AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/10/2020

1 – Data Breach at Mitsubishi Electric Caused by Zero-Day Vulnerability in Antivirus Software

When antivirus software is installed and activated, there is usually an assumption that the system is automatically safer. Antivirus software can be penetrated just like any other software can, however, as a 2019 data breach at Japanese electronics giant Mitsubishi Electric demonstrates. Mitsubishi Electric did not disclose what software they were using or exactly what the nature of the data breach was; it took over six months to even admit that there was a breach. However, the company did reveal that it likely lost trade secrets and the personal data of employees.


2 – Android pulls 24 ‘dangerous’ malware-filled apps from Play Store

Android users: got a mobile app named Weather Forecast? If so, you should squash it like a bug. Google’s Play Store has already swatted it, along with 23 other vermin apps, all of which have cumulatively been downloaded more than 382 million times. Their commonalities: they all come from a Chinese parent company that’s tucked behind a handful of app developers, and they all have a penchant to ask for ‘dangerous’ permissions, harvest data and send it back to Chinese servers, sneakily launch browser windows and click on ads, and/or sign you up for pricey premium phone numbers.


3 – Microsoft fixes Windows 10 search bar fault

Dozens posted on social media that Windows Search had stopped working for them on Wednesday morning. Users said that when they used the desktop search tool it brought up a blank box rather than related results. Hours after it was first reported, the company said it “resolved” the problem for most users but some may need to restart their computers. “This issue has been resolved for most users and in some cases you may need to reboot your machine,” it said. The Windows 10 operating system has 800 million users worldwide. Microsoft did not say how many users were impacted by the problem.


4 – Charming Kitten Uses Fake Interview Requests to Target Public Figures

APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details. The Iran-based hacking group Charming Kitten has resurfaced with a new campaign that uses fake interviews to target public figures to launch phishing attacks and steal victims’ email-account information. In a report released Wednesday, security researchers at Certfa Lab say they discovered the Iranian APT group targeting public figures such as political and human rights activists with new attacks aimed at stealing their email credentials and sniffing around for info about their contacts and networks, the company wrote in a blog post.


5 – Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches

Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) today disclosed security breaches that happened in May 2018 and in June 2015/August 2016, respectively. The geospatial provider and the major steel manufacturer also confirmed unauthorized access to their internal network during the two incidents, as well as malware infections affecting their computing systems following the attacks. No damage such as information leakage has been discovered so far during the following investigations per the official statement issued today by Pasco.


6 – Child-Welfare Activists Attack Facebook Over Encryption Plans

New opponents confronted Facebook on Wednesday as it moves forward with a plan to encrypt all of its messaging platforms: child welfare advocates who said that encryption would allow child predators to operate with impunity across the company’s apps. “Facebook has a responsibility to work with law enforcement and to prevent the use of your sites and services for sexual abuse,” a group of 129 child protection organizations, led by the National Society for the Prevention of Cruelty to Children, said in a letter to the Silicon Valley company. “An increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make.”


7 – Welfare surveillance system violates human rights, Dutch court rules

A Dutch court has ordered the immediate halt of an automated surveillance system for detecting welfare fraud because it violates human rights, in a judgment likely to resonate well beyond the Netherlands. The case was seen as an important legal challenge to the controversial but growing use by governments around the world of artificial intelligence (AI) and risk modelling in administering welfare benefits and other core services. Campaigners say such “digital welfare states” – developed often without consultation, and operated secretively and without adequate oversight – amount to spying on the poor, breaching privacy and human rights norms and unfairly penalising the most vulnerable.


8 – Google Slaps Face-Recognition Firm Clearview With a Cease-and-Desist Letter

Clearview AI, a controversial face recognition start-up, whose customers include hundreds of U.S. law enforcement agencies, including the FBI, has been served cease-and-desist letters by Google and its subsidiary YouTube. The letters, which serve as a warning of impending civil action by Google, come in response to recent statements by Clearview CEO and founder Hoan Ton-That. In an interview with CBS This Morning that aired on Wednesday, Ton-That defended the company scraping photos of people’s faces from Facebook, Google, and countless other websites without their consent, arguing that Clearview has a First Amendment right to access “public” data.


9 – China-linked hackers have targeted Malaysian government, officials warn

A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week. The Malaysian Computer Emergency Response Team, a government-backed organization, said it had “observed an increase in [the] number of artifacts and victims involving a campaign against Malaysian government officials.” The hackers have tended to target government-backed projects in an effort to steal reams of data on proposal and shipping information, the Malaysian officials said. To do that, the attackers have exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft products to compromise their targets.


10 – Hackers deface Facebook’s official Twitter and Instagram accounts

All hacked accounts have now been restored into Facebook’s possession and the defacement posts removed. The attack has been carried out by OurMine, the same hacker group who last week defaced Twitter, Instagram, and Facebook accounts for the NFL, 15 NFL teams, and sports TV station ESPN. The hacks took place before the Super Bowl, in order to gain the group reputational points and media coverage. At the time, ZDNet reported that the unauthorized tweets posted on the Twitter timelines of NFL and its teams were posted via an app named Khoros, an app that’s usually used by digital marketing and public relations departments.


Related Posts