AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 17, 2019

At their best, voice assistants from the likes of Microsoft, Apple, Google, Samsung, and Amazon empower us to be more productive. They queue up our favorite songs, give us previews of our weekly agendas, and place phone calls to friends and loved ones. But they’re also recording the commands we utter for posterity (and in some cases human review), which predictably doesn’t sit right with everyone. Fortunately, most assistants can be switched off, disabled, or otherwise fettered in a few simple steps. Here’s a guide to doing just that, and to deleting any voice snippets they managed to record in the meantime.


2 Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions

Multiple massive malvertising attacks which targeted iOS users from the U.S. and multiple European Union countries for almost a week used a Chrome for iOS vulnerability to bypass the browser's built-in pop-up blocker. eGobbler, the threat group behind the flurry of attacks, used "8 individual campaigns and over 30 fake creatives" throughout their push, with each of the fake ad campaigns having lifespans of between 24 and 48 hours. In total, according to the Confiant researchers who discovered and monitored eGobbler's iOS-targeted attacks, roughly 500 million users sessions were exposed to this large scale orchestrated campaign pushing fake ads.


3 Employee privacy in the US is at stake as corporate surveillance technology monitors workers’ every move

The emergence of sensor and other technologies that let businesses track, listen to and even watch employees while on company time is raising concern about corporate levels of surveillance. Privacy advocates fear that, if the new technology is not wielded carefully, workers could be at risk of losing any sense of privacy while on the job. Overall, corporate interest in surveillance seems to be on the rise. A 2018 survey by Gartner found that 22% of organizations worldwide in various industries are using employee-movement data, 17% are monitoring work-computer-usage data, and 16% are using Microsoft Outlook- or calendar-usage data. Employers say it helps them boost productivity. Employees cringe at this invasion of privacy.


4 How to Run Diagnostics Tests on Your Smartphone

If you’ve never run a diagnostics test on your own smartphone, it’s worth doing—especially as your phone starts to show its age, or if you purchased a “new” smartphone secondhand and want to get a feel for its condition. Diagnostic tools are also helpful for when your device becomes less efficient, but you can’t quite pin down why. Instead of using guesswork to troubleshoot the various features on your phone until you stumble on a solution, a diagnostics scan can highlight exactly what’s wrong with your phone, or at least provide enough data to point you in the right direction.


5 Hackers Publish AAF Member Data, Claim It's 'FBI Watchlist'

After previously releasing the data of three FBI National Academy Associates (FBINAA) charters and leaking the personal information of thousands of FBI agents, a hacking group published what appears to be the information of tens of thousands of American Advertising Federation (AAF) members claiming it's an FBI watchlist. As initially reported by TechCrunch, the hackers hosted multiple documents that allegedly contain the personal info of law enforcement agents on their own website, containing "about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses."


6 Samsung Issues 'Urgent' Galaxy S10 Security Update

Most Galaxy S10 users love their phones, but many have complained about the fingerprint scanner. According to users and reviewers, the ultrasonic in-display sensor can be slow and inaccurate. Last week, Samsung was also hit by claims that the fingerprint scanner isn’t actually that secure. A researcher was able to bypass it by taking a photo of a fingerprint on a wine glass and making a 3D copy. Granted, this isn’t something a regular hacker could easily do – and as Forbes contributor Davey Winder says, it isn’t a reason to stop using the fingerprint scanner just yet. But the manufacturer is making an effort to improve its fingerprint scanner after releasing a firmware update to its biometrics module in the Galaxy Store. Specifically for the S10 and S10+, the update comes with very limited notes, but what they do say is that it is urgent – and that the 6.9MB download covers a “biometrics security patch” and “fingerprints”.


7 Apple and Qualcomm are ending their legal battles

The years-long legal battle between Apple  and Qualcomm appears to be coming to an end. The two companies have just announced a settlement, with both agreeing to drop all litigation with the other worldwide. Exact details of the agreement are under wraps, with the two companies only disclosing: A payment (amount undisclosed) is being made from Apple to Qualcomm; The two companies are establishing a six-year licensing agreement (with the option to extend by up to two years), and a “multiyear” chipset supply agreement.


