AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/5/2020

1 – Magecart group jumps from Olympic ticket website to new wave of e-commerce shops

A Magecart group has expanded its operations by compromising not only an Olympic ticket reseller but also a number of other websites referencing a single malicious domain hosting the underlying skimmer code. Magecart is a term used to describe the use of skimmer code to compromise e-commerce payment platforms. Legitimate websites seemingly fine to trust — the British Airways portal and Ticketmaster being prime examples — have been infected with this form of malicious code in the past, leading to the theft of consumer payment card numbers. 


2 – WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr’s chief information security officer, admitted that NATO’s secretary-general had floated the idea of a military response to the software nasty. General Setzer said: “The secretary-general of NATO talked last year [about]… the WannaCry attack of 2017, [which] especially had consequences for hospitals in the UK, could also be a subject for the NATO.” The German army officer said this supported the idea that military thresholds for responding to hacking attacks should be deliberately vague, adding that just because someone hacks you doesn’t restrict you to only hacking them as a response.


3 – W-2 theft and other tax season scams to watch for in 2020

It’s tax time again in the US and that means that everyone from the IRS to your bank to your company IT department is going to be warning you about tax scams. These repeated reminders are necessary because people become less vigilant as they are rushing to meet tax-related deadlines.  Meanwhile, cybercrime is at an all-time high, with damages exceeding 1.5 trillion in 2018. One common belief about tax scams is that they only involve W-2 forms, but this type of crime is becoming less prevalent compared to other email fraud.  Massive data breaches in recent years have reduced the value of the W-2 form as a means to harvest personally identifiable information, though they are still used to file fake tax returns.  Increased awareness and security around W-2 theft have led to better reporting and tracking of stolen W-2s.  Cybercriminals are finding that other types of scams have higher returns on investment.   


4 – Hackers are hijacking smart building access systems to launch DDoS attacks 

Hackers are actively searching the internet and hijacking smart door/building access control systems, which they are using to launch DDoS attacks, according to firewall company SonicWall. The attacks are targeting Linear eMerge E3, a product of Nortek Security & Control (NSC). Linear eMerge E3 devices [1, 2, 3] fall in the hardware category of “access control systems.” They are installed in corporate headquarters, factories, or industrial parks. Their primary purpose is to control what doors and rooms employees and visitors can access based on their credentials (access codes) or smart cards.


5 – Ransomware knocks city of Racine offline

The city of Racine, Wis., was hit with a ransomware attack January 31 that knocked most of its non-emergency computer services offline. The Wisconsin-city’s website, email system and online payment collection systems were still down as of February 3 and the city police are unable to processes fee payments or provide copies of police and accident reports, reported the Journal Times and the Racine Police Department’s Facebook page. Unaffected are the tax collection, 911 and public safety systems. Racine’s information management department is working to correct the issue and bring its systems back online.


6 – Toll Group shuts IT systems after ‘cyber security incident’

Freight giant Toll Group has shut down “a number” of IT systems due to a “cyber security incident”, with customers reporting shipment tracking is down and drivers are reverting to manual receipts. Toll said in a brief statement on its website late Friday last week that “as a precautionary measure, Toll has made the decision to shut down a number of systems in response to a suspected cyber security incident.” “We are investigating the root cause to resolve the issue,” the company said. “We expect several Toll customer-facing applications to be impacted as a result. 


7 – Twitter admits ‘bad actors’ exploited phone number matching feature

Twitter has revealed that it has discovered and suspended accounts abusing a feature that allowed users to match phone numbers with usernames. By announcing the privacy issue, it’s also confirming the flaw discovered by security researcher Ibrahim Balic in December 2019. Balic found that Twitter’s Android app had a vulnerability that allowed him to match 17 million phone numbers with their respective accounts. While you can look up contacts using their phone numbers on the platform, Twitter says matching a massive amount of numbers with accounts goes “beyond [the feature’s] intended use case.”


8 – As Vault 7 trial begins, Joshua Schulte’s attorneys will argue he’s a whistleblower

Nearly three years after WikiLeaks began publishing secret CIA hacking tools, the legal team for the former agency employee who allegedly stole those files will try to convince a jury he did so in order to reveal the government’s methods for breaking into widely used consumer technology. Based on the evidence, it will shape up to be a difficult argument. And that’s before you consider the current environment, in which the U.S. justice system has taken a hard-line approach to those who go public with classified information. It’s also a fresh strategy for the defense. The U.S. has charged former CIA software engineer Joshua Schulte with transmitting files detailing the agency’s arsenal of hacking tools, but until now his lawyers have given no indication that he acted out of conscience. 


