AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/20/2020

1 – US Commerce Dept Shares Tips On Securing Virtual Meetings

The US National Institute of Standards and Technology (NIST) today shared a number of measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic. Jeff Greene, the director of the National Cybersecurity Center of Excellence (NCCoE) at the NIST said that “if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop.” “Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.”


2 – One whole day: That’s how long Facebook’s COVID-19 content moderation went without a mess

One whole day after telling the world it was going to do its very best to ensure that only high-quality COVID-19 content from proper sources would spread on Facebook, The Social Network has mistakenly identified just such content as violating its community standards. This one seemingly started with Mike Godwin, a US-based lawyer and activist who coined Godwin’s Law: “As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches.” Godwin was footling on Facebook and tried to share a story titled Updated every minute, 17-year-old whiz kid’s coronavirus site used by millions from the Times of Israel.


3 – 2020 Tax Fraud Trends: How to Protect Yourself at Home and Work

The tax season deadline in the U.S. is April 15, 2020, and that means scammers are officially on the prowl for unsuspecting tax fraud victims. Attackers are utilizing both time-tested and new techniques to collect tax information and personal data from victims and target individual and corporate accounts. No one is immune from tax season risks, and most of us share a healthy respect for the Internal Revenue Service (IRS). Scammers rely on fear and stress to coerce individuals and employees into making same-day tax payments or releasing sensitive information. Everyone’s at risk of tax identity theft and social engineering fraud, but financial institutions need to be on particularly high alert for social engineering, vulnerabilities and ransomware attacks.


4 – TrueFire Guitar tutoring website was hacked, financial data might have been exposed

The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data. TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons. The news of the incident was reported by several websites and forums, such as Guitar.com and Jazzguitar.be, which are regularly visited by guitarists. The websites were informed by some affected TrueFire customers which shared details the data breach notification they received from the company.


5 – German military laptop with classified data sold on Ebay

German security researchers discovered easily accessible, classified military information on a laptop sold on eBay.

Security specialists from G Data, based in the western city of Bochum, bought a used Bundeswehr laptop for €90 ($100). On the computer were a series of documents, including instructions on how to destroy the LeFlaSys Ozelot air defence system. The LeFlaSys Ozelot is a mobile air defense missile system first deployed in 2001 and still in use today. The surface-to-air system is used to quickly react against air threats, protecting command centers and troops on the move. The files were marked “VS-Nur für den Dienstgebrauch” — the lowest level of secret classification.


6 – Forget James Bond’s super-gadgets, this chap spied for China using SD card dead drops

An American citizen will spend the next four or so years behind bars in the US for smuggling corporate secrets out of the states to his spymasters in China. A federal district judge this week sentenced Xuehua Edward Peng, 56, of Hayward, California, after he admitted handing over the trade secrets to Beijing. Peng earlier confessed that SD cards loaded with information stolen from an unspecified US company were left for him to collect at hotels by a contact only known as Ed. Peng would also hide tens of thousands of dollars in hotel rooms for Ed to collect as payment. Lawyers said Peng spent years trafficking confidential info. “Today Xuehua Peng suffers the consequences of acting in the United States at the direction of a foreign government,” said US attorney David Anderson.


7 – France warns of new ransomware gang targeting local governments

France’s cyber-security agency issued an alert this week warning about a new ransomware gang that’s been recently seen targeting the networks of local government authorities. The alert, issued by France’s CERT team, points to a rising number of attacks carried out with a new version of the Mespinoza ransomware strain, also known as the Pysa ransomware. This ransomware strain was first spotted making victims last year, in October 2019. According to reports at the time, victims reported having data encrypted with the .locked extension added at the end of each ransomed file.


8 – Coronavirus pandemic sparks calls to delay sale of .org domain

A decision on the sale of the .org internet domain to a private company should be postponed, rights groups said, warning it could impact charities grappling with coronavirus. NGOs opposing the takeover called for an extension of the March 20 deadline for the internet’s governing authority, ICANN, to decide whether to give it the go-ahead in light of the global disruption caused by the outbreak. “Organizations that disseminate accurate health information and connect affected communities with public resources depend on the .ORG domain,” Peter Micek, general counsel of digital rights group Access Now said in a statement. “Now is not the time to shift the ground beneath their online activities.”