8 Mozilla Calls Out Apple's iOS Tracking Tech

Apple’s ads over the last year have been centered around one idea: privacy. The message is that the rest of the tech industry is fucking up while Apple is not. Frankly, they have a point. With its encrypted phones and messages to anti-tracking in browsers, Apple is jumping over an admittedly low bar on privacy issues. But the Cupertino giant is far from perfect and has its own privacy critics, one of which is putting a spotlight on iPhone tracking tech that most users are unaware of. A petition launched this week by Mozilla is asking Apple to make it harder for advertisers to track iPhone users by implementing an automatic monthly rotation the unique ID (an “identifier for advertiser” or IDFA) that comes with every new iPhone. Mozilla is, of course, the Silicon Valley-based free software organization behind the Firefox browser and other free software.


9 Did you fly a drone over Fenway Park? The FAA would like a chat

Drones are great. But they are also flying machines that can do lots of stupid and dangerous things. Like, for instance, fly over a major league baseball game packed with spectators. It happened at Fenway Park last night, and the FAA is not happy. The illegal flight took place last night during a Red Sox-Blue Jays game at Fenway; the drone, a conspicuously white DJI Phantom, reportedly first showed up around 9:30 PM, coming and going over the next hour. One of the many fans who shot a video of the drone, Chris O’Brien, told CBS Boston that “it would kind of drop fast then go back up then drop and spin. It was getting really low and close to the players. At one point it was getting really low and I was wondering are they going to pause the game and whatever, but they never did.


10 RobbinHood Ransomware Claims It's Protecting Your Privacy

A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of  bitcoins to decrypt a single computer or a larger amount to decrypt the entire network. Not much is currently known about this ransomware and a sample for RobbinHood has not currently been found. We  have, though, seen the ransom notes and encrypted files of various victims, which allows us to put together a picture of how this ransomware may operate. Of particular interest is how they stress that the victim's privacy is important to them and they will not disclose any victims who have paid.


11 Garfield County, Utah falls victim to ransomware, pays attackers

Garfield County, Utah became the latest municipality to not only be hit with a ransomware attack, but succumb to the attackers demand and pay the ransom. Local news reports said the attack happened several weeks ago, but proved so severe that the county opted to pay for the release of its files. The payment was made in bitcoin and the files were released in March. The county did not state how much was paid to the attackers. In March Jackson County, Georgia paid a $400,000 when it found itself in a similar situation. “All of our data had been taken,” Garfield County Attorney Barry Huntington told Fox13Now. The attack was launched via a phishing email resulting in the county’s data being encrypted, although some officials told Fox13now that the data from the assessor’s office and the recorder’s office had also been removed.


12 Scammers With Verified Instagram Accounts Cheating 'Influencers' With Fake Verification Service

Getting verified on social media is a big deal. Verified users on Facebook, Twitter, and Instagram get a special icon, comments by verified users on Instagram posts can get additional visibility, and verification can help in influencers getting sponsored by advertisers, which is why would-be influencers will try almost anything to get verified. Making them, of course, perfect targets for a scam. That's exactly what's happening, says Viral Nation's Travis Hawley. While he's now a social media manager, Hawley used to be an NSA intelligence analyst, and he used his National Security Agency training to dig into the scam.


13 Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show

Facebook CEO Mark Zuckerberg oversaw plans to consolidate the social network’s power and control competitors by treating its users’ data as a bargaining chip, while publicly proclaiming to be protecting that data, according to about 4,000 pages of leaked company documents largely spanning 2011 to 2015 and obtained by NBC News. The documents, which include emails, webchats, presentations, spreadsheets and meeting summaries, show how Zuckerberg, along with his board and management team, found ways to tap Facebook’s trove of user data — including information about friends, relationships and photos — as leverage over companies it partnered with. In some cases, Facebook would reward favored companies by giving them access to the data of its users. In other cases, it would deny user-data access to rival companies or apps.


14 YouTube's New Fact-Check Tool Flagged Notre Dame Fire Coverage And Attached An Article About 9/11

As the Notre Dame Cathedral went up in flames on Monday, YouTube flagged livestreams of the incident as possible sources of misinformation and then started showing people articles about the 9/11 attacks. The cause of the fire was not immediately known, but it broke out as the 12th-century cathedral was undergoing a multimillion dollar renovation project. Police in Paris also said no deaths were reported from the site. Several news outlets quickly started livestreaming the fire on YouTube. However, underneath several of them was a small gray panel titled "September 11 attacks," which contained a snippet from an Encyclopedia Britannica article about 9/11. The feature is part of a larger rollout of tools and disclaimers to prevent users from consuming misinformation on the platform.


