AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/20/2020

Apple details its plan to safely reopen retail stores

Apple’s head of retail Deidre O’Brien has posted a letter on the company’s website detailing how it plans to safely restart operations at its retail stores. Apple shut all of its stores outside Greater China in March as COVID-19 spread worldwide; all the Greater China stores reopened that same month, while Apple is still in the process of taking careful steps elsewhere. “Our commitment is to only move forward with a reopening once we’re confident we can safely return to serving customers from our stores,” O’Brien writes. “We look at every available piece of data — including local cases, near and longterm trends, and guidance from national and local health officials. These are not decisions we rush into — and a store opening in no way means that we won’t take the preventative step of closing it again should local conditions warrant.”


Hackers Are Trading Your Free Pizza (and Personal Details) on the Dark Web

If you’ve never updated your Domino’s Pizza account information, you may want to do so, and soon. Hackers are engaged in an on-going credential stuffing operation against the well-known international pizza brand, with their sights primarily set on Domino’s Pizza customers in the US. After scouring posts on more than a dozen dark web marketplaces, we discovered over 12,000 Domino’s Pizza accounts have been sold, and most within the past 12 months. While it may seem counterintuitive, hackers and their buyers aren’t immediately after Domino’s shoppers’ credit card information. Instead, they’re on the hunt for rewards points and free pizza.


Hackers Hit Food Supply Company

The attackers who leaked sensitive information on Lady Gaga last week after breaking into systems belonging to a law firm with a long list of celebrity clients, are now threatening to do the same with data from food supplier Sherwood Food Distributors. According to security vendor DarkOwl, data posted on a Tor hidden service called the Happy Blog shows that the operators of the REvil (aka Sodinokibi) ransomware family are holding Sherwood to ransom by stealing critical data from the company and threatening to disclose it publicly. DarkOwl said its analysis shows the attackers have managed to steal some 2,600 files from Sherwood. The stolen data includes cash-flow analysis, distributor data, business insurance content, and vendor information. Included in the dataset are scanned images of driver’s licenses of people in Sherwood’s distribution network.


Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part

The COVID-19 pandemic has provided everyone a fresh lesson that security truly is everyone’s job. Traditionally, the concept that “security is everyone’s job” has been an essential part of education and awareness campaigns against phishing and other email-related attacks. And rightfully so, as these attacks are often the first step for attackers working their way to their ultimate target. But the Zoom example shows that awareness and diligence are important at every level. Further, in many organizations, collaboration tools such as Slack are replacing email as the preferred method to share content and data. In organizations that impose size limits on email attachments, for example, employees can freely pass around files 10 times that size in Slack sessions.


Rogue ADT tech spied on hundreds of customers in their homes via CCTV

A technician at ADT remotely accessed as many as hundreds of CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted. At least one of the victims was a teenage girl, and another a young mother, according to court filings.

Last month, an ADT customer in Dallas, Texas, spotted and reported an unexpected email address listed as an admin user on their home security system. An internal investigation revealed it was the personal email of one of its employees, and he had seemingly used it to view the home’s camera system nearly a hundred times since then. A probe found no fewer than 220 occasions in which the same technician had made himself an admin on a customer’s account, meaning he could lock and unlock doors remotely, as well as access the live feed of any cameras in a customer’s house connected to the ADT network. 


Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation Attacks (BIAS) on everything from internet of things (IoT) gadgets to phones to laptops, according to researchers at the École Polytechnique Fédérale de Lausanne (EPFL) in France. The flaws are not yet patched in the specification, though some affected vendors may have implemented workarounds. “We conducted BIAS attacks on more than 28 unique Bluetooth chips (by attacking 30 different devices),” the researchers said. “At the time of writing, we were able to test chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack.”

Related Posts