AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 24, 2019

Bodybuilding.com fitness and bodybuilding fan website notified its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. As detailed in the data incident notification published on the company's help center, the security breach might "have affected certain customer information in our possession" and, as concluded after investigating the incident with the help of "external forensic consultants that specialize in cyber-attacks," Bodybuilding.com says that it "could not rule out that personal information may have been accessed." The company also stated that there were no full debit or credit card numbers impacted in the security breach because it only stores only the last four digits and only for customers who opted to have their cards stored with their account information.


2 Extremely real: Why live video streaming is dangerous for children

Social networks are increasingly part of our real lives. What began as occasional blog posting became hourly Twitter updates; Instagram photos replaced text updates; and then YouTube vlogs started to gain popularity. Now, the trend is live streaming. Services such as Periscope and Facebook Live help people share their lives in real time with friends and strangers alike, no need to bother with editing and uploading videos. All you need is a smartphone. For all their appeal, the services bring more new threats to kids. Cases of kids demonstrating uncharacteristic violence or live-streaming nudity have made headlines. Things a kid might discover among a number of live streams could range from suicides to real-time sexual assaults.


3 EmCare data breach exposes 60,000 employees, patients

EmCare Inc. suffered a data breach after several employee email accounts were accessed by an unauthorized entity, resulting in the compromise of up to 60,000 individuals’ information. The Dallas-based company, which provides physician services, said in a statement that it determined the hacked emails contained patients’, employees’ and contractors’ personal information. The exposed data included names and birth dates or ages and, for some patients, clinical information. In certain instances, Social Security and driver’s license numbers were impacted. EmCare says it determined the contents of the affected email accounts on Feb. 19, 2019. However, the statement does not specifically say when the breach is believed to have first occurred or when the health care provider discovered the incident. The company also did not reveal how many individuals are affected, but a Bloomberg report put the number at 60,000 – 31,000 of them patients.


4 Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum

A buggy update for Nokia 9 PureView handsets has apparently impacted the smartphone model's in-screen fingerprint scanner, which can now be bypassed using unregistered fingerprints or even with something as banale as a pack of gum. Multiple users have complained about this problem over the weekend [1, 2, 3, 4], after installing an OS update (v4.22) released on April 18 [1, 2]. The update was meant to improve the phone's in-screen fingerprint scanner module –so that users won't have to press their fingers too hard on the screen before the phone unlocks– yet it had the exact opposite effect the company hoped for.


5 AT&T’s fake 5G icons aren’t going away despite settlement with Sprint

For consumers, the key question is whether AT&T will keep using the misleading 5G E designation to describe large portions of its 4G LTE network. Multiple reports say that AT&T will be allowed to continue doing so. "Terms of the resolution weren't available, but a person familiar with the situation said the carrier will continue to use the 5G E brand—short for 5G Evolution—in advertising and on its phones," the Houston Chronicle wrote today. A Dallas Business Journal report yesterday similarly said that "people will continue to see 5G Evolution advertising and marketing from AT&T after the settlement." We asked AT&T and Sprint whether there will be any changes to AT&T's use of 5G E on phone network indicators, but we received only short statements from each carrier that they have "amicably" settled the lawsuit.


6 McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all

The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more antivirus scanners to its list of known issues. As of publication time, client-side antivirus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch. Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It's not immediately clear if systems are freezing altogether or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.


7 Google Wing drones approved for US home deliveries

Drone home delivery company Wing has been approved as an airline by the US Federal Aviation Authority. It means the company will start delivering goods in rural Virginia within months. Wing, owned by Google's parent company Alphabet, says the drones will carry food and medicine from local shops. In order to receive the certification, it said it had proved that its drone deliveries carry a lower risk to pedestrians than those made by cars. Although other companies' drone delivery services have received approval for test flights, Wing is the first to be approved as an airline in the United States.


8 Microsoft Office now the most targeted platform, as browser security improves

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.


9 ‘Days, not hours’: Stratford still dealing with effects of cyber-attack

About a week ago, the City of Stratford was hit with a cyber-attack. Eight days later, the city says it is still working to restore its systems and regain access to its data. According to an update, a virus locked staff out of systems and encrypted city data. Stratford police and provincial police cybercrime specialists are investigating the incident, which is being treated as criminal. Critical city services are reportedly operational, including emergency services, transit and water systems. “We especially appreciate those who worked through the Easter long weekend getting our systems up and running,” the release says in part. The city says it will prepare a full incident report once all systems have been restored.


10 Another dark web marketplace bites the dust –Wall Street Market

Less than a month after the oldest and biggest dark web marketplace announced plans to shut down, another dark web market has "exit scammed" after the site's admins ran away with over $14.2 million in user funds. The stolen funds belonged to criminals selling drugs, weapons, and malware, so there won't be many of our readers shedding tears for defrauded "victims." With the Wall Street Market's exit scam, this now also means that the T•chka Market is now the only major player on the once crowded dark web market scene. The Wall Street Market (WSM) exit scam was set into motion last week when the site's admins started moving funds from the market's main Bitcoin wallets to another location.


11 Microsoft Not Giving Up on Classic Windows Paint Yet

Microsoft Paint fans around the world can breathe a sigh of relief as Microsoft has decided to give it a stay of execution for at least the upcoming Windows 10 version 1903. With the release of the Windows 10 Fall Creator's Update in July 2017, Microsoft announced that the classic Windows Paint application would be deprecated and eventually removed in later versions.  As a replacement Microsoft promoted their Paint 3D app, but for those who wanted the Classic Paint, it would become available from the Microsoft Store. Since then, subsequent builds of Windows 10 continued to provide the Paint application, but Microsoft added a "Product Alert" button, which when pressed stated that "Paint will soon be moving to the Microsoft Store. Don't worry; it will still be free to download once it moves there."


12 1 in 4 Workers Are Aware Of Security Guidelines – but Ignore Them

Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services. An alarming percentage of workers are consciously avoiding IT guidelines for security, according to a new report from Symphony Communication Services. The report, released this morning, is based on a survey of 1,569 respondents from the US and UK who use collaboration tools at work. It found that 24% of those surveyed are aware of IT security guidelines yet are not following them. Another 27% knowingly connect to an unsecure network. And 25% share confidential information through collaboration platforms, including Skype, Slack, and Microsoft Teams. 

Related Posts