AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/18/2020

1 – Reuters Partners With Facebook For Fact-Checking Program

Reuters has joined Facebook’s fact-checking crusade. As part of the social network’s third-party program, Reuters will comb through photos, videos, headlines, and other content—in the run-up to the U.S. election and beyond—to verify information in English and Spanish. The global news provider will then publish its findings on a specially created blog. “We are steadfastly recognizing the magnitude of misinformation taking place around the world. It’s a growing issue that impacts society daily and it’s a responsibility for news organizations and platforms to halt the spread of false news,” Jess April, director of global partnerships at Reuters, said in a statement.


2 – Five Texas Men Sentenced to Federal Prison for their Roles in Scheme to Launder Millions from Business Email Compromise Fraud

In Austin this afternoon, a federal judge sentenced a Nigerian National formerly residing in Houston to 135 months in federal prison for his role in laundering millions derived from Business Email Compromise (BEC) schemes, announced U.S. Attorney John F. Bash; Special Agent in Charge Shane Folden, Homeland Security Investigations (HSI), San Antonio; and, Inspector in Charge Adrian Gonzalez, U.S. Postal Inspection Service (USPIS), Houston Division. In addition to the prison term, U.S. District Judge Robert Pitman ordered that 32-year-old Bameyi Kelvin Omale pay $5,378,292.03 in restitution. 


3 – Tech Empowering More ‘Aggressive and Complex’ Espionage, Says National Counterintelligence Strategy

“Increasingly aggressive and complex threats” from foreign intelligence call for a comprehensive deterrence and detection plan to combat insider threats, theft of sensitive information, hacking and even “assassination attempts by foreign intelligence services” on U.S. soil, National Counterintelligence and Security Center Director Bill Evanina said in the new National Counterintelligence Strategy. “It is essential that we engage and mobilize all elements of United States society and fully integrate sound counterintelligence and security procedures into our business practices, and strengthen our networks against attempts by foreign threat actors or malicious insiders to steal or compromise our sensitive data, information, and assets,” Evanina wrote in the report.


4 – Puerto Rico’s government fell victim to a $2.6M email phishing scam

The government of Puerto Rico has revealed it fell victim to an email phishing scam, with the attackers making off with more than $2.6 million in stolen funds. On February 12, the finance director of the island’s Industrial Development Company, Rubén Rivera, filed a compliant to police, noting the agency wired the funds to a fraudulent account, AP reports. The transfer purportedly took place on January 17, after the agency received an email which suggested there has been a change to a banking account tied to remittance payments, according to a police statement.“This is a very serious situation, extremely serious,” Industrial Development Company Manuel Laboy told AP. “We want it to be investigated until the last consequences.”


5 – Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked

Swiss encryption machine company Crypto AG was secretly owned by the CIA and a West Germany spy agency at the height of the Cold War, according to explosive revelations in Swiss and German media today. Although rumours had swirled for decades around Crypto AG and the backdooring of its products by the West – cough, cough, NSA – and not forgetting careless remarks by former US prez Ronald Reagan, today’s publications by Swiss broadcaster SRF and German broadcaster ZDF confirm those old suspicions. And who could forget that lovely list of words that caused Five Eyes’ spying machine Echelon to switch on? “Crypto AG”, along with “kill the president”, could summon the black ‘copters to your front door.


6 – Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware

Microsoft is advising administrators to disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks. Since 2016, Microsoft has been recommending that administrators remove support for SMBv1 on their network as it does not contain additional security enhancements added to later versions of the SMB protocol. These enhancements include encryption, pre-authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, insecure guest authentication blocking, and more.


7 – SweynTooth Bug Collection Affects Hundreds of Bluetooth Products

Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in Bluetooth range can crash affected devices, force a reboot by sending them into a deadlock state, or bypass the secure BLE pairing mode and access functions reserved for authorized users. Devices running on SoCs from Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics, and Telink Semiconductor are impacted by SweynTooth. However, SoCs from other vendors may contain SweynTooth flaws.


8 – Ofcom to be put in charge of regulating internet in UK

Ofcom will be put in charge of regulating the internet, the government has announced, with executives at internet firms potentially facing substantial fines or even prison sentences if they fail to protect users from “harmful and illegal content” online. Under the proposals, Ofcom will not have the power to remove specific posts from social media platforms. Instead, it will require internet companies such as Facebook and Google to publish explicit statements setting out which content and behaviour they deem to be acceptable on their sites. The media regulator will then ensure internet businesses enforce these standards “consistently and transparently”.


