AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/18/2019

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says

As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander. Joint Task Force ARES, the outfit charged with running joint and coalition cyber-operations against ISIS, is working to uncover information about how the terrorist group continues to operate in Afghanistan, the deputy commander said Monday.

 

Doubts raised over Simjacker security flaw 

The SIM-based security vulnerability was recently discovered by the researchers at AdaptiveMobile Security, who claimed that the flaw could affect mobile operators in as many as 30 countries, potentially affecting more than one billion mobile phone users worldwide.  While AdaptiveMobile Security research team is confident about their study, many security experts are sceptical about the big claims made by the AdaptiveMobile. “I’ve been researching the SimJack issue and the more I am, the more something smells fishy about it…,” said cyber security expert, Dr Vesselin Bontchev, known as @VessOnSecurity on Twitter. He believes the researchers at AdaptiveMobile have overstated the number of victims at risk due to Simjacker vulnerability.

 

If you are a Restaurant Depot customer, don’t open that phishing email

Restaurant Depot customers are reporting phishing emails sent from what appears to be the wholesaler’s mailing list. On Tuesday, customers took to Twitter with queries concerning strange emails that landed in their inboxes which appeared to be from Restaurant Depot. The phishing emails, as basic as they are, inform customers that they have an invoice worth thousands of dollars to pay, and the amount will be taken out of their accounts in the near future. 

 

Facebook auto-generating pages for Islamic State, al-Qaida

In the face of criticism that Facebook is not doing enough to combat extremist messaging, the company likes to say that its automated systems remove the vast majority of prohibited content glorifying the Islamic State group and al-Qaida before it’s reported. But a whistleblower’s complaint shows that Facebook itself has inadvertently provided the two extremist groups with a networking and recruitment tool by producing dozens of pages in their names. The social networking company appears to have made little progress on the issue in the four months since The Associated Press detailed how pages that Facebook auto-generates for businesses are aiding Middle East extremists and white supremacists in the United States.

 

Millions of Lion Air Passenger Records Exposed and Exchanged on Forums

Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. The records are present in two databases, one with 21 million records, the other with 14 million entries, in a directory holding backup files created in May 2019 mostly for Malindo Air and Thai Lion Air. Another backup file has Batik Air in its name, an airline whose parent organization is also Lion Air.

 

Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices

Phillip Capital Inc. (PCI) has been fined $1.5 million by the US Commodity Futures Trading Commission (CFTC) for “allowing” a data breach to occur and failing to alert its customers in a reasonable timeframe. The CFTC said last week that the Chicago, Illinois-based firm will pay a penalty of $500,000 and $1 million in restitution to settle charges that the firm failed to protect its systems from cybersecurity threats. PCI is a privately-held Futures Commission Merchant (FCM) that offers a range of financial services to clients worldwide. The FCM claims shareholder equity of over $1 billion and the management of assets of over $30 billion. 

 

Thousands of Google Calendars Possibly Leaking Private Information Online

If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you’re exposing all your events and business activities on the Internet accessible to anyone. At the time of writing, there are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links, security researcher Avinash Jain told The Hacker News.

Related Posts