AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/19/2020

1 – IRS Urges Taxpayers to Enable Multi-Factor Authentication

The US Internal Revenue Service (IRS) and Security Summit partners urged tax professionals and taxpayers today to enable multi-factor authentication (MFA) in their tax preparation software products to defend against data theft. “Already, nearly two dozen tax practitioner firms have reported data thefts to the IRS this year,” the IRS said. “Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners’ offices from data thefts.” By enabling MFA on their software products, taxpayers and practitioners will block threat actors that manage to steal their passwords from accessing their accounts without the phones needed to receive the security codes required to log in.

 

2 – Twitter accounts of The Olympics and FC Barcelona hijacked by OurMine hacking group

The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang. But rather than abuse their access to the high profile accounts (@Olympics has six million followers, and @FCBarcelona has a jaw-dropping 31.9 million Twitter fans) to spread malicious links or scams, the OurMine hacking collective posted messages this weekend cheekily suggesting that the brands might want to improve their account security. The account takeover must have been particularly embarrassing for FC Barcelona, which previously had its Twitter account fall foul of OurMine in 2017, when the hackers posted a message claiming a player from arch-rival Real Madrid had been signed-up to play for the football team.

 

3 – Second Windows 10 update is now causing problems by hiding user profiles

Windows 10 users are reporting that a second Windows update included in this month’s Patch Tuesday is causing problems. According to reports, a bug in the KB4532693 update is hiding user profiles and their respective data on some Windows 10 systems. Issues with KB4532693 have been reported on Microsoft forums, Twitter, Reddit, and tech support sites like AskWoody, Bleeping Computer, and BornCity. Users are reporting that after installing the update they can no longer view or access their original Windows 10 profile.

 

4 – Ring to tighten privacy amid concerns it shares customer data with Facebook and Google

Ring, the Amazon-owned maker of smart-home doorbells and web-enabled security cameras, is changing its privacy settings two weeks after a study showed the company shares customers’ personal information with Facebook, Google and other parties without users’ consent. The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements “where applicable.” The spokesperson declined to clarify what “where applicable” might mean. Ring will announce and start rolling out the opt-out feature soon, the spokesperson told CBS MoneyWatch. 

 

5 – IOTA cryptocurrency shuts down entire network after wallet hack

IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds. The attack happened this week, Wednesday, on February 12, 2020, according to a message the foundation posted on its official Twitter account. According to a status page detailing the incident, within 25 minutes of receiving reports that hackers were stealing funds from user wallets, the IOTA Foundation shut down “Coordinator,” a node in the IOTA network that puts the final seal of approval on any IOTA currency transactions.

 

6 – SMS Phishing Campaign Targets Mobile Bank App Users in North America

A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June and last month. Mobile security firm Lookout identified the “mobile-first” phishing campaign and said that victims were sent text messages claiming that their bank detected suspicious activity tied to their account. The SMS-based messages each included a link to one of over 200 phishing pages.

 

7 – Dominican Republic poll halted after electronic glitch

Municipal elections in the Dominican Republic were suspended four hours after voting began due to a problem with the electronic voting system. Half of the electronic devices used in the nationwide poll did not work properly causing virtual ballot papers not to load properly, the head of the electoral body said. Electoral officials are investigating the cause of the glitch. A new date for the election has not yet been set. It is the first time that municipal elections have been suspended.

 

8 – Austrian foreign ministry: ‘State actor’ hack on government IT systems is over

Austria’s foreign ministry has said a weeks-long cyber attack from a “state actor” against its systems has ended – amid local reports that pin the blame on a Russian hacking crew and its initial four-byte payload. The attack, which was announced to burghers of the state on a 4th January, was aimed at the ministry’s IT infrastructure, according to local reports. Foreign minister Alexander Schallenberg said the attack had been ended, adding: “We managed to clean up our IT systems.” He claimed that “no damage to the IT equipment could be detected”.

 

9 – Israeli soldiers duped by Hamas ‘fake women’ phone ruse

Dozens of Israeli soldiers have had their smartphones hacked by the Hamas militant group posing as women seeking attention, Israel’s military says. A spokesman said the soldiers were sent fake photos of young females and lured into downloading an app without knowing it could access their handsets. He said there was no “significant breach of information” before the scam was foiled. Hamas, which controls Gaza, and Israel view each other as mortal enemies. It is the third such attempt in recent years by Hamas to infiltrate Israeli soldiers’ phones, but was the most sophisticated yet, according to Lt Col Jonathan Conricus. “We see that they’re of course learning and upping their game,” he said.

 

10 – India’s use of facial recognition tech during protests causes stir

When artist Rachita Taneja heads out to protest in New Delhi, she covers her face with a pollution mask, a hoodie or a scarf to reduce the risk of being identified by police facial recognition software. Police in the Indian capital and the northern state of Uttar Pradesh – both hotbeds of dissent – have used the technology during protests that have raged since mid-December against a new citizenship law that critics say marginalises Muslims. Activists are worried about insufficient regulation around the new technology, amid what they say is a crackdown on dissent under Prime Minister Narendra Modi, whose Hindu nationalist agenda has gathered pace since his re-election in May.

 

11 – CISA: Cyberattack Resulted in Two-Day Shutdown of Natural Gas Pipeline

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a cyberattack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. A cyber threat actor used a Spearphishing Link [T1192] to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network. The threat actor then deployed commodity ransomware to Encrypt Data for Impact [T1486] on both networks. Specific assets experiencing a Loss of Availability [T826] on the OT network included human machine interfaces (HMIs), data historians, and polling servers. Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View [T829] for human operators. The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations.

Related Posts