AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/27/2019

1 – Chinese malware broker behind US hacks is now teaching computer skills in China

A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on Internet security. Mr Yu Pingan, who spent 18 months in a San Diego federal detention centre, had pleaded guilty to conspiracy to commit computer hacking. The high school instructor was arrested at Los Angeles International Airport in August 2017 upon arriving with a group of teachers to observe a US university.


2 – Ga. high court’s ruling on 200K-victim cyber attack could set precedent

A ruling from Georgia’s highest court this week could set a precedent that determines recourse for victims of cyber attacks, an ever-growing problem. The Georgia Supreme Court on Monday ruled that the victims of a Athens-area medical clinic whose computer databases — invaded by anonymous hacking group “The Dark Overlord” — can sue the clinic. The unanimous ruling reverses the Georgia Court of Appeals decision to throw the case out. Justices found that even the threat of future harm to a data breach victim is enough to be compensated for under the law, which could set statewide precedent in these types of crimes. 


3 – Ring’s Security Woes Cause Some Tech Review Sites to Rethink Glowing Endorsements

At least two tech review sites are discussing whether to rescind their positive recommendations of Ring’s home surveillance cameras, a leading digital-rights organization announced this week. In the wake of reporting by Gizmodo and other outlets this year concerning Ring’s troubled security and privacy practices, Fight for the Future has launched a campaign calling on tech review sites, such as Consumer Reports and PC Magazine, to suspend recommending Ring products.


4 – New rule would make it possible to track and identify nearly all drones flying in the U.S.

The Federal Aviation Administration put forward a rule Thursday that would empower the government to track most drones in the U.S. The rule will require drones to implement a remote ID system, which will make it possible for third parties to track them. The measure will help law enforcement identify unauthorized drones that may pose a security threat, paving the way for wider adoption of commercial drone technology. The rule said that the FAA expects all eligible drones in the U.S. to comply with the rule within three years.


5 – Three GozNym members sentenced domestically, internationally

A three-year-old investigation and prosecution of cybercriminals aligned with the multinational GozNym network resulted last week in the sentencing of a Bulgaria resident in a Pittsburgh federal court. In a related action, a Tbilisi, Georgia court handed down prison sentences of seven and nine years to two Georgian members of the group, following a lengthy trial. In the Pittsburgh case, U.S. District Judge Nora Barry Fischer ruled that Krasimir Nikolov, 47, will be sent back to Bulgaria three years after already serving more than 39 months in a U.S. prison. In September 2016, Nikolov was arrested in Bulgaria, from which authorities extradited him to the U.S. for prosecution on charges of criminal conspiracy, computer fraud and bank fraud.


6 – Apple ‘hacker’ spared jail over iCloud blackmail

A 22-year-old man has admitted trying to blackmail Apple by claiming he had access to millions of iCloud accounts. Kerem Albayrak from north London threatened to wipe 319 million accounts unless Apple gave him iTunes gift cards worth $100,000 (£76,000). But an investigation found that Albayrak had not compromised Apple’s systems. He has been given a two year suspended jail sentence and ordered to do 300 hours of unpaid work. In March 2017, Albayrak emailed Apple’s security team, claiming to have breached millions of iCloud accounts.


7 – US Air Force Evaluating Cyber/IoT Vulnerabilities of DoD Critical Infrastructure

Under the Evaluation of Cyber/IoT Vulnerabilities of Department of Defense Critical Infrastructure (ExCITe) proposal, the Air Force is asking for information regarding technical concepts, approaches and merits of the ideas of work pertaining to the automatic identification, mapping and security analysis of various base control systems. The base control systems consists of industrial control systems/supervisory control and data acquisition (ICS/SCADA), building automation, life safety, utility monitoring and airfield control systems, which have become increasing cyber targets in recent years. 


8 – YouTube admits error over Bitcoin video purge

YouTube has reinstated hundreds of crypto-currency related channels after admitting it had removed them “in error”. A wave of YouTubers received notifications that their videos were in breach of the platform’s terms of service earlier this week. The move appeared to target smaller channels and publishers that focused on Bitcoin and crypto-currency content. The Google-owned video sharing platform has since apologised for the mistake. Video-makers initially took to Twitter to share their frustration, after many well-established channels claimed that YouTube had been ignoring their complaints.


9 – Trump could mandate free access to federally funded research papers

The Trump White House is rumored to be working on a beefed-up open access mandate. The potential executive order would require all scientific papers that are based on federally funded research to be made available online free of charge as soon as they are published. That would supersede a 2013 rule issued by the Obama White House that required federally funded papers to become freely available one year after publication. The White House hasn’t actually announced the new policy yet, but the rumors were enough to get the attention of scientific publishers. Last week more than 100 publishing organizations signed a letter calling on the Trump administration to scrap the proposal.


10 – New York Governor vetoes bill to legalize e-bikes and e-scooters

New York had been set to legalize electric bikes and scooters, which would have allowed sharing programs like Bird, Lime or Jump to come to markets including New York City. However, Governor Cuomo has vetoed the bill, meaning e-bikes and scooters will continue to be illegal in the state. The bill was passed in June with strong support, sailing through both the state Senate and the state Assembly will minimal opposition. The new legislation was particularly desired by delivery workers, according to StreetsBlog NYC, who often prefer e-bikes for their work. However, Gov. Cuomo chose to veto the bill due to a lack of included safety measures.

Related Posts