Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/24/2020

1 – Safari to snub new security certs valid for more than 13 months

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.

That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple’s browser. The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected. Older certs, issued prior to the deadline, are unaffected by this rule.

 

2 – Cyber-Flashing on UK Trains Doubles

British Transport Police have reported an alarming increase in the number of women being sent sexually explicit images by strangers while traveling via train. In 2018, 34 cases of cyber-flashing offenses were reported to British Transport Police. In 2019, the number of recorded cases rose to 66, almost doubling over a one-year period.  Cyber-flashing occurs when a sexual predator sends an unsolicited pornographic image or video to a stranger via the iPhone file-sharing function AirDrop. Police fear the actual figures could be vastly higher as most incidents of cyber-flashing go unreported. Reasons for this could include the fear and/or embarrassment experienced by the victim, the difficulty in identifying the offender who sent the image, and a lack of serious consequences for offenders who are caught cyber-flashing. AirDrop allows files to be sent anonymously, allowing offenders to harass women with impunity. All that victims receive is a preview of the image and the name of the phone being used to commit the crime. 

 

3 – Barr threatens tech’s prized legal shield

Attorney General William Barr is threatening the legal shield that prevents internet companies such as Facebook and Google from facing lawsuits over the extreme, exploitative and sometimes violent posts that circulate on their powerful platforms. At a Department of Justice (DOJ) workshop devoted to the issue Wednesday, Barr warned that the largest technology firms have hidden behind the 1996 statute to avoid responsibility for “selling illegal and faulty products, connecting terrorists [and] facilitating child sexual exploitation.”  Barr’s comments bolstered the DOJ’s escalating battle against Big Tech.

 

4 – DOD DISA discloses data breach

The Defense Information Systems Agency (DISA), a Department of Defense (DOD) agency tasked with providing secure telecommunications and IT support for the White House, US diplomats, and military troops, has disclosed a data breach. According to breach notification letters sent to DISA employees last week, the security incident took place between May and July 2019, when a DISA system “may have been compromised.” DISA says that employee personal information, including social security numbers, was exposed during this timeframe, but did not say how many were impacted.

 

5 – Croatia’s largest petrol station chain impacted by cyber-attack

A security incident described as “a cyber-attack” has crippled some business operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain. The attack took place last Friday, on February 14, at 22:00, local time, the company said. Multiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted some of the company’s backend servers. The incident did not impact the company’s ability to provide petrol fuel to its customers, nor its ability to handle payments.

 

6 – The first information security ecosystem built by Vietnamese

Viettel Cyber Security Company, a member Viettel Group, launched a Managed Security Operation Center (SOC) service on a global scale capable of detecting, analyzing, responding, preventing and investigating traceability of information security incidents and ensuring security for IT systems. In Vietnam, VCS is the first information security company in Vietnam to have a complete security ecosystem researched and developed by Viettel’s security experts. The strong investment in cyber security follows Viettel Group’s strategy of moving from a telco to a digital services provider focusing on creating a digital society in Vietnam.

 

7 – Port San Antonio’s new toy: A real-time cyber security threat simulator

The latest museum exhibit at the San Antonio Museum of Science and Technology is a new cybersecurity operations center (SOC), which provides students of all ages an opportunity to go through a simulation of a cyber threat.  “What we’re doing here is showing the public what threats are to the networks, what the reactions are, the effects of hacking into the networks can cause on daily life,” David Monroe, the museums founder said. These threats go across the globe and can cause problems in your bank accounts, your electric power, or even your refrigerator.

 

8 – Drug dealer loses codes for €53.6m bitcoin accounts

A drug dealer who amassed a €55 million fortune in the cryptocurrency bitcoin has lost the codes to access the accounts after hiding them with his fishing rod, which has now gone missing. The Criminal Assets Bureau (Cab) has confiscated the 12 online accounts, or wallets, containing 6,000 bitcoin. However, The Irish Times has learned the accounts cannot be accessed because the codes are missing. It means the €53.6 million monetary value of the bitcoin inside them, which is the biggest case in the Cab’s 25-year history, is out of the bureau’s reach. Garda officers said they were hopeful advances in technology would one day enable them to access the bitcoin so it could be sold. Clifton Collins (49), originally from Crumlin, Dublin, bought most of the bitcoin in late 2011 and early 2012 using cash he made growing crops of cannabis.

 

9 – Chess champion Garry Kasparov who was replaced by AI says most US jobs are next

Garry Kasparov dominated chess until he was beaten by an IBM supercomputer called Deep Blue in 1997. The event made “man loses to computer” headlines the world over. Kasparov recently returned to the ballroom of the New York hotel where he was defeated for a debate with AI experts. Wired’s Will Knight was there for a revealing interview with perhaps the greatest human chess player the world has ever known. ”I was the first knowledge worker whose job was threatened by a machine,” says Kasparov, something he foresees coming for us all. ”Every technology destroys jobs before creating jobs. When you look at the statistics, only 4 percent of jobs in the US require human creativity. That means 96 percent of jobs, I call them zombie jobs. They’re dead, they just don’t know it. For several decades we have been training people to act like computers, and now we are complaining that these jobs are in danger. Of course they are.”

 

10 – MGM Sued Over Its Massive Data Breach

Resorts and casino behemoth MGM International (NYSE:MGM) is being sued over a data breach that occurred last summer, according to Reuters. Law firm Morgan & Morgan filed the lawsuit Friday at the U.S. District Court for the District of Nevada. Reuters indicated that the complaint will be spearheaded by attorney John Yanchunis, who leads Morgan & Morgan’s class action practice and has been associated with several high-profile lawsuits targeting data breaches at companies including Yahoo! and Equifax. The lawsuit represents a potential liability that may take a few years to resolve, and it may also put some limited near-term pressure on shares. 

Related Posts