AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/20/2020

1 – Estonian foreign intelligence warns of growing cyber threats from Russia

Russia will continue to engage in cyber operations to threaten Western nations, with sanctions so far proving ineffective. The warning comes from the Estonian Foreign Intelligence Service (EFIS), which in its 2020 annual threat assessment report states that Russian cyber operations have been successful so far and will continue to look for new security vulnerabilities to exploit in coming months. “In 2019, Russian cyber operations were revealed that have been going on undiscovered for years, and there are likely to be more,” the EFIS wrote in its report [pdf]. “In addition to their continuity, Russia’s cyber operations are characterised by the tendency to exploit situations as they arise – as security vulnerabilities become public, the Russians are eager to exploit these immediately against their existing targets.”


2 – Tennessee Man Arrested For Engaging In Multi-Year Cyberstalking And Computer Hacking Campaign

U.S. Attorney Geoffrey S. Berman said:  “As alleged, Tristan Rowe terrorized a victim from hundreds of miles away by ‘swatting’ – having police respond to a purported emergency at the victim’s residence.  Rowe also allegedly sent disturbing text messages to the victim, threatening to buy an assault rifle, to kill the victim, and to bomb the victim’s school.  Thanks to the NYPD, Rowe is now in custody and facing serious criminal charges.” 


3 – Cities are fleeing payment platform Click2Gov after data-breach resurgence

Over 2017 and 2018, dozens of small and midsize cities across the United States had to tell their residents that their personal data had potentially been included in data breaches linked to Click2Gov, a popular platform that many local governments use to process online payments for things like utilities, parking tickets and other fees that cities collect. Cities that were breached scrambled to shut down their online payments systems and mitigate the situation, while hundreds or thousands of residents received notices that their names and credit card information had been exposed to potentially malign actors. Click2Gov’s publisher, then known as Superion, said in July 2018 the breaches could be attributed to vulnerabilities in Oracle’s WebLogic application server, which the breached cities had used to run Click2Gov.


4 – Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

Penetration testers looking at commercial shipping and oil rigs discovered a litany of security blunders and vulnerabilities – including one set that would have let them take full control of a rig at sea. Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says, reckoned that on the whole, not many maritime companies understand the importance of good infosec practices at sea. The most eye-catching finding from PTP’s year of maritime pentesting was that its researchers could have gained a “full compromise” of a deep sea drilling rig, as used for oil exploration.


5 – Driver Stranded After ‘Smart’ Rental Car Can’t Phone Home

Last weekend, Guardian journalist Kari Paul took a trip to rural California for a story she was working on. To get there, she rented a car through a local car-sharing service called GIG Car Share, which rents a fleet of electric Chevrolet Bolt EVs and hybrid Toyota Priuses to Bay Area residents. But Paul, who was headed to a rural area roughly three hours north of Oakland didn’t have much fun on her trip. In part because the car she rented effectively became useless after the car’s computer system lost cell signal. Without a tendril to the mothership, the rental car simply refused to start, leaving Paul stranded.


6 – Microsoft has a subdomain hijacking problem

A security researcher has pointed out today that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content. The issue has been brought up today by Michel Gaschet, a security researcher and a developer for NIC.gp. In an interview with ZDNet, Gaschet said that during the past three years, he’s been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.


7 – Chinese hackers have breached online betting and gambling sites

Since the summer of 2019, a group of professional Chinese hackers has been targeting and hacking into companies that run online gambling and online betting websites. According to reports published this week by cyber-security firms Talent-Jump and Trend Micro, hacks have been officially confirmed at gambling companies located in Southeast Asia, while unconfirmed rumors of additional hacks have also come from Europe and the Middle East. Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated.


8 – Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

2019 will be remembered as the year when major security bugs were disclosed in a large number of enterprise VPN servers, such as those sold by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix. A new report published today reveals that Iran’s government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world. According to a report from cyber-security firm ClearSky, Iranian hackers have targeted companies “from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors.”


9 – Huawei cyber security chief says no operator gives it access to intercept equipment

Huawei’s cyber security chief said on Friday that he was not aware of any mobile operator ever having given the Chinese company access to the equipment used to intercept calls when required to do so by security services. United States officials told the Wall Street Journal this week that Huawei could covertly access communications using the equipment that networks were legally obliged to install to allow access by law enforcement services. Huawei rejected the allegation.“We have no access to this equipment, we don’t know what call or information is being intercepted, we don’t know when it is intercepted – all we do is provide one side of the box which is blind to what’s happening on the other side of the box,” John Suffolk told reporters.


10 – UK police deny responsibility for poster urging parents to report kids for using Kali Linux

The UK’s National Crime Agency (NCA) has publicly said it has nothing to do with a misleading poster designed to put fear into the hearts of parents and urge them to call the police if their children are using Kali Linux. The poster, made public by Twitter user @G_IW, has reportedly been distributed by local authorities on behalf of the West Midlands Regional Organised Crime Unit (WMROCU). It appears the creators of the poster are aiming to inform parents of what dubious software to look out for if they suspect their children are up to no good on the computer. While a good and reasonable intention, the disinformation on the poster, as described by @G_IW, is “staggering.”


Related Posts