s online store. The production company, known for its popular shows and documentaries such as RTDocs, Crunch Time, Red vs. Blue, gen:LOCK, and Day 5, suffered an attack that redirected shoppers to a fake payment form on checkout. According to a data breach notification, Rooster Teeth discovered on December 2nd that their online store was hacked earlier that day. As part of this hack, a malicious script was injected into the store that would cause the shopper to be redirected to a fake payment page under the control of the attackers.

 

6 – Controversial sale of .org domain manager faces review at ICANN

ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer. The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital. ICANN (Internet Corporation for Assigned Names and Numbers) said last week that it sent requests for information to PIR in order to determine whether the transfer should be allowed. “ICANN will thoroughly evaluate the responses, and then ICANN has 30 additional days to provide or withhold its consent to the request,” the organization said.

 

7 – Instagram globally rolling out new tools against fake news and hate speech

Facebook has already been involved in several controversies by being accused of allowing users to easily share fake news and hate messages on the social networks. The company announced a series of measures to avoid that problem, but they were only valid for Facebook itself. Starting today, Instagram — which is owned by Facebook — will also have the new tools against misinformation and hate speech. “We want you to trust what you see on Instagram. Photo and video based misinformation is increasingly a challenge across our industry, and something our teams have been focused on addressing,” said the company in a statement. With the help of fact-checking agencies, Instagram will analyze the content published on the social network to determine whether or not they are truthful.

 

8 – Tesla, Apple among firms accused of aiding child labor in Congo

Five of the world’s largest tech companies have been accused of being complicit in the death of children in the Democratic Republic of Congo (DRC) forced to mine cobalt, a metal used to make telephones and computers, in a landmark lawsuit. The legal complaint on behalf of 14 families from Congo was filed on Sunday by International Rights Advocates, a U.S.-based human rights non-profit, against Tesla Inc, Apple Inc, Alphabet Inc, Microsoft Corp and Dell Technologies Inc.. The companies were part of a system of forced labor that the families claimed led to the death and serious injury of their children, it said.

 

9 – Russian media group Rambler attempting to hold Nginx hostage

Maxim Konovalov and Igor Sysoev—founders and creators of the popular Web server software Nginx—were arrested, detained, and interrogated last Thursday. Sysoev’s former employer, Rambler—Russia’s third-largest Internet company, which occupies a roughly similar position in Russian-language Internet to Yahoo or AOL at their height in the English-speaking world—alleged that it owned the rights to Nginx’s source code, due to Sysoev having originally developed it while an employee at Rambler.

 

10 – Hacking and malware cause 75% of all data breaches in the financial services industry

Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries. In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records. Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.

Related Posts