AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/26/2019

1 – Apple eyes satellite internet for data project

Apple is reportedly hiring engineers to help deliver a satellite project that would beam internet services directly to devices without the aid of mobile networks. Bloomberg reports that Apple has an early stage project with about 12 engineers from the aerospace, satellite and antenna design industries who hope to launch the project within five years. Exactly what Apple is cooking up is not clear and it could have many different interpretations. The company is expected to launch a 5G iPhone in 2020, as usual a little later than rivals. Apple is also focussing more on services these days, which makes the idea of it providing internet connectivity directly to iPhone users from a SpaceX-like satellite constellation a tantalizing prospect. 

 

2 – FBI Issues Alert For LockerGoga and MegaCortex Ransomware

The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware. Both LockerGoga and MegaCortex are ransomware infections that target the enterprise by compromising the network and then attempting to encrypt all its devices. In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.

 

3 – Jet2 hacker, a former contractor with axe to grind, jailed for 10 months

A cyberattacker that took down Jet2 systems for over 12 hours has been jailed after admitting his guilt. Scott Burns of Morley, Leeds, used to work with the airline as a contractor from IT provider Blue Chip. The 27-year-old worked on the Jet2 account until December 2017, when he left and took up a position at another IT company. Burns, who the UK’s National Crime Agency (NCA) describes as “disgruntled,” performed attacks on the Jet2 network, leading to the shutdown of services for over 12 hours on 18 January 2019.

 

4 – Federal study of top facial recognition algorithms finds ‘empirical evidence’ of bias

A new federal study has found that many of the world’s top facial recognition algorithms are biased along lines of age, race, and ethnicity. According to the study by the National Institute of Standards and Technology (NIST), algorithms currently sold in the market can misidentify members of some groups up to 100 times more frequently than others. NIST says it found “empirical evidence” that characteristics such as age, gender, and race impact accuracy for the “majority” of algorithms. The group tested 189 algorithms from 99 organizations, which together power most of the facial recognition systems in use globally.

 

5 – Apple Expands Security Bounty Program to Include macOS

Bug bounty programs are one of the most effective tools at a company’s disposal to find and fix bugs in operating systems and software. Under such a program, security researchers are paid a bounty for vulnerabilities they find and report to the company. In 2016, Apple opened a security bounty program for iOS and invited specific researchers to join it. However, according to an announcement on their website, the company has expanded the program to all operating systems—iOS, iPadOS, macOS, tvOS and watchOS. The program is also available to all security researchers, rather than a select few.

 

6 – Blunt phone call shows state officials are unhappy with rollout of election security framework

Mac Warner needed to get something off his chest. The secretary of state of West Virginia had patiently listened to federal officials explain their updated process for notifying state officials and the public of foreign attempts to interfere in U.S. elections. As the Nov. 8 phone call with election officials across the country came to a close, Warner said he wouldn’t mince words the way one of his “silver-tongued” colleagues had done while offering feedback on the updated process. “The analogy that came to me is the realigning of the deck chairs on the Titanic,” Warner said, according to a call transcript obtained by CyberScoop. “I think this is a straightening up of the chairs: It feels good and so forth, but you’re not getting to the substance.”

 

7 – France Just Became the Latest Country to Use Unmanned Combat Drones

Just weeks after a dozen French soldiers were killed in Mali, France joined a small number of countries using unmanned combat drones and killed seven Islamic extremists in the country. French President Emmanuel Macron announced over the weekend that his government killed 33 people in a military operation in Mali. On Monday, the military added that, not only had it its ground forces killed a group of alleged insurgents, but that, in a follow-up operation that killed an additional seven people, it used a drone for the first time.

 

8 – Russia ‘successfully tests’ its unplugged internet

Russia has successfully tested Runet, a country-wide alternative to the global internet, its government has announced. Details of what the test involved were vague but, according to the Ministry of Communications, ordinary users did not notice any changes. The results will now be presented to President Putin. Experts remain concerned about the trend for some countries to dismantle the internet. “Sadly, the Russian direction of travel is just another step in the increasing breaking-up of the internet,” said Prof Alan Woodward, a computer scientist at University of Surrey.

 

9 – Chinese hacker group caught bypassing 2FA

Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a report published last week. The group’s primary targets were government entities and managed service providers (MSPs). The government entities and MSPs were active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks.

 

10 – Resurrected PowerShell Empire Framework Converted to Python 3

Hackers of all sorts are getting an early Christmas present this year in the form of a resurrected PowerShell Empire post-exploitation framework all wrapped up in Python 3. Released in 2015, the tool was officially discontinued by its original developers on July 31. Being open-source, the framework was forked more than 1,500 times and continued to be available for anyone who wanted to still try it out. The decision was motivated by “the security optics and improvements that have been provided by Microsoft in the past few years.”

