AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/21/2020

1 – MGM hack exposes personal data of 10.6 million guests

The personal information of 10.6 million guests who stayed at MGM Resorts hotels was hacked last summer. The hack was first reported by ZDNet on Wednesday, which said the stolen information was posted to a hacking forum this week. MGM confirmed the attack took place to the BBC. The data exposed included names, address, and passport numbers for former guests. MGM said it was “confident” no financial information had been exposed. The resort chain said it was unable to say exactly how many people were impacted because information that was exposed might be duplicated.


2 – US urges EU to use 5G by Ericsson, Nokia, Samsung, seen on par with Huawei

EU countries have no reason to use 5G mobile technology from Huawei because Sweden’s Ericsson, Finland’s Nokia and South Korea’s Samsung are on par with the Chinese group in the field, a senior US diplomat said. Robert Strayer, deputy assistant secretary for cyber, international communications and information policy at the US State Department, said on a visit to Lisbon it was “necessary to demystify” the notion that Huawei is more advanced in 5G. Washington wants its allies to ban Huawei, the world’s largest producer of telecoms equipment, arguing the use of its kit creates the potential for espionage by China – a claim denied by Huawei and Beijing.


3 – Hackers Were Inside Citrix for Five Months

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.


4 – Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies. According to the alert issued in collaboration with the Swiss Government Computer Emergency Response Team (GovCERT), the attackers have asked for ransoms ranging from thousands of Swiss Francs to millions — 1 million CHF is just over $1 million. Over a dozen of such ransomware attacks that resulted in systems being encrypted and rendered unusable have been reported in recent weeks.


5 – Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep

Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks, putting patients and staff at additional risk from cyber attacks. This is especially concerning when healthcare is already such a popular target for hacking campaigns. BlueKeep is a vulnerability in Microsoft’s Remote Desktop Protocol (RDP) service which was discovered last year, and impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008. Microsoft issued a patch for BlueKeep after it came to light in May 2019, and security authorities including the US National Security Agency (NSA) and the UK’s National Cyber Security Centre (NCSC) issued urgent warnings about patching vulnerable systems.


6 – Internet service providers sue Maine over privacy law

Four national associations that represent internet service providers have sued Maine officials over a law that requires companies to get opt-in consent from customers before sharing or using their personal data. The law, which passed last year and is set to take effect in July, is among the strictest consumer privacy protections in the country. It was modeled on a Federal Communications Commission rule that was adopted under President Barack Obama but overturned by President Trump’s administration  in 2017. A 32-page complaint, filed Friday in U.S. District Court in Portland, says Maine’s law violates First Amendment protections by, among other things, restricting ISPs from advertising or marketing services to customers or from offering discounts or rewards in loyalty programs.


7 – Former Amazon Exec Says He Shuts Down Alexa for “Private Moments”

Former Amazon executive Robert Frederick revealed in a recent interview that despite using Alexa speakers at home, he typically shuts them down whenever he wants to have “a private moment.” “I don’t want certain conversations to be heard by humans. Conversations that I know for a fact are not things that should be shared then I turn off those particular listening devices,” the told the BBC for a Panorama special called “Amazon: What they know about us.” Smart speakers have previously come under fire for being used by parent companies to listen to user conversations at random times. 


8 – The messy, secretive reality behind OpenAI’s bid to save the world

Every year, OpenAI’s employees vote on when they believe artificial general intelligence, or AGI, will finally arrive. It’s mostly seen as a fun way to bond, and their estimates differ widely. But in a field that still debates whether human-like autonomous systems are even possible, half the lab bets it is likely to happen within 15 years. In the four short years of its existence, OpenAI has become one of the leading AI research labs in the world. It has made a name for itself producing consistently headline-grabbing research, alongside other AI heavyweights like Alphabet’s DeepMind. It is also a darling in Silicon Valley, counting Elon Musk and legendary investor Sam Altman among its founders.


9 – AI filter launched to block Twitter cyberflashing

It seems strange to report, yet a small but determined group of Twitter users think it is a good idea to direct message (DM) pictures of male genitals to complete strangers. Does this sound a bit like street flashing harassment in digital form? It did to developer Kelsey Bressler after she received such an unsolicited image as a DM via Twitter last August. She later told the BBC: You’re not giving them a chance to consent, you are forcing the image on them, and that is never okay. Instead of shrugging it off, she and a friend had the idea of using AI pattern recognition to screen the pictures out before they were seen. But that AI still needed a set of – ahem – images to train itself on, which Bressler requested via Twitter.


