AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/2/2020

1 – DNC warns campaigns about cybersecurity after attempted scam

An online “impersonator” of a Democratic National Committee (DNC) staffer tried to contact presidential campaigns, including Sen. Bernie Sanders’s (I-Vt.) campaign, the committee said in a statement to the candidates Wednesday. Bob Lord, the DNC’s chief security officer, wrote in an email to the campaigns obtained by The Hill that “adversaries will often try to impersonate real people on a campaign.” He added that the “adversaries” could try to get campaign workers to “download suspicious files, or click on a link to a phishing site” or set up calls or in-person meetings to record and release.


2 – Facebook cancels its biggest conference amid coronavirus concerns

Facebook announced on Thursday that it is canceling F8, its biggest annual event, due to concerns over the coronavirus. “We’ve made the difficult decision to cancel the in-person component of F8 this year, in order to prioritize the health and safety of our developer partners, employees and everyone who helps put F8 on,” the company wrote on the F8 website. In a blog post, Konstantinos Papamiltiadis, who heads Facebook’s platform partnerships, said it was a “tough call to make.” Instead of holding one large event for developers, the company said it plans to hold “locally hosted events, videos and live-streamed content.”


3 – Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago. All Exchange Server versions up to the last released patch are exposed to potential attacks following these ongoing scans, including those currently out of support even though Microsoft’s security advisory doesn’t explicitly list them. The flaw is present in the Exchange Control Panel (ECP) component and it is caused by Exchange’s inability to create unique cryptographic keys when being installed.


4 – Australian Police Could Get More Cyber-Espionage Powers

Australian Federal Police (AFP) could be given powers to cyber-spy and hack into online computer systems used by criminals based in Australia under a new proposal being considered by the country’s federal government. Suggested changes would allow the AFP to call for assistance from the Australian Signals Directorate (ASD) or extend the cyber-capabilities of the AFP. Currently the ASD only has the power to hack, disrupt, and destroy foreign cybercriminal activity, as the agency is banned from spying or hacking into online systems based within Australia.  This situation means that agents who come across cybercriminal activity linked to a server based in Australia must immediately stop investigating it, no matter how serious the offense being committed.


5 – Android malware can steal Google Authenticator 2FA codes

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts. In a report published this week, security researchers from Dutch mobile security firm ThreatFabric say they’ve spotted an Authenticator OTP-stealing capability in recent samples of Cerberus, a relatively new Android banking trojan that launched in June 2019. “Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application,” the ThreatFabric team said. “When the [Authenticator] app is running, the Trojan can get the content of the interface and can send it to the [command-and-control] server,” they added.


6 – Brave beats other browsers in privacy study

Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week. Douglas Leith, professor of computer systems at Trinity University, examined six browsers for his report – Web Browser Privacy: What Do Browsers Say When They Phone Home? He found that Brave’s Chromium-based browser is the least likely to reveal unique identifying information about the computer using it. The study examined six browsers: Chrome, Firefox, Safari, Brave, Edge, and Yandex. It used several tests to deduce whether the browser can track the user’s IP address over time, and whether it leaks details of web page visits. To do this, it looked at the data shared on startup after a fresh install, on a restart, and after both pasting and typing a URL into the address bar. It also explored what the browser did when it was idle.


7 – HTTPS for all: Let’s Encrypt reaches one billion certificates issued

Let’s Encrypt, the Internet Security Research Group’s free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth. The ISRG’s goal for Let’s Encrypt is to bring the Web up to a 100% encryption rate. When Let’s Encrypt launched in 2015, the idea was pretty outré—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply. Let’s Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.


8 – Sports Giant Decathlon Leaks 123 Million Records

French sporting retail giant Decathlon has become the latest big brand to expose user data via a misconfigured database, leaking over 123 million records including customer and employee information, according to researchers. A team at vpnMentor uncovered the 9GB database on an unsecured Elasticsearch server. It contained information from Decathlon’s Spanish, and potentially also its UK, businesses. “The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor. Leaked data included employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses and birth dates.


