AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/02/2019

Another convincing deepfake app goes viral prompting immediate privacy backlash

Zao, a free deepfake face-swapping app that’s able to to place your likeness into scenes from hundreds of movies and TV shows after uploading just a single photograph, has gone viral in China. Bloomberg reports that the app was released on Friday, and quickly reached the top of the free charts on the Chinese iOS App Store. And like the FaceApp aging app before it, the creators of Zao are now facing a backlash over a perceived threat to user privacy.


Ransomware hits hundreds of dentist offices in the US

Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source. The incident is another case of a ransomware gang compromising a software provider and using its product to deploy ransomware on customers’ systems. In this case, the software providers are The Digital Dental Record and PerCSoft, two Wisconsin-based companies who collaborated on DDS Safe, a medical records retention and backup solution advertised to dental practice offices in the US.


Bitcoin’s Lightning Network found to have security vulnerabilities

Bitcoin’s Lightning Network, an experimental second-layer scaling solution built on top of the Bitcoin Network for quicker fund transfers, has been found to have some security vulnerabilities. Rusty Russell, an Australian software programmer and a bitcoin lightning coder, tweetedFriday, saying that security issues have been discovered in “various lightning projects which could cause loss of funds.”

While Russell did not provide specific details, he said more information will be issued in four weeks.


New TrickBot Variant Targets Verizon, T-Mobile, and Sprint Users

A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware’s development. TrickBot (also known as Trickster, TheTrick, and TrickLoader) is a banking Trojan that has been continuously upgraded throughout the years with new modules and capabilities since October 2016 when it was initially observed in the wild. While in the beginning it only came with banking Trojan capabilities designed to collect and deliver as much sensitive data as possible to its masters, it is now also become a popular malware dropper capable of infecting compromised machines with other malware families.


U.S. military carried out secret cyberstrike on Iran to prevent it from interfering with shipping

American military cyber forces in June knocked out a crucial database used by Iran’s elite paramilitary force to target oil tankers and shipping traffic in the Persian Gulf hours after that force shot down a U.S. surveillance drone, according to U.S. officials. The retaliatory strike by U.S. Cyber Command against the system used by the Islamic Revolutionary Guard Corps was approved by President Trump, who that same day called off a military airstrike against Iran because killing Iranians would not be “proportionate to shooting down an unmanned drone.” U.S. Cyber Command did not address questions on the secret operation.


Indictment says accused Capital One hacker also used exploited cloud servers for cryptojacking

A federal grand jury indicted Paige Thompson, a former Amazon engineer, on multiple counts of wire fraud and computer fraud on allegations that she not only stole data but also mined cryptocurrency after infiltrating the cloud servers of Capital One and more than 30 other companies. While the alleged incidents of data theft have been widely documented, the indictment marks first time that prosecutors have publicly alleged that Thompson also illicitly used her access to the servers to mine cryptocurrency, a practice commonly known as cryptojacking.

National-security concerns threaten undersea cable to China

U.S. officials are seeking to block an undersea cable between Los Angeles and Hong Kong, backed by Alphabet Inc’s Google (GOOGL.O), Facebook Inc (FB.O) and a Chinese partner, over national-security concerns, the Wall Street Journal reported on Wednesday. The Justice Department has signaled staunch opposition to the project because of concerns over its Chinese investor, Dr. Peng Telecom & Media Group Co, and the direct link that the cable would provide to Hong Kong, the WSJ reported, citing people involved in the discussion.


DHS Asks for Feedback on Vulnerability Disclosure Program

The Homeland Security Department is seeking feedback on an enterprisewide vulnerability disclosure program that will make it easier for the public to report weaknesses in the agency’s IT infrastructure. The program would allow the cybersecurity community to scour select Homeland Security systems for vulnerabilities and alert department officials to their findings without fear of punishment. The effort would bring the department up to speed with the Pentagon and General Services Administration’s tech office, which have both already established vulnerability disclosure policies.


Oregon Judicial Department hit by phishing attack

Personal information of more than 6,000 people became exposed in a phishing attack on the Oregon Judicial Department. The department said Thursday the attack occurred at 4:30 a.m. on July 15, resulting in email accounts of five users being compromised. The accounts were disabled within four hours. The department is sending notices and providing credit monitoring services to the 6,607 affected people. The exposed personal information may include names, full and partial dates of birth, and some financial information. Some health information and social security numbers were exposed. The department said it reported the breach to law enforcement and other agencies.


Twitter co-founder Jack Dorsey’s account hacked

The official Twitter account of Jack Dorsey, the co-founder of the social media platform, was hacked on Friday. One of the first tweets sent from his “compromised” account was the N-word. Another, sent minutes later, praised Hitler. More than a dozen racist or otherwise offensive original tweets were sent within 20 minutes from the account. Among the tweets was a link to a message board on the chat service Discord. The users in the chat had spelled out “DONALD TRUMP” in emojis on one of the boards. Some of the users in the chat claimed they were attempting to rifle through Dorsey’s private direct messages while they still had access to the account, but found the task too hard to manage.


