AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/17/2019

T-Mobile Has a Secret Setting to Protect Your Account From Hackers That It Refuses to Talk About

It’s called “NOPORT” and, in theory, it makes it a bit harder for criminals to hijack phone numbers with an attack known as “SIM swapping,” a type of social engineering that Motherboard has covered extensively and which is increasingly being used to steal people’s phone numbers. SIM swapping attackers usually trick wireless providers into giving them control of a target’s phone number by impersonating the victim with a company’s customer support representatives—usually on a phone call. T-Mobile’s NOPORT feature makes this harder by requiring customers to physically come to a store and present a photo ID in order to request their number to be ported out to a different carrier or a new SIM card.


Autonomous weapons could ‘accidentally’ start the next world war, warns ex-Google software engineer

A former Google software engineer who resigned from the company last year has warned that autonomous weapons could ‘accidentally’ start the next world war. Laura Nolan resigned form the company last year after being assigned to a US military drone project. Over the weekend, Nolan warned that incorporating increasingly sophisticated artificial intelligence into military technology could have dire adverse consequences. Nolan subsequently joined the Campaign to Stop Killer Robots and has briefed diplomats on the subject. Her latest concern is that AI could end up starting wars or committing major atrocities. 


Scammer behind sextortion campaigns arrested in France

 Police in France have arrested a 20-year-old man for his role in blackmailing thousands of French and international users with so-called sextortion emails over the past few months. The suspect, whose name has not been released, was arrested on Monday, September 9, by officers from the Office of Combating Cybercrime (OCLCTIC) at the Paris Airport after returning to France from Ukraine. Reports from Radio France and other local French media said the man is a French citizen living in Ukraine. He’s now been placed under judicial control and banned from leaving the country.


Database leaks data on most of Ecuador’s citizens, including 6.7 million children

The personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned. The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador’s history, a small South American country with a population of 16.6 million citizens.


Swindon College staff and students warned over cyber attack

A college has advised students and staff to check their financial data after it fell victim to a cyber attack. Swindon College said a targeted attack resulted in unauthorised access to the personal data of both present and former staff and students. It said those who may be affected should check their bank accounts to identify any suspicious activity. The Information Commissioner’s Office and National Crime Agency have been informed. 


LastPass fixes a major exploit

Password manager LastPass had an exploit that could be abused to reveal a user’s credentials. The company has fixed the issue in its latest update, according to a blog post Monday. The problem was first found in late August by Tavis Ormandy, a security researcher from Google’s Project Zero, a team dedicated to finding exploits that can be abused by hackers. 


Amazon changed search algorithm to favor its own products, WSJ reports

Amazon changed its search algorithm in ways that boost its own products despite concerns raised by employees who opposed the move, The Wall Street Journal reported today. The change was made late last year and was “contested internally,” the WSJ reported. People who worked on the project told the WSJ that “Amazon optimized the secret algorithm that ranks listings so that instead of showing customers mainly the most-relevant and best-selling listings when they search—as it had for more than a decade—the site also gives a boost to items that are more profitable for the company.”


Apple Arcade is now available for some iOS 13 beta users

Originally announced earlier this year, Apple has been working on an ad-free gaming service that lets you download and play games for a monthly subscription fee. These games have no ads or in-app purchases. Essentially, you pay $4.99 per month to access a library with dozens of games. Subscriptions include a one-month free trial and work with family sharing. You can browse the selection of games without subscribing. There are currently 53 games available, but Apple said that it plans to launch over 100 games this fall.


Data of 24.3 million Lumin PDF users shared on hacking forum

The details of over 24.3 million Lumin PDF users have been shared today on a hacking forum, ZDNet has learned from a source. The hacker said they leaked the company’s data after Lumin PDF administrators failed to answer his queries multiple times over the past few months. Lumin PDF is a little-known cloud-based service that lets users view, edit, and share PDF files using a web-based dashboard, inside a browser extension, or via the company’s mobile apps.


US Turning Up the Heat on North Korea’s Cyber Threat Operations

The US government’s move last Friday to slap sanctions on three North Korean cyber threat groups is being viewed by some security experts as a necessary but likely futile attempt to slow down state-sponsored hacking activity in that country. The sanctions came amid reports of fresh threat activity targeted at US interests from North Korea. The US DHS and the FBI warned of new malware activity related to Hidden Cobra, a DDoS botnet previously linked to North Korea’s intelligence apparatus. In another report, security vendor Prevailion said it had observed a recent expansion of a North Korean threat campaign dubbed ‘Autumn Aperture’ directed at US organizations in multiple industries.


Waymo’s robotaxi pilot surpassed 6,200 riders in its first month in California

Waymo  transported 6,299 passengers in self-driving Chrysler Pacifica minivans in its first month participating in a robotaxi pilot program in California, according to a quarterly report the company filed with the California Public Utilities Commission. In all, the company completed 4,678 passenger trips in July — plus another 12 trips for educational purposes. It’s a noteworthy figure for an inaugural effort that pencils out to an average of 156 trips every day that month.  And it demonstrates that Waymo has the resources, staff and vehicles to operate a self-driving vehicle pilot while continuing to test its technology in multiple cities and ramp up its Waymo One ride-hailing service in Arizona.


Computer Scientist Richard Stallman Resigns From MIT Over Epstein Comments

Famed open source advocate and computer scientist Richard Stallman has resigned from MIT, according to an email he published online. The resignation comes after Stallman made comments about victims of child trafficker Jeffrey Epstein, including that the victims went along with the abuse willingly. “I am resigning effective immediately from my position in CSAIL at MIT,” Stallman wrote in the email, referring to MIT’s Computer Science and Artificial Intelligence Laboratory. “I am doing this due to pressure on MIT and me over a series of misunderstandings and mischaracterizations.”


California bill may fill data gaps in the criminal justice system

Inconsistent data isn’t just a headache in the criminal justice system — it could make the difference between someone going free or serving time. California might do something about that soon, though. The state legislature has passed a bill, AB-1331, that would improve data handling for criminal justice. The measure would set clear data collection and reporting standards for both the courts and law enforcement, such as a requirement that agencies hand over criminal ID and information, incident and court numbers. It would also let courts share some data with researchers hoping to interpret justice data and hold officials to account.

Related Posts