15 Twitter blocks EFF tweet that criticized bogus takedown of a previous tweet

Twitter and Starz have given us a new example of how copyright enforcement can easily go overboard. At Starz's request, Twitter blocked an April 8 tweet by the news site TorrentFreak, which had posted a link to one of its news articles about piracy. News coverage about piracy is obviously not the same thing as piracy, and the article contained only still images from pirated TV shows and did not tell readers where pirated content could be downloaded. Despite that, Twitter blocked access to the tweet in response to the copyright takedown request by Starz, whose show American Gods was mentioned in the TorrentFreak article. On April 11, hours after the tweet was blocked, TorrentFreak wrote an article about the takedown and quoted an Electronic Frontier Foundation (EFF) attorney as saying that the takedown was inappropriate because news coverage about piracy is not illegal.


16 Flickr tackling online image theft with new AI service

Photo-sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users’ images online. The company is partnering with image monitoring company Pixsy to offer the AI-powered feature. Flickr began offering the service this week, claiming it as a step forward in the fight to protect its members’ rights, stating: We remain aware of the fact that photo theft is a sad reality of the online world and a major issue for photographers trying to make a living off of their work. It will offer the service to paying members under its Pro subscription. It enables them to monitor up to 1000 images and lets users send 10 DMCA takedown notices for free. The Digital Millennium Copyright Act lets copyright owners send cease and desist letters to people using their content online without permission.


17 Google’s Sensorvault Is a Boon for Law Enforcement. This Is How It Works

Law enforcement officials across the country have been seeking information from a Google database called Sensorvault — a trove of detailed location records involving at least hundreds of millions of devices worldwide, The New York Times found. Though the new technique can identify suspects near crimes, it runs the risk of sweeping up innocent bystanders, highlighting the impact that companies’ mass collection of data can have on people’s lives. The Sensorvault database is connected to a Google service called Location History. The feature, begun in 2009, involves Android and Apple devices. Location History is not on by default. Google prompts users to enable it when they are setting up certain services — traffic alerts in Google Maps, for example, or group images tied to location in Google Photos. If you have Location History turned on, Google will collect your data as long as you are signed in to your account and have location-enabled Google apps on your phone. The company can collect the data even when you are not using your apps, if your phone settings allow that.


18 Microsoft disputes Outlook data breach report

Outlook, Hotmail and MSN Mail, alerting them that an unauthorized third party gained partial access to Microsoft-managed accounts between Jan. 1 and March 28 of this year. According to Microsoft, the Outlook data breach was limited in scope. Microsoft initially said attackers potentially had access to email addresses of affected users and those they communicated with, folder names and subject lines of messages. However, after TechCrunch first reported the story, Motherboard claimed to have seen screenshots from the threat actors involved in the Outlook data breach. The attackers claimed the issue persisted for as long as six months, and they were able to access email content from "a large number" of users. A Microsoft spokesperson refuted the claim that the Outlook data breach spanned six months, calling it "inaccurate" and reaffirming the January-to-March timeline. Microsoft did admit attackers accessed more information for some users.


19 New Microsoft Edge to Warn Users When in Administrator Mode

The upcoming Chromium-based Microsoft Edge browser will warn users when they launch the browser with administrative privileges and suggest that they relaunch the browser as a non-administrator. This warning will be titled "Administrator Mode Detected" and currently states "Close Microsoft Edge and relaunch in non-administrator mode for best performance." This warning is being displayed as running Microsoft Edge with administrative privileges can cause undesirable behavior under certain situations, but is also a security risk. This is because any program that is launched from the Edge browser will inherit it's security level.


20 Blue Cross of Idaho Hacked, Some Member Information Accessed

One of Idaho’s largest insurance companies said Friday that someone hacked its website and obtained access to the personal information of about 5,600 customers, including their names, claim payment information and codes indicating medical procedures they may have undergone. Blue Cross of Idaho Executive Vice President Paul Zurlo said in a statement that all affected members were notified and were offered three years of complementary credit monitoring and identity protection services. The company has about 560,000 health insurance customers. Blue Cross of Idaho said the information did not include Social Security numbers, driver’s license numbers, banking or credit card numbers or information about medical diagnoses. “We take consumers’ privacy very seriously, and we are committed to keeping our members’ data secure,” Zurlo said.

Related Posts