AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes

A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet’s most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren’t using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.


2 NSA-approved cybersecurity law and policy course now available online

Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency. The course, which can be accessed through the CLARK Center, a curriculum management platform hosted at Towson University, touches on international and domestic cybersecurity law, cyber risk and technical details like how smartphones function, according to Anne McKenna, a Penn State professor who organized the course.


3 Telegram will launch its Gram cryptocurrency by October 31 or bust

Telegram’s cryptocurrency— the Gram — may be going public after all. The encrypted messaging app company plans to deliver “the first batches” of the coin in the next two months, according to a report at The New York Times. The last time we reported on the Gram, it was to note that Telegram was canceling its initial coin offering (ICO), so the news may come as a bit of a surprise unless you’ve been following Telegram and cryptocurrency closely. But if you have, you’ve probably heard a rumor that Telegram has a hard deadline to make it happen: if it doesn’t deliver by October 31st, it legally forfeits the $1.7 billion it raised to make those coins a reality.


4 Facebook hires lobbying firm

Facebook‘s “cryptocurrency” Libra is facing an ever growing mountain of regulatory challenges. It seems it needs a helping hand, as it’s hired a specialist firm to lobby Washington directly. According to registration documents filed earlier this week, Facebook will be represented by Washington, DC-based FS Vector LLC, a firm that specializes in regulatory compliance and public policy. The lead lobbyist named is John Collins, partner at FS Vector and formally the head of policy at Coinbase. Collins also lead US Congress‘ first exploration into digital currencies back in 2013 – so it’s likely he’ll know a thing or two about the hurdles that Facebook‘s Libra is facing.


5 Google Maps adds biking and ridesharing options to transit directions for multi-mode commutes

Google is introducing combo navigation directions that pair ridesharing and biking options with transit guidance. Starting today, when you search from directions using Google Maps and select the “transit” tab, you’ll see ridesharing options included when the nearest station is a bit farther than most people might expect to go on foot. Similarly, you’ll also see routes with bike suggestions for certain legs, all listed alongside routes that stick to just transit alone for a full range of options.


6 Eight Defendants Charged with Running Two of the Largest Illegal Television Show and Movie Streaming Services in the United States

According to the indictment, Kristopher Lee Dallmann, 36; Darryl Julius Polo, aka djppimp, 36; Douglas M. Courson, 59; Felipe Garcia, 37; Jared Edward Jaurequi, aka Jared Edwards, 38; Peter H. Huber, 61; Yoany Vaillant, aka Yoany Vaillant Fajardo, 38; and Luis Angel Villarino, 40, allegedly ran an entity called Jetflicks, an online subscription-based service headquartered in Las Vegas, Nevada, that permitted users to stream and, at times, download copyrighted television programs without the permission of the relevant copyright owners.


7 Anthony Levandowski, former Google engineer at center of Waymo-Uber case, charged with stealing trade secrets

Anthony Levandowski, the former Google engineer and serial entrepreneur who was at the center of a trade secrets lawsuit between Uber and Waymo, has been indicted by a federal grand jury on theft of trade secrets. The indictment, which is posted below, charges Levandowski with 33 counts of theft and attempted theft of trade secrets while working at Google, where he was an engineer and one of the founding members of the group that worked on Google’s self-driving car project. He is scheduled to be arraigned on the charges at 1:30 p.m. Tuesday before U.S. Magistrate Judge Nathanael M. Cousins.


8 Major cybersecurity center coming to Baton Rouge’s Water Campus

A major cybersecurity center is coming to the Water Campus in Baton Rouge. Governor John Bel Edwards and Major General Glenn Curtis of the Louisiana National Guard announced plans on Tuesday to establish the capital region’s most secure cyber facility. The Louisiana Cyber Coordination Center, or LC3, will be located at 1200 Brickyard Lane on the Water Campus south of downtown Baton Rouge. Governor Edwards declared a statewide cybersecurity emergency in July after ongoing malware attacks impacted several north Louisiana school districts. A cyberattack on the Tangipahoa School System caused a mess right before the back-to-school season. Gov. Edwards says the project will generate dozens of new jobs.


9 Microsoft Lifts Update Block On Windows 7 With Symantec AV

Microsoft has raised the safeguard hold put in place to block Symantec or Norton antivirus users from updating their Windows 7 and Windows Server 2008 R2 devices. The update block added on August 14 was caused by Windows updates code signed using SHA-2 certificates being deleted during installation on Windows 7 SP1 and Windows Server 2008 R2 SP1 systems where Symantec and Norton AVs were installed, stopping the Windows installation from booting. “The software may not correctly identify files included in the update as code signed by Microsoft, putting the device at risk for a delayed or incomplete update,” says Microsoft in the known issue’s description.


10 Facebook ‘has to do a lot better than this,’ say Senators

A letter sent from Facebook to Democratic lawmakers has shed new light on the Messenger Kids breach that took place this summer — and inspired new backlash from Congress. Earlier this year, an implementation error in the Messenger Kids app had allowed children to create group chats with unauthorized users. That violated a core promise of the app, which had pledged to give children a way to talk with friends without potentially exposing them to strangers online. “We believe… that Messenger Kids complies with COPPA,” public policy VP Kevin Martin wrote to lawmakers, “and we are committed to continually improving it to ensure we not only comply with COPPA but we meet and exceed the high standards of parents and families.”

Related Posts