 

11 – Twitter bans animated PNG files after online attackers targeted users with epilepsy

Twitter is banning animated PNG image files (APNGs) from its platform, after an attack on the Epilepsy Foundation’s Twitter account sent out similar animated images that could potentially cause seizures in photosensitive people. Twitter discovered a bug that allowed users to bypass its autoplay settings, and allow several animated images in a single tweet using the APNG file format. “We want everyone to have a safe experience on Twitter,” the company says in a tweet from the Twitter Accessibility handle. “APNGs were fun, but they don’t respect autoplay settings, so we’re removing the ability to add them to Tweets. This is for the safety of people with sensitivity to motion and flashing imagery, including those with epilepsy.”

 

12 – Nepalese police arrest 122 Chinese suspected of committing cybercrime

Nepalese police said Tuesday they arrested 122 Chinese nationals who entered the country on tourist and student visas on suspicion of committing financial fraud and cybercrimes. Metropolitan Police Crime Division Senior Superintendent Sahakul Thapa said the suspects were rounded up during a raid executed Monday throughout the capital city of Kathmandu. “We arrested them as their visa term has already expired,” he said. Police chief Uttam Subedi said the suspects were conducting cybercrime and hacking bank machines.

 

13 – Voting by app is a thing, and it’s spreading, despite the fears of election security experts

In this age of extreme concern—even paranoia—over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app. So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones.

 

14 – Amazon’s Ring has been blaming reused passwords, but now thousands of logins have leaked

Amazon’s Ring is having a very bad week. BuzzFeed News first reported today that login credentials for thousands of Ring camera owners have been published online, including 3,672 sets of emails, passwords, time zones, and the names given to specific Ring cameras (“front door” or “kitchen,” for example). Later today, TechCrunch reported on a set of 1,562 credentials, also consisting of unique email addresses, passwords, time zones, and a camera’s named location. It’s unclear if there’s overlap in the two datasets, but TechCrunch said that its data “appears to be a similar-looking data set to that which [BuzzFeed News] obtained.”

 

15 – Plenty of Fish app was leaking users’ hidden names and postal codes

Dating app Plenty of Fish has pushed out a fix for its app after a security researcher found it was leaking information that users had set to “private” on their profiles. The app was always silently returning users’ first names and postal ZIP codes, according to The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog. The leaking data was not immediately visible to app users, and the data was scrambled to make it difficult to read. But using freely available tools designed to analyze network traffic, the researcher found it was possible to reveal the information about users as their profiles appeared on his phone.

 

16 – Twitter admits data breach, asks India users to change password

Twitter on Saturday admitted a malicious code was inserted into its app by a bad actor that may have compromised some users’ information worldwide, including in India, as people woke up to an email from Twitter, warning them to update the app for Android. The vulnerability within Twitter for Android could allow the bad actor to see non-public account information or to control your account (send tweets or direct Messages), said Twitter. “Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (direct messages, protected tweets, location information) from the app,” Twitter said in a statement.

 

17 – Personal data of 2,400 MINDEF, SAF personnel potentially affected; 2 vendors hit by malware

The personal data of 2,400 Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) personnel may be affected by a potential ST Logistics personal data breach. “This data, contained in working files residing in affected workstations, may have been exfiltrated,” it added. MINDEF said in a statement that preliminary investigations indicate that the personal data could have been leaked. The affected systems contained full names and NRIC numbers, and a combination of contact numbers, email addresses or residential addresses. ST Logistics said in a media release on Saturday (Dec 21) that the potential breach was a result of a recent series of email phishing activities involving malicious malware sent to its employees’ email accounts.

 

18 – Pensacola to pay for ID monitoring for 60,000 people following cyberattack

Pensacola is offering to pay for identity protection monitoring for up to 60,000 people following a cyberattack on the city’s systems earlier this month. Pensacola Mayor Grover Robinson said he made the decision after talks with Deloitte, the international professional services company the city hired for $140,000 to perform an audit of the city’s cybersecurity and review how the cyberattack occurred. “At this particular time, we don’t know if any of our sensitive data got out, but we do know that there is some data that was acquired by the people that hacked us,” Robinson said. Robinson said the city will send out notifications to those who may have had data exposed, which could include active city employees, pensioners, active customers with online accounts with the city or Pensacola Energy and housing clients.

 

19 – Maze Ransomware Releases Files Stolen from City of Pensacola

The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack. Earlier this month, the City of Pensacola was hit with a ransomware attack that impacted the city’s email service, some phone service, and caused them to shut down their computer systems. It was later confirmed by BleepingComputer that they were attacked by the Maze Ransomware who stated they stole data from the city before encrypting the network. They then demanded a $1 million ransom to decrypt their files. Yesterday, the Maze actors released 2GB of the 32GB of files that they state they stole from the city before encrypting the network.

Related Posts