AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/19/2020

1 – Brave accuses Google of using ‘hopelessly vague’ privacy policies that breach GDPR

Google has been accused of breaching one of the General Data Protection Regulation’s (GDPR) principles surrounding consent that requires companies to provide a specific purpose for collecting and processing user personal data.  In a complaint [PDF] filed to the Irish Data Protection Commission (DPC), Chromium-based browser Brave alleges that Google’s privacy policy infringes the GDPR “purpose limitation” principle as it “does not transparently and explicitly specify the purposes for which the data is collected and processed”.  The GDPR’s purpose limitation principle requires organisations to only collect and process personal data for a narrow purpose that must be explicitly expressed to consumers.


2 – Verily’s COVID-19 screening site goes live, is already over capacity

Google, its sister company Verily, and the US government are teaming up to create two separate information and screening websites for COVID-19. The websites were clumsily announced over the weekend by President Donald Trump and Google public relations, and today the first website, a Verily-developed site for the Bay Area, has gone live. The announcement of the site was very disorganized and confusing. Normally we would expect Google and the government to have a simultaneous announcement for a project like this, but Google PR seemed to be caught by surprise by Trump’s Rose Garden press conference and took two hours to respond to the news on Twitter. When Google did respond to the president’s announcement, it disputed the description of a “nationwide” site, saying the site was in the “early stages of development” and that the site would roll out in the Bay Area for testing. A day later, Google communications took a second swing at making a statement, indicating that, actually, two sites were being made by the Alphabet family, one nationwide and one for the Bay Area.


3 – Data centres are warm and designed to move air very efficiently. Are they safe to visit during the pandemic?

Data centres are warm places full of fans designed to efficiently circulate air. Commercial data centres are visited by many people every day. Some of those people could be COVID-19 carriers. The virus doesn’t mind warmth and can be spread by airborne droplets that may well have a better chance of floating free in a well-ventilated bit barn. So if you need to enter your own data centre, or visit a big shared one during the COVID-19 coronavirus pandemic, what should you do to emerge unscathed? Long story short, take simple precautions and you should be as fine as anyone can be.


4 – New Nefilim Ransomware Threatens to Release Victims’ Data

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data. Nefilim became active at the end of February 2020 and while it not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services. Head of SentinelLabs Vitali Krimez and ID Ransomware’s Michael Gillespie both told BleepingComputer that Nefilim and Nemty 2.5 share much of the same code. The main difference is that Nefilim has removed the Ransomware-as-a-Service (RaaS) component and now relies on email communications for payments rather than a Tor payment site.


5 – WhatsApp debuts coronavirus fact-checking hub

WhatsApp can be more than a messaging app — in Europe, India and other parts of the world, it’s a social network in its own right. To help avoid the spread of misinformation about the coronavirus pandemic, the company — which is owned by Facebook — created an information hub that provides advice on how users can look after friends and family, stay cognizant of the latest developments and share verified information. The website was launched in partnership with the World Health Organization, UNICEF and UNDP, and is meant to help in more than just a social context — healthcare providers, educators, local governments and businesses can learn how to best connect with one another while social distancing is advised.


6 – Britain’s mobile networks hit with outages as millions work from home

Britain’s mobile networks have faced outages today as millions of workers across the country start to work from home. O2, Three, Vodafone and EE each said their customers had been affected by a fault across their networks which left some users unable to make phone calls. The companies said a joint meeting will now be held to discuss the issue to ensure it does not happen again. The fault came as millions of people began working from home as part of Government guidance to reduce social contact to help stop the spread of coronavirus.


7 – Hackers hit NutriBullet website with credit card-stealing malware

Magecart hackers have struck again, this time targeting the NutriBullet  website. According to new research by security firm RiskIQ, hackers broke into the blender maker’s website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off the credit card numbers and other personal data — like names, billing addresses, expiry dates and card verification values — of unsuspecting blender buyers. The data was scraped and sent to a third-party server operated by the attackers. The stolen credit card data is then sold to buyers on dark web marketplaces.


8 – Coronavirus Widens the Money Mule Pool

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.” On the surface, the Web site for the Vasty Health Care Foundation certainly looks legitimate. It includes various sections on funding relief efforts around the globe, explaining that it “connects nonprofits, donors, and companies in nearly every country around the world.” The site says it’s a nonprofit with offices based in Nebraska and Quebec, Canada.


9 – DOD’s red team hackers struggle sharing vulnerabilities with military

The Department of Defense‘s red team hacking units lack proper training and are still not communicating vulnerabilities with the parts of the military they hack, according to a new inspector general report. The report on the DOD’s red teams — groups of hackers that have permission to use adversarial tactics to find vulnerabilities in DOD’s systems — found that when they do communicate vulnerabilities, there is little oversight to track that they are patched or otherwise remediated. “Ensuring DoD Components mitigate vulnerabilities is essential to achieve a better return on investment,” the report states. There is also little oversight on the hackers themselves, who lack the needed training and expertise to carry out their jobs.


10 -NYSE will temporarily close its trading floor and move to electronic trading only

The New York Stock Exchange will close its trading floor on Monday, March 23 and fully move to electronic trading, the exchange’s operator Intercontinental Exchange announced today. The actual physical locations that will close are the NYSE equities trading floor in New York, the NYSE American Options trading floor in New York and the NYSE Arca Options trading floor in San Francisco. The organization says it took this step as a precautionary step to protect the health of traders and employees on the floor.


11 – Slack Desktop App Update Introduces Major Platform Redesign

Slack is today rolling out a redesign of its team chat app for desktop that aims to make navigating the platform’s various menus and options simpler and more intuitive. The changes to the desktop app are rolling out today, although the developers are prioritizing new Slack users who may have just joined the service owing to an uptick in remote working due to coronavirus containment measures. Other users should see the design changes in the coming weeks.

Related Posts