AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/19/2019

1 – ISIS Is Experimenting with This New Blockchain Messaging App

The Islamic State has discovered blockchain. The technology that powers cryptocurrencies like bitcoin and ethereum promises to revolutionize almost all facets of society, from payment processing to online voting. Now ISIS is actively testing a blockchain-based messaging app that could provide everything it needs to thrive: secure, anonymous communication, a tamper-proof repository for beheading videos and other ISIS propaganda, and perhaps most ominously, the ability to transfer cryptocurrency anywhere in the world.


2 – LifeLabs pays ransom after cyberattack exposes information of 15 million customers in B.C. and Ontario

The Canadian laboratory testing company LifeLabs says it made a payment to criminals to retrieve the sensitive information of millions of customers after a cyberattack on its computer systems. In a letter to customers, LifeLabs president Charles Brown wrote that information related to about 15 million customers, mainly in B.C. and Ontario, may have been accessed during the breach. The company says it paid the ransom, “in collaboration with experts familiar with cyberattacks and negotiations with cyber criminals.” The letter does not indicate where the attack originated or who was responsible.


3 – 1.6 billion LightInTheBox customer records left exposed

An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially a physical confrontation as the data included enough clues to allow a malicious actor to discover their home address. LightInTheBox sells apparel, small accessories and gadgets along with home and garden to customers worldwide.


4 – South African IT firm Conor behind the leak of 1 million web browsing records

A database containing highly sensitive and private information and activity, including porn browsing history, has been exposed, with users in South Africa mostly affected. The database, according to vpnMentor’s research team, belonged to South African IT company Conor. As the researchers detailed, daily logs of user activity by customers of ISPs using web filtering software built by Conor exposed all internet traffic and activity of these users, along with their personally identifying information. The software was a web filter developed for ISP clients to restrict access to certain websites and types of online content.


5 – AT&T’s green ‘valid number’ checkmarks won’t end your robocall nightmares yet

The latest push comes today from AT&T, which says it’s starting to mark incoming authenticated calls with a green checkmark and the words “Valid Number.” For now, AT&T’s green checkmarks are coming only to customers with certain Android phones—Samsung’s Galaxy S10 and Galaxy S10+ as well as LG’s V40 ThinQ. This means only some AT&T customers will start finding it easier to screen calls. Crucially, SHAKEN/STIR does not block robocalls, and just because a call isn’t marked with a green check doesn’t mean it’s spam. But as the standard spreads it should become more effective (at least that’s the theory).


6 -Member of “The Dark Overlord” Hacking Group Extradited From United Kingdom to Face Charges in St. Louis

Nathan Wyatt, 39, was extradited from the United Kingdom to the Eastern District of Missouri and arraigned on Dec. 18 before U.S. Magistrate Judge Shirley Padmore Mensah.  He pleaded not guilty and was detained pending further proceedings. A federal grand jury indicted Wyatt on Nov. 8, 2017.  According to court records, beginning in 2016, Wyatt was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization, obtaining sensitive records and information from those companies, and then threatening to release the companies’ stolen data unless the companies paid a ransom in bitcoin.  


7 – 30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world

The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who’d attended the World Health Organization AIDS conference in Stockholm in 1989. Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable. Victims saw instead a note claiming to be from ‘PC Cyborg Corporation’ which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.


8 – 170m passwords stolen in Zynga hack, monitor says

More than 170m usernames and passwords were stolen from the company behind Words With Friends in a hack this year, according to a breach monitoring site. Zynga, a social game developer that made its name with Farmville a decade ago and acquired Words With Friends a year later, admitted to the hack in September, telling users that cyber-attacks were “one of the unfortunate realities of doing business today”. It did not reveal at the time how many accounts were affected. Now it has been revealed that the stolen database contained information on 172,869,660 unique accounts.


9 – Proposed standard would make warrant canaries machine-readable

For years, organisations have been using a common tactic called the warrant canary to warn people that the government has secretly demanded access to their private information. Now, a proposed standard could make this tool easier to use. Instead of some arbitrary language on a website, the warrant canary standard would be a file created using the JSON language, which is notable for displaying data as a list of key:value pairs readable by both people and machines. The file would include 11 codes with a value of zero (false) or one (true). These codes include WAR for warrants, GAG for gag orders, and TRAP for trap and trace orders, along with another code for subpoenas, all of which will have specific legal implications for an organisation and its users. If the value next to any of these keys is zero, the person of software reading the file can infer that none of the warnings have been triggered. If the code changes to one, it’s cause for concern.


10 – NASA takes smarter Mars 2020 rover for first test-spin

The Mars 2020 rover has been equipped with superior autonomous-driving capabilities thanks to “higher-resolution, wide-field-of-view color navigation cameras, an extra computer for processing images and making maps, and more sophisticated auto-navigation software.” According to NASA, Mars 2020 can calculate a path on its own about five times faster than Curiosity, allowing it to cover more terrain even though it’s not a faster vehicle.

Related Posts