AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 1, 2019

1 Ransomware Hit Garage Used by Canadian Internet Registration Authority

A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink’s “Automated Parking Revenue Control System” to verify visitors by scanning their parking passes. But not this morning. The garage’s barriers were already up, thereby allowing anyone to drive through and get a parking space for free. A technical glitch wasn’t responsible for this unexpected gift of free parking. As reported by Bleeping Computer, Precise Parklink’s systems at this particular garage suffered an infection of Dharma, a family of ransomware which is known to infect computers that have Remote Desktop Services exposed on the internet. The threat specifically looks for machines running RDP and then tries to brute force its way in.


2 SEC To Focus on Cybersecurity in 2019

For the fourth year running, the Securities and Exchange Commission’s Office continues to list cybersecurity as one of the top enforcement priorities for 2019. As it relates to cybersecurity, the SEC will be focusing on ensuring companies have proper configuration of network storage devices, robust information security governance, and established policies and procedures specific to protecting retail investors’ trading information and preventing cyber intrusions into retail brokerage accounts. The SEC also wants to see that companies manage both their own systems (including legacy systems), as well as maintaining adequate oversight of the practices of their partners and affiliates.


3 Microsoft uses court order to shut down APT35 websites

Microsoft has used a court order to wrest control of 99 websites from suspected Iranian hackers that were using them to conduct cyberattacks, court documents unsealed Wednesday show. The tech giant last week took down websites that were “core to [the] operations” of an Iranian hacking group known as APT35 or Phosphorus, Tom Burt, a Microsoft vice president, wrote in a blog post. APT35, also known as Charming Kitten, used spoofed websites of well-known companies, including Microsoft and Yahoo, to conduct their malicious activity, he said. But the court order will force the group to recreate some of that infrastructure.


4 Verizon's Spam-Blocking Call Filter Is Now Free

Robocalls are annoying as hell, and it seems the problem is only getting worse. But if you’re on Verizon, you may have a new way to block them with the company’s Call Filter app, which recently became free for all Verizon customers. Also, to help cut down on robocalls even further, Verizon says its rolling out improvements to Call Filter through the use of its STIR/SHAKEN tech, which is able to detect when spammers spoof legitimate phone numbers in order to bypass traditional blocking techniques.


5 Google security engineer discloses zero-day flaw in TP-Link smart home routers

A zero-day vulnerability impacting TP-Link SR20 smart home routers has been exposed publicly after the company allegedly failed to respond to a researcher's private disclosure. Matthew Garrett, a Google security engineer, revealed the bug after the company failed to fix the issue within 90 days, a timeframe now established within cybersecurity which is considered to be a reasonable amount of time offered to vendors to fix reported security issues. The security flaw is a zero-day arbitrary code execution (ACE) bug in TP-Link SR20 routers, which are dual band 2.4 GHz / 5 GHz products touted as routers suitable for controlling smart home and Internet of Things (IoT) devices while lessening the risk of bottlenecks.


6 FCC “fined” robocallers $208 million since 2015 but collected only $6,790

The Federal Communications Commission has issued $208.4 million in fines against robocallers since 2015, but the commission has collected only $6,790 of that amount. That's because the FCC lacks authority to enforce the penalties, according to an investigation by The Wall Street Journal. The Journal learned of the $6,790 figure by making a Freedom of Information Act request. "An FCC spokesman said his agency lacks the authority to enforce the forfeiture orders it issues and has passed all unpaid penalties to the Justice Department, which has the power to collect the fines," the Journal report said. "Many of the spoofers and robocallers the agency tries to punish are individuals and small operations, [the spokesman] added, which means they are at times unable to pay the full penalties." The Justice Department declined to comment.


7 Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3

Crashed Tesla vehicles, sold at junk yards and auctions, contain deeply personal and unencrypted data including info from drivers’ paired mobile devices, and video showing what happened just before the accident. Security researcher GreenTheOnly extracted unencrypted video, phonebooks, calendar items and other data from Model S, Model X and Model 3 vehicles purchased for testing and research at salvage. Hackers who test or modify the systems in their own Tesla vehicles are flagged internally, ensuring that they are not among the first to receive over-the-air software updates first.


