AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/6/2019

A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks. According to a FireEye report, APT5 has been active since 2007, and “appears to be a large threat group that consists of several subgroups, often with distinct tactics and infrastructure.”


New York district postpones 1st day of school after cyber threat

Monroe-Woodbury Central School District Superintendent Elsie Rodriguez sent a letter to parents saying the ransomware attack impacted district operations, and as a result, officials scheduled an unplanned Superintendent’s Conference Day for Wednesday. Hackers are believed to have infiltrated the district’s computer system, which was shut down as an emergency precaution. Officials were able to access important records on backup servers and will print out the material on a paper for the first day of classes. “By shutting everything down, we believe that we have protected our data,” Rodriguez said Wednesday. “But again, we’re going to have to go back to paper. Everything is going to be on paper.”


600,000 GPS trackers for people and pets are using 123456 as a password

An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found. The $25 to $50 devices are small enough to wear on a necklace or stash in a pocket or car dash compartment. Many also include cameras and microphones. They’re marketed on Amazon and other online stores as inexpensive ways to help keep kids, seniors, and pets safe. Ignoring the ethics of attaching a spying device to the people we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini GPS Tracker Locator and almost 30 similar model brands from the same manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping, spying, and spoofing attacks that falsify users’ true location.


Facebook just launched its Dating service

Facebook Dating is finally here. The social network launched the feature today in the US and 19 other countries, after announcing it last year at its F8 developer conference. The feature will be available to users above the age of 18 and, for those eligible, will appear as a new tab in the Facebook app. Importantly, you’ll have a separate profile for Facebook Dating, meaning your, uh, activities won’t appear on your family’s newsfeed.


Google accused of leaking personal data to thousands of advertisers

Brave, the maker of a Chromium-based browser rival to Google Chrome, says it has new proof that Google is leaking personal information to advertisers and violating Europe’s privacy laws around data control and transparency.  Johnny Ryan, Brave’s chief policy and industry relations officer, has submitted his findings to the Irish Data Protection Commission, Google’s lead regulator in Europe. In May the DPC opened an investigation into Google’s Authorized Buyers real-time bidding (RTB) ad exchange that connects ad buyers with millions of websites selling their inventory.  


FBI Releases Article on Think Before You Post Campaign

The Federal Bureau of Investigation (FBI) has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior, including threats. The FBI article stresses that this type of online behavior could result in serious consequences to the individual as well as the community.


Hacked SharePoint sites used in new phishing campaign

Security researchers have discovered a new phishing campaign which uses compromised SharePoint sites and OneNote documents to trick potential victims from the banking sector to visit their landing pages. The cybercriminals behind the campaign have chosen Microsoft’s web-based SharePoint collaborative platform to launch their attacks because the domains it uses are often overlooked by secure email gateways and this allows their phishing messages to actually reach users’ inboxes.


Police use of controversial facial recognition technology deemed lawful

The case, brought by Liberty on behalf of its client, Cardiff resident Ed Bridges, is the first of its kind to legally challenge the police use of the mass surveillance tool in the UK. Despite ruling that it “does entail infringement” of Bridges’ Article 8 privacy rights, the two presiding judges decided that South Wales Police’s use of AFR had “struck a fair balance and was not disproportionate,” making its deployment justified. As such, South Wales Police can continue to use the technology.


Facebook, Microsoft, and academics launch deepfake detection competition

Facebook together with the Partnership on AI, Microsoft, and academics are making a deepfake dataset, benchmark, and public challenge with up to $10 million in grants and awards to spur innovation and make it easier to spot fake content. The Deepfake Detection Challenge will be put together with support from academics at Cornell Tech, MIT, University of Oxford, UC Berkeley, University of Maryland, College Park, and University at Albany-SUNY. The challenge will also have a leaderboard to identify top deepfake detection systems. The deepfake dataset will be released during the NeurIPS conference which takes in December in Vancouver, Canada.


Google’s new feature will help you find something to watch

Google Search can now help you find your next binge. The company this morning announced a new feature which will make personalized recommendations of what to watch, including both TV shows and movies, and point you to services where the content is available. The feature is an expansion of Google’s existing efforts in pointing web searchers to informative content about TV shows and films.


Zero-day privilege escalation disclosed for Android

Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device. The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a “lack of validating the existence of an object prior to performing operations on the object,” researchers with Trend Micro’s Zero Day Initiative said in a blog post published Wednesday. Attackers who already have untrusted code running with low privileges on a device can exploit the bug to access privileged parts of the Android kernel. The severity score is rated a 7.8 out of a possible 10 points.


Belarusian police shut down notorious hacking forum

Belarusian authorities have seized the servers of a notorious hacking forum that served as a meeting place for malware authors, hackers, spammers, botnet operators, and other cyber-criminals, the Belarusian Ministry of Internal Affairs said in a press release. Named XakFor, the forum launched in 2012 and targeted the Russian-speaking cybercrime scene. It operated on the open internet, and not on the dark web, as most would have expected, a reason many now believe led to its demise.


Related Posts