AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/4/2020

1 – $20,000 up for grabs in Xbox Live security hole hunt

Microsoft is inviting gamers, security researchers, and technologists to pit their wits against the Xbox network in the search for security vulnerabilities. With a newly-announced bug bounty, Microsoft is inviting bug hunters to responsibly disclose bugs and flaws that could potentially be exploited by criminals. The company’s hope is clearly that by strengthening the Xbox Live network it will improve the experience for the more than 60 million gamers on the platform, and reduce downtime. In order to be in the running to receive cash rewards from $500 to $20,000 for a successful proof-of-concept of remote code execution, bug hunters will need to identify a previously unreported vulnerability in the latest, fully-patched version of Xbox Live network and services. Furthermore, they are recommended to provide, “clear, concise, and reproducible steps, either in writing or in video format.”


2 – Breach at Indian airline SpiceJet affects 1.2 million passengers

SpiceJet, one of India’s largest privately owned airlines, suffered a data breach involving the details of more than a million of its passengers, a security researcher told TechCrunch. The security researcher, who described their actions as “ethical hacking” but whom we are not naming as they likely fell afoul of U.S. computer hacking laws, gained access to one of SpiceJet’s systems by brute-forcing the system’s easily guessable password. An unencrypted database backup file on that system contained private information of more than 1.2 million passengers of the budget-carrier last month, TechCrunch has learned. Each record included details such as name of the passenger, their phone number, email address and their date of birth, the researcher told TechCrunch. Some of these passengers were state officials, they said.


3 – How an Army vet became the ‘Cyber Rambo’ in an alleged Bolivian coup

Accusations of voter fraud rose and protests erupted in Bolivia late last year, leading to the resignation of President Evo Morales. Some news outlets and social media sites were calling it a coup d’état. But, nearly 4,000 miles away, that’s not how U.S. Army veteran Luis Suarez saw it. “It was not a fair fight,” Suarez, a Bolivian native, now U.S. citizen, told Army Times. What the 38-year-old former Army sergeant did next landed him in the center of an online storm accusing him of being a traitor, “Cyber Rambo” and, in some conspiracy theories, an agent of the Army’s Cyber Command trying to topple foreign governments. Suarez saw claims of a coup by Morales supporters as their own form of misinformation, so he wrote a 25-line code algorithm that would retweet anti-Morales posts. It was, he said, something that “any programming student could have done.” It worked.


4 – LifeLabs data breach update

New evidence shows 4.7 million people in B.C. may have had their privacy breached following a hack at LifeLabs. The Office of the Information and Privacy Commissioner for B.C. confirmed to CTV News on Friday that “up to five million” British Columbians might be affected. That’s almost all of the people who live in the province. Statistics Canada data from last year indicates there are only 5.071 million residents in B.C. According to the company’s website, one million-plus people use its services, mostly in B.C. and Ontario. A class-action lawsuit has been launched on behalf of potential victims, alleging inadequate security and a delay in informing clients about the hack.


5 – 2020’s first election security test: Iowa

The Iowa caucuses on Monday night are practically as low-tech as elections come, involving the least-hackable voting process imaginable: People gathering in rooms and writing their choice on paper. But the first contest of the 2020 presidential race still represents a high-profile test of whether election officials, political parties and security experts are ready for another wave of cyberattacks, after Russian hackers revealed dangerous weaknesses in 2016. And despite assurances from both the Democratic and Republican parties that they’ve taken extensive steps to prepare, experts say attackers have plenty of opportunities to disrupt the democratic process. Their concern: While caucus-goers may make their preferences known with paper, those tallies will then move through a series of electronic hand-offs, from the apps on precinct volunteers’ smartphones to the computers and websites that report the results.


6 – Financial tech firms disagree on ban of customer data screen-scraping

For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing transactions in your bank account, using the information to power its analysis……putting your privacy, passcode and other security information in danger of getting lost along the way. Because of those potential dangers to people’s privacy and data, many in fintech are urging the Australian government to follow in the footsteps of the European Union (EU) and to ban screen-scraping.


7 – US upping pressure on Switzerland to drop Huawei technology

US authorities have contacted the Swiss foreign ministry several times in recent weeks to raise concerns about the security risks of using Huawei technology. According to the SonntagsZeitung newspaper, the US embassy in Bern has confirmed that several conversations have recently taken place about 5G, Huawei, and the risk of espionage. US authorities say Huawei is legally bound to hand over information to Chinese authorities, and that communications in various other countries – including Switzerland – are thus at risk. “Allowing the use of Chinese telecommunications technology in the [Swiss] 5G network will lead to an unacceptable risk to national security, critical infrastructure, the private sphere, and human rights,” the US embassy was quoted as saying.


8 – California man who hacked into Nintendo servers to steal video games and other proprietary information pleads guilty

According to records filed in the case, in 2016, while still a minor, HERNANDEZ and an associate used a phishing technique to steal credentials of a Nintendo employee, which were exploited to gain access to and download confidential Nintendo files related to its consoles and games.  That stolen information, including pre-release information about the anticipated Nintendo Switch console, was leaked to the public.  In October 2017, following an investigation into the hack, FBI agents contacted HERNANDEZ and his parents at their California residence.  HERNANDEZ promised to stop any further malicious activity and confirmed that he understood the consequences of any future hacking.


9 – A Russian satellite seems to be tailing a US spy satellite in Earth orbit

A Russian satellite has positioned itself uncomfortably close to an American spy satellite in orbit around Earth, leading space trackers to speculate that the foreign vehicle is doing some spying of its own. The Russian spacecraft is meant to inspect other satellites, and experts in the space community believe it may now be keeping a watchful eye on the secretive US vehicle. But the motivation behind this in-space stalking is still unknown. All January, amateur satellite trackers have been keeping tabs on the weird behavior of this Russian probe, known as Kosmos 2542. Launched in November of last year, Kosmos 2542 has been orbiting in the same plane as a satellite operated by the National Reconnaissance Office called USA 245, which has been in space since 2013.


10 – Ransomware hits TV & radio news monitoring service TVEyes

A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe. TVEyes CEO David Ives told ZDNet the ransomware attack took place after midnight on Thursday, January 30. The ransomware hit core server & engineering workstations inside TVEyes’ network, primarily in the US, but also some systems located abroad. Ives told ZDNet they have not yet identified the ransomware strain that infected the company’s network, but they have already began recovery efforts.


Related Posts