9 – Oxford University Contact Tracing App Could Be the Solution to Slow and Stop COVID-19

A team of medical research and bioethics experts at Oxford University in the U.K. are supporting several European governments to explore the feasibility of a coronavirus mobile app for instant contact tracing. If rapidly and widely deployed, the infectious disease experts believe such an app could significantly help to contain the spread of coronavirus. The Oxford University team has provided European governments, including the U.K., with evidence to support the feasibility of developing a contact tracing mobile app that is instant, could be widely deployed, and should be implemented with appropriate ethical considerations. The team recommends that the mobile application should form part of an integrated  coronavirus control strategy that identifies infected people and their recent person-to-person contacts using digital technology.


10 – Beware of ‘ZoomBombing:’ screensharing filth to video calls

The world is vulnerable to a new type of trolling as people turn to Zoom  video calls to feel connected amidst quarantines. Jerks are using Zoom’s screensharing feature to blast other viewers with the most awful videos from across the internet, from violence to shocking pornography. That’s just what happened today on the WFH Happy Hour, a popular daily public Zoom call hosted by The Verge reporter Casey Newton and investor Hunter Walk. Suddenly, dozens of attendees were bombarded with disturbing imagery. A troll entered the call and screenshared Two Girls, One Cup and other horrifying sexual videos. Attempts to block the attack were thwarted as the perpetrator simply re-entered the call under a new name and screenshared more gross-out clips. The hosts ended the call rather than subject viewers to the assault until they could stop it.


11 – Oh-so-generous ransomware crooks vow to hold back from health organisations during COVID-19 crisis

Ransomware operators of DoppelPaymer and Maze malware stated that they will not target medical organisations during the current pandemic. Laurence Abrams, who runs the security news site Bleeping Computer, reports that he made contact with “the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.” The DoppelPaymer operators responded that “we always try to avoid hospitals, nursing homes … we always do not touch 911 (only occasionally is possible or due to missconfig in their network) … if we do it by mistake – we’ll decrypt for free.”


12 – GPS satellite gets a digital twin to ensure cyber security

The U.S. Air Force is using digital replica of a GPS IIF satellite to detect any cyber-security issues, reports Air Force Magazine. Booz Allen Hamilton created the “digital twin” of the Lockheed Martin-built Block IIR GPS satellite — and then tried to hack the system. “The satellite itself was on orbit,” BAH Vice President Kevin Coggins told Air Force Magazine. “So we built this digital model … and then we went looking for vulnerabilities. We did [penetration] testing and we saw what we could discover.”


13 – How China built facial recognition for people wearing masks

Hanwang, the facial-recognition company that has placed 2 million of its cameras at entrance gates across the world, started preparing for the coronavirus in early January. Huang Lei, the company’s chief technical officer, said that even before the new virus was widely known about, he had begun to get requests from hospitals at the centre of the outbreak in Hubei province to update its software to recognise nurses wearing masks. “We wouldn’t wait until something explodes to act. If three or five clients ask for the same thing . . . we’ll see that as important,” said Mr Huang, adding that its cameras previously only recognised people in masks half the time, compared with 99.5 percent accuracy for a full face image. Since then, demand has soared, from police stations, railway stations and all the office towers that use Hanwang’s cameras to screen employees, and Mr Huang reassigned teams of people to work on the challenge.


14 – Senators blast Google for facemask ads, demand action from FTC

Two Democratic senators asked the Federal Trade Commission to pursue enforcement action against Google Tuesday saying the company is continuing to allow ads for the sale of facemasks amid the coronavirus pandemic. Sens. Mark Warner of Virginia and Richard Blumenthal of Connecticut said that despite Google announcing a ban on ads for protective facemasks last week, their staff were easily able to find Google ads for facemasks over the past week. The senators said the ads contribute to the shortage of products essential to heath care workers on the frontlines of the United States’ coronavirus response. The senators told the FTC, “our staffs were consistently served dozens of ads for protective masks and hand sanitizer,” often when browsing news stories about the coronavirus.


15 – Facebook’s less cluttered desktop redesign is more widely available starting today

Facebook has begun rolling out the overhauled version of its desktop site. Starting today, users have the option to opt in to the new design, which places a heavier emphasis on two of Facebook’s most critical features: events and groups. The redesign was previously exclusive to the Facebook mobile app and was first announced at the company’s F8 developer conference last year. “Starting today, the majority of people on Facebook will have access to the new desktop design,” a Facebook spokesperson tells The Verge. “People can opt-in to try out the new design before it becomes default later this year.” So if you don’t have access now, it should be showing up shortly.

Related Posts