9 – Personal data of all 6.5 million Israeli voters exposed by security flaw in app

A security flaw in a mobile app used primarily by Prime Minister Benjamin Netanyahu’s Likud party exposed the personal data of every eligible voter in Israel just three weeks before a national election. The flaw in the Elector app revealed the names, addresses and identity card numbers for each one of Israel’s 6,453,255 voters in such a simple way that it didn’t require any advanced knowledge of hacking to access the critical information. “It wasn’t very technical,” said software developer Ran Bar-Zik, who exposed the flaw in the Haaretz newspaper on Sunday after it was fixed.”It’s amazing. It’s a very simple, very stupid hack. To call it a hack is an insult to professional hackers.” Before the flaw was fixed, Bar-Zik said users could go to the Elector app’s website and view the source code, which revealed the logins of system administrators, allowing anyone to access and download the voter registry.


10 – Japan says defence data possibly breached

The Japanese defence ministry said late on Monday that sensitive data on defence equipment may have been breached as a result of cyber attacks on Mitsubishi Electric, a major supplier of the country’s defence and infrastructure systems. The company has told the ministry that potentially stolen data included requirements for defence equipment that the ministry specified for contract bidders in October 2018, the ministry said in a statement. The ministry said it was still in the process of investigating the security impact of the potential leak. Mitsubishi Electric did not win the contract in the auction.


11 – Pentagon, FBI, DHS jointly expose a North Korean hacking effort

The Pentagon, FBI, and Department of Homeland Security have publicly identified a North Korean hacking campaign as part of a broad information sharing program intended to warn industry against adversarial hacking, CyberScoop has learned. The public disclosure includes details about at least seven different malware samples linked with North Korean hacking efforts. The samples point to cyber-espionage activities carried out by an actor the U.S. refers to as Hidden Cobra, which officials have previously associated with the North Korean government. The files detailed use tools meant to steal data, create and delete files and capture screenshots, according to a person who has viewed the U.S. malware analysis report (MAR).


12 – Google removes 500+ malicious Chrome extensions from the Web Store

Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-months long investigation conducted by security researcher Jamila Kaya and Cisco’s Duo Security team. The removed extensions operated by injecting malicious ads (malvertising) inside users’ browsing sessions. The malicious code injected by the extensions activated under certain conditions and redirected users to specific sites. In some cases, the destination would be an affiliate link on legitimate sites like Macys, Dell, or BestBuy; but in other instances, the destination link would be something malicious, such as a malware download site or a phishing page.


13 – New alarming texting scam: scammers pose as Verizon Wireless, ask for personal information

Police are issuing a warning about a sophisticated scam that sends out texts that look like they’re from Verizon Wireless. According to Howtogeek.com, a scammer texts people with an “account security” message. The message takes you to a site that looks like Verizon’s website. Chris Hoffman, the Editor in Chief of How-To Geek, says the staff over at the website opened the link. The fake website then asks for a My Verizon phone number, a user ID, and a password. The Town of Tonawanda Police Department posted information about the phishing scam on its Facebook Page.


14 – Trump wants US to be less reliant on GPS with new executive order

President Donald Trump signed a new executive order on position, navigation and timing services Feb. 12, encouraging the development of a resilient PNT infrastructure that isn’t exclusively reliant on the Global Positioning System of satellites. “It is the policy of the United States to ensure that disruption or manipulation of PNT services does not undermine the reliable and efficient functioning of its critical infrastructure,” the executive order reads. “The Federal Government must increase the nation’s awareness of the extent to which critical infrastructure depends on, or is enhanced by, PNT services, and it must ensure critical infrastructure can withstand disruption or manipulation of PNT services. To this end, the Federal Government shall engage the public and private sectors to identify and promote the responsible use of PNT services.”


15 – Sen. Gillibrand proposes a new government agency to protect privacy on the internet

Sen. Kirsten Gillibrand, D-N.Y., just unveiled her new proposal for digital privacy legislation, including a new federal agency to enforce consumers’ privacy rights online. It adds to a growing stack of bills aimed at empowering consumers with new digital rights and keeping tech companies’ data collection in check. In a Medium post announcing the bill, Gillibrand name-checks Google and Facebook as just a couple of the tech companies that have capitalized on users’ data. “These companies have built major empires of data with information about our private lives. They’re processing that information with increasingly complex and sophisticated algorithms. And they’re making a whole lot of money off of it,” Gillibrand wrote.


16 – Twitter, Facebook fined for not moving user data to Russia

A court in Moscow fined Twitter and Facebook 4 million rubles each Thursday for refusing to store the personal data of Russian citizens on servers in Russia, the largest penalties imposed on Western technology companies under internet use laws. The fines of nearly $63,000 are the first five-figure fines levied on tech companies since Russia adopted a flurry of legislation starting in 2012 designed to tighten the government’s grip on online activity. One provision required tech companies to keep servers in Russia for storing personal information they gather from Russian citizens. Russia’s internet regulator, Roskomnadzor, has tried unsuccessfully for several years to force large companies like Facebook, Twitter and Google to move Russian user data to Russia.

Related Posts