Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/12/2020

1 – Software errors plague Boeing’s Calamity Capsule

Troubled aerospace giant Boeing will “re-verify” the flight software code for its calamity capsule, the CST-100 Starliner, after it was revealed that December’s anomaly could have been a lot, lot worse. Boeing had already coughed to a timer error that made the spacecraft’s internal clock 11 hours out of whack while sat on the Atlas V. The result was that the Starliner managed to burn through its attitude control fuel on a fruitless attempt to dock with the International Space Station and endure the indignity of an earlier-than-planned return to Earth. It was unclear if NASA would insist Boeing repeat the flight. The mutterings from the duo seemed to indicate that maybe, just maybe, the capsule had done enough to prove it was safe.

 

2 – Lock My PC takes on tech scammers with free recovery key offering, software withdrawal

Lock My PC is being removed from the public domain and free recovery keys are on offer to combat a wave of complaints concerning the software being abused by tech support scammers. Lock My PC is software offered on a free and business basis by FSPRO Labs, an organization which has also developed drive encryption and file access restriction software. Lock My PC is designed to keep PCs safe from unauthorized access, such as when it is left unattended, by creating a lock screen that requires a password to remove. According to the developer, Lock My PC also disables hotkeys, the mouse, and CD/DVD systems. 

 

3 – Coronavirus prompts Sony, NTT and Intel to join Barcelona congress exodus

Japanese wireless carrier NTT Docomo (9437.T), Sony Corp (6758.T) and California-based chip giant Intel Corp (INTC.O) pulled out of the Mobile World Congress (MWC) in Barcelona on Monday because of the coronavirus outbreak. Amazon (AMZN.O), South Korea’s LG Electronics (066570.KS), Swedish equipment maker Ericsson (ERICb.ST) and U.S. chipmaker Nvidia (NVDA.O) have already withdrawn from MWC, which had more than 100,000 visitors and upwards of 2,400 exhibitors in 2019. MWC, due to take place on Feb 24-27, is the telecom industry’s biggest annual gathering, with companies spending millions on stands and hospitality to fill their order books.

 

4 – Just Park: Belfast company flags data breach hitting thousands

The details of more than 4,500 people were published on the website of a new parking app. The discovery on the corporate section of the JustPark system was made by a Belfast business owner. Names, email addresses, mobile numbers, car makes and registrations from across the UK were all made available. JustPark, which took over the running of the Department for Infrastructure’s parking app last month, has since amended the glitch. The information was on the section of the website where the business which made the discovery registered and paid for parking. The amount businesses were paying and their parking history was also available to see.

 

5 – T-Mobile and Sprint Win in Court; Companies Moving to Finalize Merger to Create New Supercharged Un-carrier

T-Mobile US, Inc. (NASDAQ: TMUS) and Sprint (NYSE: S) today announced that after receiving a favorable decision in Federal Court in New York the companies are now taking final steps to complete their merger to create the New T-Mobile. In a decision issued a short time ago, the Court stated that, “T-Mobile has redefined itself over the past decade as a maverick that has spurred the two largest players in its industry to make numerous pro-consumer changes. The proposed merger would allow the merged company to continue T-Mobile’s undeniably successful business strategy for the foreseeable future.”

 

6 – Frustrated author cybersquats novelist’s website

If you visit the website of renowned Canadian novelist Patrick deWitt today, you’ll see a surprising message. “THIS IS NOT PATRICK DEWITT”, it says. That’s because the domain has been taken over by a cybersquatter. Not just any cybersquatter, mind – this one has literary ambitions. The unpublished writer apparently noticed that deWitt had let the domain lapse, and decided to register it for themselves. Clicking on the page takes you to an about section, which announces: Patrick deWitt is an award-winning author who has written 4 best-selling novels. This is not his site. I have not made any films. I have not written any award-winning books. If you want to do something that is singularly unrewarding, write a novel. Anyway, Patrick deWitt wasn’t using this site, so rather than waste your time with a blank page, I thought I would join you here and we could share a moment.

 

7 – Fifth Third warns customers of data breach by former employees

Fifth Third Bank has warned some customers that their personal information may have been misused by former bank employees in an apparent data breach. In a letter to customers, Fifth Third said it believes “a small number of former employees” misused the info dating to summer 2018. The information included name, Social Security number, driver’s license information, mother’s maiden name, address, phone number, date of birth and account numbers. “Please note that since discovering this matter, we have investigated the issue internally and continue to work with law enforcement,” Fifth Third wrote in a customer letter. The bank offered its “identity alert” fraud alert services free for a year as a potential precaution to affected customers.

 

8 – These 20 ‘Hackers’ Helped Shape The Cybersecurity Landscape Forever

I asked cybersecurity experts to name the hackers who have had the biggest impact, good or bad, across the years. This is the result. Defining a hacker is almost guaranteed to kick off the kind of impassioned debate you might ordinarily associate with sports team rivalry. For this article, however, I deliberately backed away from the hacker or cracker debate. Instead, I opted to take the broadest possible meaning within the context of the cybersecurity industry: someone who explores methods to breach computer system defenses be that to improve defensive capability, for criminal gain, as part of a nation-state intelligence operation or cyber-attack, political protest, just for fun or even to advertise their own ‘cybersecurity’ services.

 

9 – Automaton takes center stage in enterprise cyberattacks

The use of automaton to weaponize stolen information dumps is an emerging trend in cyberattacks taking place against enterprise targets, new research suggests.  On Tuesday, IBM released the annual X-Force Threat Intelligence Index, a report based on information gathered from 70 billion security events across 130 countries to spot patterns and themes in cybersecurity.  This year’s report says that roughly 60 percent of unauthorized entries into networks leverage either stolen data or known vulnerabilities that are yet to be patched. With data repositories to hand or exploits for pre-existing security flaws, this has led to a decline in phishing attacks, accounting for only 31 percent of successful infection attack vectors over 2019 — a drop of 25 percent year-on-year. 

 

10 – Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks

A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom. Sophos this month reported that an arbitrary read-write flaw in a digitally signed driver for now-deprecated Gigabyte hardware was recently used by ransomware, dubbed Robbinhood, to quietly switch off security safeguards on Windows 7, 8 and 10 machines. The problem, said Sophos, is that while Gigabyte stopped supporting and shipping the driver a while back, the software’s cryptographic signature is still valid. And so, when the ransomware infects a computer – either by some other exploit or by tricking a victim into running it – and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.

Related Posts