8 Mark Zuckerberg asks governments to help control internet content

Mark Zuckerberg says regulators and governments should play a more active role in controlling internet content. In an op-ed published in the Washington Post, Facebook's chief says the responsibility for monitoring harmful content is too great for firms alone. He calls for new laws in four areas: "Harmful content, election integrity, privacy and data portability." It comes two weeks after a gunman used the site to livestream his attack on a mosque in Christchurch, New Zealand. "Lawmakers often tell me we have too much power over speech, and frankly I agree," Mr Zuckerberg writes, adding that Facebook was "creating an independent body so people can appeal our decisions" about what is posted and what is taken down.


9 Saudis hacked Amazon CEO Jeff Bezos’s phone, company's security chief claims

The security chief for Amazon’s CEO Jeff Bezos says the Saudi government had access to Bezos’s phone and gained private information from it. Gavin de Becker, a longtime security consultant, said he had concluded his investigation into the publication in January of leaked text messages between Bezos and Lauren Sánchez, a former television anchor who the National Enquirer tabloid newspaper said Bezos was dating. “Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’s phone, and gained private information,” De Becker wrote. “As of today, it is unclear to what degree, if any, AMI was aware of the details.”


10 Years of Mark Zuckerberg's old Facebook posts have vanished. The company says it 'mistakenly deleted' them.

Old Facebook posts by Mark Zuckerberg have disappeared — obscuring details about core moments in Facebook's history. On multiple occassions, years-old public posts made by the 34-year-old billionaire chief executive that were previously public and reported on by news outlets at the time have since vanished, Business Insider has found. That includes all of the posts he made during 2007 and 2008. Reached for comment, a Facebook spokesperson said the posts were "mistakenly deleted" due to "technical errors." "A few years ago some of Mark's posts were mistakenly deleted due to technical errors. The work required to restore them would have been extensive and not guaranteed to be successful so we didn't do it," the spokesperson said in a statement.


11 Global video streaming market is largely controlled by the usual suspects

Weeks after Steven Spielberg took a swing at Netflix and Hulu, the Hollywood legend had a change of heart about the medium this Monday. He appeared at Apple’s star-studded event to help the iPhone-maker launch a streaming service. The embrace comes as people are increasingly cutting their cable connections and moving to a streaming service for their entertainment needs. Just last week, the Motion Picture Association of America (MPAA), a trade body that represents major Hollywood studios and Netflix, reported (PDF) that video streaming services now have more subscribers (613.3 million users) worldwide than those with a cable connection (some 556 million users).


12 Care.com deleted ‘tens of thousands’ of providers after report found lax vetting procedures

On March 8th, The Wall Street Journal published a damning report about caregiver platform Care.com, which found that it put the burden on users to evaluate its caregivers, that it didn’t conduct full background checks or vet the daycare centers that were listed on the site, and that in some instances, providers were unlicensed and even were responsible for deaths of the children in their care. In a followup report published today, the WSJ says that the company removed “tens of thousands of unverified day-care center listings” prior to the publication of that initial report. The original report found that there were “about 9 instances” in the last six years where a provider was listed on the site had a criminal record, and then committed a crime against someone they were caring from, ranging from “theft, child abuse, sexual assault, and murder.”


13 The DEA Ran a Massive Database of People Who Bought Money-Counting Machines for Years

The Drug Enforcement Administration maintained a database of people who purchased money-counting machines as part of a “legally questionable” effort to identify suspected drug dealers for further surveillance and enforcement efforts, the New York Times reported on Saturday. The Times reported that a U.S. Department of Justice inspector general report indicated that said program operated from 2008 to 2013, when former National Security Agency contractor Edward Snowden leaked troves of internal intelligence documents. Beginning in 2008, the DEA began issuing “blanket administrative subpoenas to vendors to learn who was buying money counters,” all of which had “no court oversight and were not pegged to any particular investigation.” They then assembled a database of “tens of thousands” of individuals who had purchased the devices, using the information as leads in investigations.

Related Posts