AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/28/2020

1 – Clearview AI’s entire client list stolen in data breach

Clearview AI, a facial-recognition software maker that has sparked privacy concerns, said Wednesday it suffered a data breach. The data stolen included its entire list of customers, the number of searches those customers have made and how many accounts each customer had set up. “Security is Clearview’s top priority,” Tor Ekeland, Clearview AI’s attorney, said in a statement. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.” The company didn’t specify the flaw. 


2 – Facebook confirms ban on misleading coronavirus ads

Facebook is banning ads that promise to cure, prevent, or otherwise incite panic around COVID-19, the disease caused by the new coronavirus, the company has confirmed in a statement first given to Business Insider. The company added that it has similar policies for its Marketplace platform where Facebook users can buy and sell items. In a statement subsequently given to The Verge, Facebook said it is working to support the World Health Organization’s efforts, “including taking steps to stop ads for products that refer to the coronavirus and create a sense of urgency, like implying a limited supply, or guaranteeing a cure or prevention. For example, ads with claims like face masks are 100% guaranteed to prevent the spread of the virus will not be allowed.”


3 – Firefox for Mac and Linux to get a new security sandbox system

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app’s native code. This process is called “sandboxing,” and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app’s internal components — namely its third-party libraries — from the app’s core engine.


4 – Multiple WordPress Plugin Vulnerabilities Actively Being Attacked

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on. What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on. Researchers estimate that there are hundreds of thousands of WordPress website currently at risk of exploitation because admins have not updated the three plugins.


5 – Australian banks targeted by DDoS extortionists

Banks and other organizations from the Australian financial sector have been the targets of an extensive extortion campaign over the past week. A threat group has been emailing victims with threats to carry out distributed denial of service (DDoS) attacks unless the organizations pay hefty ransom fees in the Monero (XMR) cryptocurrency. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has sent out a security threat advice today about this ongoing campaign. The ACSC said that based on current evidence, the attackers have not followed through on any of their threats, and no DDoS attacks have been observed.


6 – EFF Files Comments Criticizing Proposed CCPA Regulations

Today, EFF joined a coalition of privacy advocates in filing comments with the California Attorney General regarding its ongoing rulemaking process for the California Consumer Privacy Act (CCPA). The CCPA was passed in 2018, and took effect on January 1, 2020. Later this year, the Attorney General (AG) will finalize regulations that dictate how exactly the law will be enforced. Last time we weighed in, we called the AG’s initial proposed regulations a “good step forward” but encouraged them to go further. Now, we are disappointed that the latest proposed regulations are, compared to the AG’s initial proposal, largely a step backwards for privacy. To start, the modified regulations improperly reduce the scope of the CCPA by trying to carve out certain identifiers (such as IP addresses) from the definition of “personal information.” This classifies potentially sensitive information as outside the law’s reach—and denies Californians the right to access, delete, or opt out of the sale of that information.


7 – Brave browser now automatically points to Wayback Machine on 404

The Brave web browser can now automatically detect when a webpage is unavailable and will offer to search the Wayback Machine for a backup, the Internet Archive has announced. Although the 404 error code is the most well known, the announcement notes that the feature also works for 408, 410, 451, 500, 502, 503, 504, 509, 520, 521, 523, 524, 525, and 526 errors. If you visit a missing page (such as this one) using Brave then the browser will generate a notification that reads “Sorry, that page is missing. Do you want to check if a saved version is available on the Wayback Machine?” Clicking the prompt takes you to an archived version of the page, where you can then scroll through different snapshots of the page taken over time. It makes it easier to find information that’s disappeared from the internet, regardless of whether it’s been deliberately removed or has just disappeared by accident.


8 – Chrome 80 update cripples top cybercrime marketplace

A small change in the Google Chrome 80 browser has had a devastating effect on one of today’s top cybercrime marketplaces. According to new research shared with ZDNet this week by threat intelligence firm KELA, the Genesis Store is currently going through a rough patch, seeing a 35% drop in the number of hacked credentials sold on the site. KELA says Genesis administrators are scrambling to fix their inventory deficit and feed the store with new credentials before customers notice a drop in new and fresh listings. If they don’t address the issues caused by the new Chrome 80 update, the store’s entire future hangs in the balance.


9 – Six suspected drug dealers went free after police lost evidence in ransomware attack

US prosecutors were forced to drop 11 narcotics cases against six suspected drug dealers after crucial case files were lost in a ransomware infection at a Florida police department. The evidence in the 11 cases could not be recovered following a ransomware attack that hit the Stuart police department in April 2019. While Stuart police recovered some data from backups, some files could not be recovered. Lost files included photo and video evidence, Detective Sergeant Mike Gerwan with the Stuart Police Department told WPTV in an interview last week.


10 – Taking a GPS tracker off your car isn’t ‘theft,’ court rules

A suspected meth dealer is off the hook for at least one of the charges he’s facing: that he “stole” the GPS device that police stuck on his car to track his movements. That’s what the supreme court in the US state of Indiana ruled last week. On Thursday, Chief Justice Loretta Rush handed down an opinion with which four justices concurred: that affidavits accompanying warrants had failed to establish probable cause that the suspect – Derek Heuring – had stolen the tracking device placed on his SUV by police who suspected he was dealing methamphetamine. The tracker had been streaming out Heuring’s location data for six days. Then, it abruptly stopped. For 10 days, police couldn’t track their target’s movements. A technician with the GPS manufacturer said that the “satellite was not reading,” which may have been caused by the device having been unplugged and plugged back in.


11 – FCC now collecting data on Huawei use in US networks

The US Federal Communications Commission is now collecting data from US carriers that are using network gear from Huawei and ZTE. This follows the FCC’s decision in November of last year to bar the use of its $8.5 billion a year Universal Service Fund for purchasing equipment and services from the Chinese companies. Because the FCC is proposing that carriers receiving those funds rip out and replace their Huawei and ZTE equipment, the commission said Wednesday that it’ll collect data to help it reimburse smaller and rural carriers for those costs. “Huawei and ZTE have been initially designated as threats to national security,” FCC Chairman Ajit Pai said in an emailed statement. “We are moving forward quickly to identify where equipment and services from these suppliers are embedded in our communications networks and, where they do have a foothold, to be in a position to help remove them.”


12 – Accused Chinese hackers abandon techniques after U.S. indictments

U.S. indictments against individual Chinese soldiers accused of hacking various American targets have deterred those military personnel from conducting the same kinds of hacks again, according to the co-founder of a firm known for investigating nation-state activity. Digital infrastructure associated with alleged hackers charged in 2014, 2017 and 2018 essentially evaporated when charges in each case were made public, said Dmitri Alperovitch, who co-founded CrowdStrike, during a keynote speech Wednesday during the RSA security conference in San Francisco. Each of the groups — known as APT1, APT3, or Buyosec, and APT10, respectively — has been associated with Chinese intelligence services or the People’s Liberation Army.

Related Posts