9 – Facebook sues SDK maker for secretly harvesting user data

Facebook filed today a federal lawsuit in a California court against OneAudience, a New Jersey-based data analytics firm. The social networking giant claims that OneAudience paid app developers to install its Software Development Kit (SDK) in their apps, and later used the control it had over the SDK’s code to harvest data on Facebook users. According to court documents obtained by ZDNet, the SDK was embedded in shopping, gaming, and utility-type apps, some of which were made available through the official Google Play Store. “After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” the complaint reads.


10 – A high school student created a fake 2020 candidate. Twitter verified it

Andrew Walz calls himself a “proven business leader” and a “passionate advocate for students.” Walz, a Republican from Rhode Island, is running for Congress with the tagline, “Let’s make change in Washington together,” or so his Twitter account claimed. Earlier this month, Walz’s account received a coveted blue checkmark from Twitter as part of the company’s broader push to verify the authenticity of many Senate, House and gubernatorial candidates currently running for office. Twitter has framed this effort as key to helping Americans find reliable information about politicians in the leadup to the 2020 election. But there’s just one problem: Walz does not exist. The candidate is the creation of a 17-year-old high school student from upstate New York, CNN Business has learned.


11 – Report identifies the most dangerous mobile app store on the internet

9Game.com, a portal for downloading free Android games, was identified as the mobile app store hosting the most malicious apps in 2019. 9Game ranked number one on the list of app stores with the most “new” malicious app uploads, but also number one on the list of app stores with the highest concentration of malicious apps overall. According to RiskIQ’s 2019 Mobile App Threat Landscape report, 61,669 new malicious apps were uploaded on 9Game in 2019. In this ranking, 9Game was followed at a considerable distance by the official Android app store — the Google Play Store — with 25,647 new malicious apps. Completing the top 5 are Qihoo 360’s Zhushou store, the Feral app store, and Huawei’s Vmall app store.


12 – Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity

Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them. The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognize and stop future attacks. UT Dallas researchers presented a paper on their work, “Improving Intrusion Detectors by Crook-Sourcing,” at the annual Computer Security Applications Conference in December in Puerto Rico. They presented another paper, “Automating Cyberdeception Evaluation with Deep Learning,” in January at the Hawaii International Conference of System Sciences.


13 – Facebook has paused election reminders in Europe after data watchdog raises transparency concerns

Big tech’s lead privacy regulator in Europe has intervened to flag transparency concerns about a Facebook  election reminder feature — asking the tech giant to provide it with information about what data it collects from users who interact with the notification and how their personal data is used, including whether it’s used for targeting them with ads. Facebook confirmed to TechCrunch it has paused use of the election reminder feature in the European Union  while it works on addressing the Irish Data Protection Commission’s (DPC) concerns.


14 – Apple Just Disabled Clearview AI’s iPhone App For Breaking Its Rules On Distribution

In distributing its app for Apple devices, Clearview, which BuzzFeed News reported earlier this week has been used by more than 2,200 public and private entities including Immigration and Customs Enforcement (ICE), the FBI, Macy’s, Walmart, and the NBA, has been sidestepping the Apple App Store, encouraging those who want to use the software to download its app through a program reserved exclusively for developers. In response to an inquiry from BuzzFeed News, Apple investigated and suspended the developer account associated with Clearview, effectively preventing the iOS app from operating. An Apple spokesperson told BuzzFeed News that the Apple Developer Enterprise Program should only be used to distribute apps within a company. Companies that violate that rule, the spokesperson said, are subject to revocation of their accounts. Clearview has 14 days to respond to Apple.


15 – Google has right to censor conservative nonprofit on YouTube

Just because YouTube is everywhere doesn’t make it the town square, a Seattle appeals court said on Wednesday. It’s neither a public forum nor a “state actor”, and it can’t be held to First Amendment court oversight as if it were a government body. Thus did the 9th Circuit Court of Appeals in San Francisco dismiss a top right-wing content creator’s allegation that Google had violated its First Amendment rights by tagging dozens of its videos on abortion, gun rights, Islam and terrorism with its Restricted Mode and demonetizing them so the nonprofit can’t make money from advertising.

Related Posts