Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/16/2019

198 Million Car-Buyer Records Exposed Online for All to See

Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer Leads, which is a company that gathers information on prospective buyers via a network of SEO-optimized, targeted websites. According to Jeremiah Fowler, senior security researcher at Security Discovery, the websites all provide car-buying research information and classified ads for visitors. They collect this info and send it on to franchise and independent car dealerships to be used as sales leads. The exposed database in total contained 413GB of data.

 

Ryuk Related Malware Steals Confidential Military, Financial Files

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker’s control. To make this sample even more interesting, this data exfiltrating malware also contains some strange references to Ryuk within the code.

 

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

 

Radio broadcaster Entercom hit with ransomware attack

A ransomware attack launched last week against Philadelphia-based radio conglomerate Entercom Communications resulted in the disruption of email service and crashed computers, according to media reports. Digital extortionists demanded payment of $500,000 to unlock the affected systems at the company, which owns 235 radio stations throughout the U.S. Entercom reportedly will not pay the ransom to unlock its systems. Broadcasts are still running without interruption.

 

‘Simjacker’ Attack Can Track Phones Just by Sending a Text

The so-called Simjacker exploits work across a wide range of mobile devices, regardless of the hardware or software they rely on, researchers with telecom security firm AdaptiveMobile Security said in a post. The attacks work by exploiting an interface intended to be used solely by cell carriers so they can communicate directly with the SIM cards inside subscribers’ phones. The carriers can use the interface to provide specialized services such as using the data stored on the SIM to provide account balances.

 

Eco-activists arrested by Brit cops after threatening to close Heathrow with drones

Five people have been arrested by the Metropolitan Police for threatening to fly drones around London’s Heathrow airport this Friday to protest climate change. The group announced at the end of August that they were planning to disrupt the airport – one of the world’s busiest – this coming Friday and would meet with the police and airport authorities to discuss their plan. On Tuesday, they reiterated that plan, stating that they were prepared to go to jail to carry out the action.

 

Clerk uses photographic memory to steal credit card info from 1,300 customers

Between Equifax’s colossal January breach and 220 million Facebook users having their phone numbers accessed last week, It seems like major corporations are having security problems all over the place. It’s all enough to make you antsy about using your credit card online. In Japan, though, a store clerk has stolen credit card information the old fashioned way: Looking at and memorizing the details of over 1,300 customers, according to local news.

 

A Third of Security Pros Have Skipped Cyber-Safety Checks to Launch Products Faster

A survey of 300 security professionals has found that 34% admit to bypassing security checks to bring products to market faster. The research was carried out by cyber assessment company Outpost24, which questioned attendees at the Infosecurity Europe Conference held in London in June of this year. Worryingly, 64% of the security professionals surveyed were of the opinion that their customers could be affected by data breaches as a direct result of unpatched vulnerabilities in their organizations’ products and applications. 

Asked if the products their company is happy to sell to the public would stand up well under penetration testing, 29% of respondents said either that they weren’t sure or that they didn’t believe their organization’s products and applications would fare well if tested. 

 

Pen test gone awry? Coalfire staffers arrested for burglary

Two Coalfire employees were arrested at a court house in Iowa, USA, as they conducted what they called an assessment on the building’s security. The Des Moines Register reported Gary Demercurio and Justin Wynn were arrested early in the morning of 11 September as they were walking around on the court house’s third floor allegedly carrying a variety of burglary tools. The Perry News quoted a police report that upon arrest the men claimed “they were contracted to break into the building for Iowa courts to check the security of the building.”

 

Ex White House CIO attacks insurance firms for ‘fuelling ransomware industry’

Former CIO of the White House Theresa Payton has warned that cyber insurance companies are supporting the ransomware industry by manipulating organisations into paying to have their systems returned after a cyber attack. Insurance companies, according to Payton, are encouraging customers to pay ransomware demands as the costs associated with data recovery often outweigh those incurred by the ransom, meaning insurance providers pay far less as a result. “I’m increasingly frustrated at the trend where the insurance companies are encouraging the victims to pay,” said Theresa Payton, former White House CIO and security authority.

Related Posts