AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/18/2019

1 – Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors. Less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.


2 – Insurer Races to Fix Security Flaws After Whistleblower Alert

Blue Cross and Blue Shield Minnesota is reportedly racing to address tens of thousands of security vulnerabilities after a whistleblower on the health insurer’s security team alerted the company’s board of trustees about the problems.  A report in the local newspaper The Star Tribune says BCBS Minnesota is scrambling to boost its security after a cybersecurity engineer at the company warned that about 200,000 vulnerabilities rated as “critical” or “severe” were allowed to linger for years on its computer systems. The company is working to address as many of the security vulnerabilities as possible by the end of the year, the Star Tribune reports.


3 – Nuclear Bot Author Arrested in Sextortion Case

Last summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this scheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release the embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say they’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old hacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called “Nuclear Bot.”


4 – Rambler will drop NGINX criminal case

Following intense backlash from the open-source and Russian tech communities, Russian internet company Rambler said it would drop its criminal case against NGINX Inc, the company behind the world’s most popular web server. Instead, Rambler will pursue any ownership claims over the NGINX source code in civil court, a Rambler spokesperson told ZDNet today. The decision was taken on Monday in a meeting of Rambler’s board of directors. The meeting was called by Sberbank, one of Russia’s largest banks and Rambler’s largest shareholder, with a stake of 46.5% in the company.


5 – Thief Stole Payroll Data of 29,000 Facebook Employees

Some tens of thousands of current and former Facebook employees are impacted after a thief stole corporate hard drives from an employee’s car. According to Bloomberg, banking information of 29,000 Facebook employees in the U.S. was compromised. The hard drives, which were unencrypted, contained payroll data like employee names, bank account numbers, social security numbers, salary details, bonus amounts, and equity details. However, Facebook clarified that the stolen drives didn’t include Facebook users’ data.


6 – Crisis averted: WhatsApp fixed a lethal security flaw

Imagine the app that is your communication lifeline unexpectedly and repeatedly dying. The research arm of Check Point Security announced Tuesday that it found a WhatsApp vulnerability that could have caused frustrating and potentially disastrous functionality for users. The firm alerted WhatsApp to the problem in August, and it is now fixed. Using group chat, Check Point was able to create an exploit that would repeatedly crash the app. WhatsApp wouldn’t work again until the app was uninstalled, reinstalled, and the offending group chat was deleted. Here’s a video demo of how it works.


7 – Google details its approach to cloud-native security

Over the years, Google’s  various whitepapers, detailing how the company solves specific problems at scale, have regularly spawned new startup ecosystems and changed how other enterprises think about scaling their own tools. Today, the company is publishing a new security whitepaper that details how it keeps its cloud-native architecture safe. The name, BeyondProd, already indicates that this is an extension of the BeyondCorp zero trust system the company first introduced a few years ago. While BeyondCorp is about shifting security away from VPNs and firewalls on the perimeter to the individual users and devices, BeyondProd focuses on Google’s zero trust approach to how it connects machines, workloads and services.


8 – More than 38,000 people will stand in line this week to get a new password

A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. All of this is going on at the Justus Liebig University (JLU) in Gießen, a town north of Hamburg, Germany. The university suffered a malware infection last week. While the name or the nature of the malware strain was not disclosed, the university’s IT staff considered the infection severe enough to take down its entire IT and server infrastructure.


9 – New BlueKeep Scanner Lets You Find Vulnerable Windows PCs

A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services. Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet. BlueKeep (CVE-2019-0708) is a vulnerability that leads to remote code execution and could be leveraged to spread malware across connected systems without any interaction from the user.


10 – Puma’s first ‘active gaming footwear’ is a sock

Sports and fashion have gone hand in hand for decades, so it’s no surprise that esports is slowly but surely making a similar impact. Nike has launched esports jerseys, Adidas has signed Ninja, and now Puma is getting in on the action with the launch of its “active gaming footwear.” Or, more specifically, “gaming socks.” Exactly how these socks will improve your gaming performance is unclear, although Puma says the product has been designed for indoor and in-arena use to deliver “seamless comfort, support and grip so gamers can adapt to different active gaming modes and game their best.” So they might not make much of a difference if you’re gaming on the couch, but it does seem like they could have a role to play in more physical AR and VR environments.

Related Posts