9 – Iowa caucus app Shadow apologizes after tech woes cause chaos, delay results

The app responsible for the chaos and delayed reporting of results in the Iowa caucuses apologized on Tuesday amid growing outrage. “We sincerely regret the delay in the reporting of the results of last night’s Iowa caucuses and the uncertainty it has caused to the candidates, their campaigns, and Democratic caucus-goers,” said Shadow, Inc. CEO Gerard Niemira in a statement posted online and on Twitter. “As the Iowa Democratic Party has confirmed, the underlying data and collection process via Shadow’s mobile caucus app was sound and accurate, but our process to transmit that caucus results data generated via the app to the IDP was not,” the statement continued. “Importantly, this issue did not affect the underlying caucus results data.” The company said it worked as fast as it could to resolve the problems overnight, while the Iowa Democratic Party (IDP) has worked to verify the results.


10 – House Republicans introduce resolution condemning UK’s decision to allow Huawei in 5G networks

A group of House Republicans on Monday introduced a resolution condemning the British government’s decision to allow Chinese telecommunications group Huawei limited involvement in its 5G networks despite pressure from the Trump administration to ban the company. The resolution, which “affirms that all Chinese companies, private and state-owned, are under the effective control of the Chinese Communist Party,” was introduced following the decision by the U.K.’s National Security Council to allow Huawei equipment in “periphery” 5G systems, but not core secure systems. The resolution strongly urges the U.K. to reconsider its decision.


11 – Philippines steps up security to shield power grid from foreign control

The Philippines is beefing up security protocols to protect its energy sector from foreign interference, its national security adviser said, following concerns raised by some of the country’s politicians about China’s access to the country’s power grid. China’s State Grid Corporation owns a 40% share in a consortium called the National Grid Corporation of the Philippines, which in 2008 won a 25-year-franchise. “Allegations that the National Grid can easily be controlled by foreign entities are being taken seriously by the government,” National Security Adviser Hermogenes Esperon said in a Feb. 2 statement on Monday. Esperon’s statement, which did not name any foreign entity in particular, comes as the Philippine senate started an investigation into China’s access to country’s power grid.


12 – Harvard cancels digital security talk led by spyware-linked lecturer

Harvard’s Shorenstein Center has called off an online harassment training for journalists after it was linked to a prominent spyware vendor. The event had been pitched as a way for female reporters to learn about contemporary cybersecurity threats, led by Juliette Kayyem and Nancy Gibbs, both prominent figures in the digital rights community on staff at Harvard’s Kennedy School of Government. But Sunday night, journalists who had signed up for the training got an abrupt and unexpected message. “Thank you for your interest in the planned February 6th webinar,” the message read. “Unfortunately, this event has been canceled.” The email didn’t give details on why the event had been canceled, but it had to do with an unexpected item on Kayyem’s resumé. She had served as a consultant for NSO Group, a prominent spyware vendor that has been linked to several hacks against journalists in countries like Saudi Arabia, Kazakhstan, and Bahrain.


13 – Have a first aid question? Don’t ask Siri.

If you’ve fallen and you can’t get up, your smart assistant is probably not the best way to ask for help. A new study from the University of Alberta, published Tuesday in the medical journal The BMJ, tested smart assistants Siri, Cortana, Alexa, and Google Assistant on their ability to respond helpfully to first aid questions. While Google Assistant and Amazon’s Alexa way outperformed Apple’s Siri and Microsoft’s Cortana, the results as a whole were underwhelming. The researchers asked all of the smart assistants 123 questions on 39 first aid topics such as heart attacks, poisoning, and nose bleeds. Google Assistant and Alexa recognized the topics over 90 percent of the time, and gave accurate and helpful responses in about half of those instances.  Meanwhile, Siri and Cortana’s responses were so poor that it “prohibited their analysis.”


14 – Google launches open-source security key project, OpenSK

Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and FIDO2. UAF handles biometric authentication, while U2F lets people authenticate themselves using hardware keys that you can plug into a USB port or tap on a reader. That works as an extra layer on top of your regular password.


15 – Ring’s latest update notifies if your local police department can request to access video

After multiple reports of security concerns, users of the home security camera system, Ring, can now update their settings to improve their privacy. The new updates come in response to hackers gaining access to Ring security cameras, a data breach that exposed information such as login names and passwords, as well as sharing videos with hundreds of police forces according to the company. The Amazon-owned company now provides a new in-app privacy dashboard called the Control Center. This new section will let users manage their connected devices, third-party services, and decide whether local police partnered with Ring can make requests to access video from the Ring cameras on the account.


16 – Google cuts Chrome ‘patch gap’ in half, from 33 to 15 days

Google security engineers said last week they have successfully cut down the “patch gap” in Google Chrome from 33 days to only 15 days. The term “patch gap” refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library. In today’s software landscape where many apps rely on open source components, the “patch gap” is considered a major security risk. The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openness of most open source projects.

Related Posts