Company behind Foxit PDF Reader announces security breach

Foxit Software, the company behind the Foxit PDF reader app, said today that hackers breached its servers and have made off with some user information. ZDNet learned of the breach from a Foxit customer who shared a copy of the email the company is sending out to affected users, asking them to choose new passwords when logging in the next time. According to this email, the security breach impacted the company’s website, and, namely, information stored in the My Account section.


Apple co-founder joins calls to break up Big Tech — including Apple itself

Another voice has joined the chorus of calls to break up Big Tech — this time, it’s Apple co-founder Steve Wozniak. In a Tuesday interview with Taylor Riggs on “Bloomberg Technology,” Wozniak said Apple should have already been broken up. “I wish Apple on its own had split up a long time ago, and spun off independent divisions to far away places and let them think independently the way Hewlett Packard did when I worked there,” he said. In 2015, Hewlett-Packard was split into HP Inc. (which contains the former company’s printer and PC division) and Hewlett Packard Enterprise (which is made of the data storage and enterprise businesses).


Video, reports of machines automatically changing votes in Mississippi GOP Governor runoff

There have been at least three reports confirmed by officials of voting machines in two Mississippi counties changing voters’ selections in the state’s GOP gubernatorial primary runoff. In one case, the glitch was caught on video. Tuesday morning, Facebook user Sally Kate Walker posted a video showing what appeared to be a touch-screen machine changing someone’s selection from Bill Waller Jr. to Tate Reeves. While officials confirmed the problems with only three machines in two counties, the Waller campaign Tuesday evening said it had received more widespread reports of the same issue. The campaign said it had received reports of the same issues from Leflore, Lamar, Pearl River, Lincoln, Washington, Forrest and Scott counties.


Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years

In what may be one of the largest attacks against iPhone users ever, researchers at Google say they uncovered a series of hacked websites that were delivering attacks designed to hack iPhones. The websites delivered their malware indiscriminately, were visited thousands of times a week, and were operational for years, Google said. “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week,” Ian Beer, from Google’s Project Zero, wrote in a blog post published Thursday.


Phishing Campaign Hides Malware in Resumes

For many people, applying for a new job is a soul-crushing activity on a par with cleaning the bathroom in a six-person student dorm room. Landing a new role can mean spending hours searching for positions, rewriting your résumé and cover letter countless times and using LinkedIn to badger people you haven’t spoken to for years into giving you a reference.  Now cyber-criminals have given job seekers a fresh obstacle to contend with after targeting companies with a phishing campaign that hides malware in résumés sent as email attachments. The advanced campaign, which uses multiple anti-analysis methods to deliver Quasar remote access tool (RAT), was uncovered by phishing defense service provider Cofense Intelligence. 


Facebook Admits ‘Technical Error’ In Messenger Kids App Connected Children With Strangers

Facebook acknowledged in a letter to two Democratic senators on Thursday that a design flaw in its Messenger Kids app allowed children under the age of 13 participate in group chats with strangers and without their parents permission, essentially sidestepping one of the core security features of the app. The social media giant’s letter to Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) was a response to an Aug. 6 congressional inquiry, in which the senators said they were “disturbed” to learn that in thousands of cases, children using group chats were allowed to speak to unauthorized users. The senators also expressed concern over “a worrying pattern of lax privacy protections for kids on the Messenger Kids platform.”


Snake oil or genius? Crown Sterling tells its side of Black Hat controversy

Robert Grant claims he is a reluctant cryptographer. “The last thing I would’ve wanted to do is start another company,” Grant, the CEO and founder of Crown Sterling, told Ars. “It’s like my wife asking me if we can have another child… I have two. And I am not looking forward to another child.” But he and a collaborator believed that they had made a profound discovery, one that would fundamentally shake the core of modern encryption. “We thought, well, just out of a sense of responsibility, we should start a non-factor-based encryption technology,” Grant said. “And that’s what we did with Time AI.”


New Microsoft Edge to Retire Flash Using Chrome’s Roadmap

Microsoft has announced that the new Microsoft Edge will follow the same Adobe Flash retirement roadmap as Chrome and other chromium-based browsers. In July 2017, Adobe announced that it plans to retire Adobe Flash in December 2020 and it will also stop updating and distributing the software. In a coordinated announcement, all major browser makers including Microsoft and Google also revealed their plans to retire Flash in their browsers. In this announcement, Microsoft stated that by the end of 2020, users would no longer have the ability to enable Adobe Flash in Microsoft Edge and Internet Explorer.


Boxing champ Pacquiao launches his own crypto tokens

Philippine boxing champion Manny Pacquiao launched his very own cryptocurrency on Sunday at a free concert in Manila, where he serenaded more than 2,000 fans to drum up interest in the product. The 40-year-old boxer, who defeated Keith Thurman to win the WBA Welterweight Super Championship in July and is also a Philippine senator, hopes to cash in on his “Pac” tokens, which will allow fans to buy his merchandise and interact with him via social media.

Related Posts