AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/31/2019

1 – 160,000 Belgian Allianz Partners clients affected by data theft

An Allianz Partners strongbox containing back-up copies of data related to disaster claims was stolen in the Netherlands in August, the insurance and assistance company disclosed on Friday. According to an audit and analysis of the documents concerned, the strongbox contained data on 160,000 Belgian customers who had filed claims for disasters or breakdowns under their assistance contracts or travel insurance. The strongbox was stored in a secured place outside the company’s buildings. A complaint was immediately filed with the Dutch police and a judicial investigation is under way.


2 – New Year Honours: Government apologises after addresses published

The government has apologised “to all those affected” after it accidentally published addresses of more than 1,000 New Year Honour recipients online. The file – which included details of senior police officers and politicians – was uploaded to an official website on Friday evening and removed Saturday. The Cabinet Office told the BBC it was “looking into how this happened”. Among the addresses were those of Sir Elton John and former director of public prosecutions Alison Saunders. Also on the list of 1,097 honours recipients were high-profile names such as cricketer Ben Stokes, former Conservative Party leader Iain Duncan Smith, TV cook Nadiya Hussain, and former Ofcom boss Sharon White.


3 – ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials. The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government.


4 – Apple accused of crackdown on jailbreaking

Apple is pushing ahead with a lawsuit against Corellium, in what is being labelled as a move to end jailbreaking. The tech giant began its legal battle in August, claiming the firm profits from “perfect replicas” of iOS. Apple has now amended its lawsuit, alleging copyright infringement. Corellium’s CEO responded in an open letter, insisting developers and jailbreakers should be “concerned” by the move. Jailbreaking is a process by which Apple’s operating systems are modified to remove restrictions and give greater control to the user.


5 – Poloniex requires password reset after account information leak

Cryptocurrency exchange Poloniex has enforced a password reset on users whose email addresses and passwords were leaked on Twitter.  In an email dated Dec. 30, the exchange said that “someone” posted a list of email addresses and passwords on Twitter and claimed that they could be used to log in to Poloniex accounts. However, the exchange stated that “almost all of the email addresses listed do not belong to Poloniex accounts.” For those that are associated with Poloniex, the exchange has forced a password reset.  


6 – US Army bans soldiers from using TikTok over security worries

The US Army has banned the use of the hugely popular short video app TikTok by its soldiers, calling it a security threat. The Army has joined the Navy in barring the use of the app on government-owned phones, following bipartisan calls from lawmakers for regulators and the intelligence community to determine whether the Chinese-owned app presents a threat to national security and could be used to collect American citizens’ personal data. Military.com was the first to report on the decision.


7 – CES 2020: Rise of cloud gaming and death of the video game console

Gamers who have been around since the days of Atari may find it hard to believe that games today are of the same stock: Games that started with a few beeps and bouncing lights and have evolved into complex narratives with graphics so sharp you can see a character’s every eyelash. While developers continue to improve a game’s graphics, the hardware is naturally getting better, too. But what if the new trend is high-quality games without hardware? In the next few years, it’s becoming less likely that you’ll need a console at all to play video games — a trend we expect to see highlighted at CES 2020 in Las Vegas next week. The year 2019 saw a huge shift toward cloud gaming platforms, which let users play games online across various devices through a host gaming server.  


8 – Microsoft says North Korea-based hackers were stealing sensitive information

Microsoft said on Monday it won a court order that allowed the tech giant to take control of 50 websites that a North Korea-linked hacking group was using to carry out cyberattacks. The group called “Thallium,” believed to be operating from North Korea, was using a technique known as spear phishing to trick its victims. The group’s targets included government employees, think tanks, university staff and individuals working on nuclear proliferation issues based mostly in the U.S., Japan, and South Korea.


9 – Special Olympics New York Hacked to Send Phishing Emails

Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previous donors. Special Olympics NY provides sports training and athletic competition to more than 67,000 children and adults with intellectual disabilities across New York State (66,835 registered athletes and unified partners according to this fact sheet).


10 – Feds: No Evidence Hackers Disrupted North Carolina Voting

RALEIGH, N.C. — A federal investigation didn’t turn up any evidence that cyber attacks were responsible for computer errors that disrupted voting in a North Carolina county in 2016, according to a report issued Monday. The U.S. Department of Homeland Security’s report said it didn’t identify any malware or remote access to the Durham County Board of Elections systems that it analyzed. After voter check-in software failed, federal authorities conducted a forensic analysis of the county’s electronic poll books to see if Russian military hackers who targeted the software provider may have tampered with registration information to disrupt voting.

Related Posts