10 – Facebook ‘deeply concerned’ about Singapore directive to block access

Facebook has called out the Singapore government for its use of the country’s Protection from Online Falsehoods and Manipulation Act (POFMA) to block access to a page on the social networking platform. The move goes against an earlier pledge that the legislation would not be used to censor voices, says the US internet giant. Singapore’s Ministry of Communications and Information (MCI) on Monday instructed Facebook to block access to the States Times Review (STR) page after the latter repeatedly refused to comply with previous directives issued under POFMA. The “disabling” order, outlined under Section 34 of the Act, requires Facebook to disable access for local users. 


11 – A new cyber group to help Marines – and they don’t have purple hair

A new pool of subject matter experts of who can be called in to help on cyber or IT issues for the Marine Corps has begun its work, including for a project on defensive cyber operations and another to improve automated tasks on networks. Officials told Fifth Domain the members of the Marine Corps Cyber Auxiliary aren’t hackers with tattoos and purple hair, as was thought, when the program was activated in May. Instead, they are industry, academic, technical and project management experts. “It is a pool of highly qualified individuals who want to help the Marine Corps and increase their effectiveness and readiness in the cyberspace domain,” Maj. Stephen Magee, the auxiliary’s program manager within the Deputy Commandant for Information, told Fifth Domain in an interview. He added the program is entirely voluntary.


12 – India cracks down on use of VPNs in Kashmir to get around social media ban

Authorities in Indian Kashmir are cracking down on virtual private network (VPN) apps used to circumvent a months-long ban on social media, police said, as part of a broader effort to quell unrest over the withdrawal of the region’s autonomy. Social networks such as Facebook (FB.O), WhatsApp and Instagram are still blocked, even after the government restored limited mobile data service and the internet in Kashmir, so residents use VPNs or proxy servers to bypass the restrictions. Police said many VPN users were trying to stir trouble in Kashmir and were liable to face action. “We have identified 100 social media users and are in the process of identifying more users for misuse of social media, for disseminating fake and false secessionist, anti-India propaganda,” said Kashmir cyber police chief Tahir Ashraf.


13 – Israeli court orders Facebook to unblock account of NSO Group employee

A Tel Aviv court ordered Facebook Inc to unblock the private account of a worker at Israeli surveillance company NSO Group, and similar rulings are expected for other employees in the coming days, an NSO spokeswoman said on Tuesday. A group of NSO employees filed a suit against Facebook in November, saying the social media group had unfairly blocked their private accounts when it sued NSO in October. Facebook-owned messaging service WhatsApp accused the Israeli firm of helping government spies break into the phones of about 1,400 users in a hacking spree targeting diplomats, political dissidents, journalists and senior government officials across the world.


14 – Brexit pushes Google to move UK user data away from Europe to the US

Google has confirmed that it plans to move data pertaining to its UK users out of Europe, and will instead store user accounts in the US. The move comes as a result of the UK’s departure from the European Union, and it is a side effect of Brexit that few would have predicted. Reuters reports that Google will be placing UK user accounts under US jurisdiction, adding that it “will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement”. Google — like numerous other tech companies — has its European headquarters in Ireland, which is an EU member. 


15 – Hacker group targeted law firms, released veterans’ stolen data related to PTSD claims

Hackers have gained access to sensitive data from at least five law firms in the past four months, releasing stolen data that includes pain diary entries from veterans’ personal injury cases, Emsisoft, a cybersecurity and anti-malware company, told Military Times. Maze, a hacking and ransomware group, has breached several law firms, local government databases and other companies, demanding payments for data recovery and deletion. The posted information includes VA documents, patient care records, legal fee agreements and privacy consent forms. Two of those hacks targeted Texas-based law firm Baker Wotring in November and Woods and Woods LLC in Evansville, Indiana, this month, the Evansville Courier & Press reported.


16 – Why Rudy Giuliani’s Twitter typos are a security fail

Sometimes, typing the wrong letter for a website address means sending visitors to a 404 page. When you’re Rudy Giuliani, it means potentially sending hundreds of thousands of followers straight to a virus. Hackers have been taking advantage of typos in tweets by the former New York City mayor, buying the mistyped domain names and redirecting visitors to a fake page designed to spread malware rather than to the original page that Giuliani had meant to type. Jerome Segura, a director of threat intelligence at cybersecurity company Malwarebytes, discovered a tweet sent Sunday with a blatant typo that led to a website prompting visitors to download a Google Chrome extension, which would read people’s browsing history and change their default search engine. 


17 – Facebook’s proposed regulations are just things it’s already doing

Over the weekend, a familiar debate broke out over a Facebook policy decision. The company announced that ads made by influencers, on behalf of politicians, would be allowed on the platform so long as they were labeled as ads. The company will not, however, put those ads in its Ads Library, where they can be reviewed by the public. It’s not clear that anyone will review those ads outside of Facebook, as the Federal Elections Commission, which regulates political advertising, currently has no policy on influencer marketing. The influencer posts can be fact-checked, unless they contain the speech of a politician, in which case they cannot.



Related Posts