AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/23/2019

Second Wave of Click2Gov Breaches Hits United States

In December 2018, Gemini Advisory covered a breach of Click2Gov, a self-service bill-pay portal for utilities, community development, and parking tickets, which compromised over 300,000 payment card records from dozens of cities across the United States and Canada between 2017 and late 2018. Gemini has now observed a second wave of Click2Gov breaches beginning in August 2019 and affecting over 20,000 records from eight cities across the United States. The portals of six of the eight cities had been compromised in the initial breach.


Thinkful Resets All User Passwords After Security Breach

Online developer bootcamp company Thinkful is sending out email notifications that state an unauthorized user was able to gain access to employee accounts credentials. Due to this, they are requiring all users to reset their passwords the next time they login. According to Thinkful’s email, they discovered that an unauthorized user had gained access to employee credentials and immediately changed the passwords to those accounts. Due to this security breach, out of caution they decided to reset all user’s accounts.



Each year, millions of elderly Americans fall victim to some type of financial fraud, racking up more than $3 billion in losses annually. Criminals use a variety of methods to deceive these victims, including romance, sweepstakes, charity, technology support, grandparent, lottery, and government impersonation schemes, to name a few. In each case, perpetrators try to gain their targets’ trust and may communicate with victims via computer, through the mail, in person, and by phone, TV, and radio. With the elderly population growing in the United States, it is likely perpetrators will find more and more victims.


Twitter suspends Saudi royal adviser Qahtani, fake Gulf accounts

Twitter suspended the account of former Saudi royal court adviser Saud al-Qahtani on Friday, nearly a year after he was sacked over his suspected role in the murder of Washington Post journalist Jamal Khashoggi. The social network also separately removed accounts linked to Saudi Arabia’s “state-run media apparatus” and others in the United Arab Emirates and Egypt, all of them amplifying pro-Saudi messages, according to a company blogpost. Qahtani, a close confidante of Crown Prince Mohammed bin Salman, ran the royal court’s media center as well as an electronic army tasked with protecting the kingdom’s image and attacking its perceived enemies online.


100,000 free AI-generated headshots put stock photo companies on notice

It’s getting easier and easier to use AI to generate convincing-looking, yet entirely fake, pictures of people. Now, one company wants to find a use for these photos, by offering a resource of 100,000 AI-generated faces to anyone that can use them — royalty free. Many of the images look fake but others are difficult to distinguish from images licensed by stock photo companies.


World’s most destructive botnet returns with stolen passwords and email in tow

If you’ve noticed an uptick of spam that addresses you by name or quotes real emails you’ve sent or received in the past, you can probably blame Emotet. It’s one of the world’s most costly and destructive botnets—and it just returned from a four-month hiatus. Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco’s Talos security team helps explain how Emotet continues to threaten so many of its targets.


WeWork’s weak Wi-Fi security leaves sensitive documents exposed

When Teemu Airamo moved into his company’s new Manhattan office in shared workspace provider WeWork, he had one overriding priority: to run a security scan on the building’s Wi-Fi network. After all, he shared a space with more than 200 companies also co-working in the Financial District hub and didn’t want anyone snooping around. It was May 2015, and Airamo’s digital media company was working with contracts and sensitive documents. He couldn’t afford to get hacked. So when he saw hundreds of other companies’ devices and financial records completely visible on the building’s network, Airamo was stunned. 


Selfie Android Apps with 1.5M+ Installs Push Ads, Can Record Audio

A couple of Android apps found in Google Play included functionality that stealthy recording audio without user consent. The apps posed as selfie camera filters and had been installed over 1.5 million times. The main activity of the two apps was not spying on users but aggressively pushing adware that covered the entire screen of the Android device. The two apps are Sun Pro Beauty Camera, which counted more than one million installations by the time it was discovered, and Funny Sweet Beauty Selfie Camera, which had been installed over 500,000 times.


Scotiabank exposed source code and credentials on GitHub repositories

For months in some instances, Canadian banking giant Scotiabank reportedly stored highly sensitive digital property on a series of publicly open and accessible GitHub repositories, potentially exposing its internal source code, login credentials and access keys. The financial institution had the repositories “torn down” earlier this week after being alerted to the error, according to The Register, which was first to report on the situation. The repositories contained hundreds of files, some of which contained code that appears to be intended for mobile apps for Central and South American users.


Our motto: Dronepocalypse Now

Last week someone knocked out 5% of world oil production with a small swarm of drones and cruise missiles, and in doing so, inaugurated “a change in the nature of warfare globally,” to quote The Independent. These were relatively crude drones, too. Let’s pause a moment to imagine what happens if and when sophisticated autonomous drones become cheap enough for even small groups of technically capable insurgents and terrorists to use at scale.


ACT government and AustCyber launch Canberra Cyber Security Innovation Node

The ACT government and AustCyber have jointly opened the doors to the Canberra Cyber Security Innovation Node in a move to further grow the local cybersecurity workforce and help industry commercialise cybersecurity technologies in Australia. “ACT government’s partnership with AustCyber is an important step in the advancement of the cybersecurity industry in the ACT in many ways. The Node is growing and creating jobs while strengthening Canberra’s knowledge economy — particularly around cybersecurity in the space, defence, and education sectors,” Canberra Cyber Security Innovation Node manager Linda Cavanagh said.


Smart TVs send user data to tech heavyweights including Facebook, Google, Netflix

University researchers say that smart TVs are leaking sensitive, private user information to companies including Google, Facebook, and Netflix. As reported by the Financial Times, smart television sets produced by popular vendors including Samsung, Apple, and LG, alongside content and app streaming devices such as Amazon’s FireTV and Roku, are sending out information potentially without the knowledge or consent of users. 


Facebook suspends tens of thousands of apps in ongoing privacy investigation

Facebook—the social media company that has been under intense public criticism for not adequately safeguarding the personal information of its 2 billion users—has suspended tens of thousands of apps for a variety of violations, including improperly sharing private data. In a post published on Friday, Facebook VP of Product Partnerships Ime Archibong said the move was part of an ongoing review that began in March 2018, following revelations that, two years earlier, Cambridge Analytica used the personal information of as many as 87 million Facebook users to build voter profiles for President Donald Trump’s presidential campaign. Facebook has been embroiled in several other privacy controversies since then.


Could EarEcho change the way we authenticate our phones?

We’re used to identifying ourselves to our phones using our fingers, our faces, and even our irises, but now, researchers are targeting a new piece of our body that they say could be the perfect identifier: The inside of our ears. Researchers at University at Buffalo, State University of New York and Syracuse University have discovered a way to use wireless earbuds as a biometric authentication system. Called EarEcho, it uses a small microphone inserted in a regular pair of wireless earbuds. When the earbuds play audio, it records the sound that bounces back from the ear canal, creating a unique profile of the user’s inner ear.

Related Posts