AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 19, 2019

Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns out that the collection of email contacts was true, Facebook finally admits. In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016. In other words, nearly 1.5 million users had shared passwords for their email accounts with Facebook as part of its dubious verification process.


2 Mobile app used in Car2go fraud scheme to steal 100 vehicles

Car2go's mobile application appears to have been central to a fraudulent scheme used to steal as many as 100 high-end vehicles. As reported by CBS Chicago, the short-term rental car service has temporarily revoked its services in Chicago where the alleged scheme took place. Users who attempted to access the firm's mobile app to book a car have been met with a notice which says that services are not currently available and the company will "provide an updated as soon as possible." CBS reporter Brad Edwards tweeted Wednesday that as many as 100 Mercedes and other high-end cars are missing or have been stolen, and some of these vehicles have been "used in crimes."


3 Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users. Approximately two weeks ago, I was contacted by security researcher Sanyam Jain of the GDI foundation about something strange that he was seeing. Jain told BleepingComputer that he kept seeing unsecured databases containing the same LinkedIn data appearing and disappearing from the Internet under different IP addresses. "According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange."


4 US facial recognition will cover 97 percent of departing airline passengers within four years

The Department of Homeland Security says it expects to use facial recognition technology on 97 percent of departing passengers within the next four years. The system, which involves photographing passengers before they board their flight, first started rolling out in 2017, and was operational in 15 US airports as of the end of 2018. The facial recognition system works by photographing passengers at their departure gate. It then cross-references this photograph against a library populated with faces images from visa and passport applications, as well as those taken by border agents when foreigners enter the country. The aim of the system is to offer “Biometric Exit,” which gives authorities as good an idea of who’s leaving the country as who’s entering it, and allows them to identify people who have overstayed their visas.


5 Facebook admits to storing plaintext passwords for millions of Instagram users

Facebook admitted today to storing the passwords of millions of Instagram users in plaintext format in internal server logs. The announcement came as an update to an incident from last month when the company admitted to storing plaintext passwords for hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram accounts. "We discovered additional logs of Instagram passwords being stored in a readable format," the company said in an update published today. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."


6 Old-school cruel: Dodgy PDF email attachments enjoying a renaissance

The last few months have seen a big increase in malware attacks using PDF email attachments, according to security firm SonicWall. "Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape," said the outfit's Bill Conner. There's nothing new in this, of course, but many recent attacks have relied on getting users to click links in emails leading to infected webpages instead of requiring them to open an attachment, as was traditional. In many cases, targeted PDFs use zero-day exploits for browsers in order to increase the probability of a successful attack as on-the-ball businesses now patch their systems more quickly to protect against known exploits. Other attacks have been known to nick login details by tricking the user into opening malicious PDFs that use remote document loading mechanisms to capture and leak your credentials.


7 Google will check apps by new developers more thoroughly

In an attempt to thwart Android developers who are set to distribute malicious apps through Google Play, Google will be taking more time when reviewing apps by developers with newly minted accounts. This reviewing process will take days, not weeks, Google assures, and should allow them to do more thorough checks before approving apps to be featured in the store. Sameer Samat, VP of Product Management, Android & Google Play, also says that they know that some developer accounts might have been or might be suspended in error, but claims that 99%+ of these suspension decisions are correct. “While the vast majority of developers on Android are well-meaning, some accounts are suspended for serious, repeated violation of policies that protect our shared users. Bad-faith developers often try to get around this by opening new accounts or using other developers’ existing accounts to publish unsafe apps,” he explained.


8 Cyber Attack Forces The Weather Channel Off the Air

The Weather Channel stopped its live broadcasting this morning due to a security incident that lasted for at least 90 minutes. Details are scant at the moment and a tweet from the station does not lift the haze, informing only that it was the victim of "a malicious software attack on the network." When the "AMHQ" show should have started this morning at 6 AM ET, viewers saw taped programming "Heavy Rescue," some viewers complained on Twitter. More than 90 minutes later, the live show returned with its anchors informing of the cyber incident. Restoring the normal program was possible thanks to backup systems. In the official statement on Twitter, The Weather Channel says that federal law enforcement is on the case. However, nothing was said about the nature of the cyber attack or the malware used.


9 Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

A federal judge sentenced a Macedonian man responsible for creating and operating a now-defunct hub for the collection and sale of stolen information on credit card accounts — called Codeshop — to 90 months in prison, federal prosecutors said on April 17. The sentence for Djevair Ametovski, also known as "xhevo" and "sindrom," capped an eight-year investigation and prosecution by the US Secret Service and the US Attorney's Office for the Eastern District of New York. Codeshop launched in 2011 and operated for more than three years. In 2014, Slovenian authorities arrested Ametovski, and two years later, prosecutors successfully extradited him to the United States. While Ametovski initially maintained his innocence, he pleaded guilty to two of three charges in August 2017.


10 Chipotle customers report fraudulent orders charged to their accounts

Mexican food lovers in the U.S. are incurring an ‘extra charge’ with their Chipotle accounts, and they are none too happy about it. In fact, they are up in arms on Reddit and Twitter after failing to convince the restaurant chain that hackers are munching on their credit/debit cards. According to several threads on Reddit and one on Twitter, Chipotle customers in various U.S. states are seeing fraudulent orders in their bank statements, some for hundreds of dollars. As reported by TechCrunch, most complaints involve orders put through their accounts and delivered to addresses in completely different zip codes. Apparently, the hacks have been going on for at least a couple of months. Some customers swear their passwords are unique to their Chipotle accounts, which would indicate that the restaurant chain has suffered a breach. However, when contacted to provide a statement on the situation, a Chipotle spokesperson said hackers used credential stuffing to compromise the accounts.


11 Israeli Scientists Just Created the World's First 3D-Printed Heart

In a development that has got hearts racing, the world just got its first 3D-printed heart, created using human biological cells. A research team at the Tel Aviv University (TAU) in Israel revealed the first three dimensional (3D) vascularized engineered heart using a patient's own cells and biological materials, publishing their findings in an Advanced Science study on April 15. "This is the first time anyone anywhere has successfully engineered and printed an entire heart replete with cells, blood vessels, ventricles, and chambers," said Professor Tal Dvir of TAU's School of Molecular Cell Biology and Biotechnology, one of the lead researchers of the study.

Related Posts