AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 25, 2019

An 18-year-old student from New York is suing Apple for $1 billion, claiming he was wrongfully accused of stealing gadgets from a number of Apple stores in Boston, Manhattan, New Jersey and Delaware last year, writes The New York Post. Ousmane Bah says the company’s facial recognition technology misidentified him after his ID was lost. It is believed his driving learner’s permit was found and possibly used in Apple store thefts. The document had no photo of the accused, and only included personal information such as his name and address. The student claims he couldn’t have committed the thefts as he was attending his senior prom in Manhattan when one of the thefts occurred in Boston. Also, the person in the photo used in the warrant does not look like him, Bah says.


2 Someone is spoofing big bank IP addresses – possibly to embarrass security vendors

The last several days have seen a surge in internet traffic mimicking the IP addresses of big U.S. banks in a possible effort to disrupt the cybersecurity personnel and products that help protect organizations from malicious traffic, according to GreyNoise Intelligence, a company that maps internet traffic. Bank of America, JPMorgan Chase, and SunTrust are among the banks whose IP addresses are being spoofed to seem like they are conducting broad scans of the internet, GreyNoise said. That large-scale scanning is duping people into thinking that the IP addresses are malicious, GreyNoise founder Andrew Morris told CyberScoop. “There are a lot of people around the internet who are definitely convinced that these are bad IPs,” he said.


3 Washington state legislature passes data breach law, but punts on privacy law

The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations. Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently has failed to approve a sweeping new state privacy law, SB 5367, after the House declined to pass it by an April 17 deadline. Sponsored by Rep. Shelley Kloba (D-Kirkland), HB 1071 shrinks the window businesses and government organizations have to notify consumers and the state’s attorney general of a breach from 45 days to 30 days.


4 NYPD forgets to redact facial recognition docs, asks for them back

Inquiring privacy experts want to know, and they’ve wanted to know for a few years: what type of facial recognition technology is the New York City Police Department (NYPD) using? What’s it purchased? What are its policies and procedures? How does it train cops on how to use it? What agreements does it have with other agencies that help it run the facial recognition program? After three years of asking these questions, and filing over 100 requests for relevant documents – which the NYPD is required to hand over per New York State’s Freedom of Information Law (FOIL) – and after a year of being told that the department couldn’t find any such information, Georgetown University Law Center’s Center on Privacy & Technology (CPT) think tank finally managed to claw out 3,700 pages. Some of which, three weeks after it coughed them up, the NYPD demanded that the CPT return.



MageCart attacks on online stores surged last year, culminating in the hack of British Airways and Ticketmaster. This year the trend continues with another high-profile target. The Atlanta Hawks shop, claiming 7 million hits per year, was found leaking credit cards. On April 20th, our global Magecart Detection Network identified suspicious code on the checkout page of the Hawks store, as can be manually verified by viewing the page source. The Atlanta Hawks shop runs Magento Commerce Cloud 2.2, an enterprise-grade ecommerce system owned by Adobe. While Magento itself is quite secure, attackers often use insecure third-party components to gain access to the core of the shop system. Our previous research has uncovered a range of popular vectors: database management tools, marketing plugins and connected accounting software are in the top-3.


6 Apple CEO Tim Cook says FBI’s 2016 case about San Bernadino shooter’s locked iPhone was ‘very rigged’

Apple CEO Tim Cook said it’s unfortunate the FBI’s case to force the company to provide data from a terrorist’s iPhone in 2016 didn’t go to trial because that way the public could have seen the truth. Speaking on Tuesday at a Time Magazine conference in New York, Cook was referring to the case of the San Bernadino shooter, Syed Farook, who killed 14 people and injured 22 others at the Inland Regional Center. Apple publicly opposed the FBI when it asked for access to data Farook’s work phone, saying that what law enforcement was requesting would be a “master key” capable of opening millions of iPhones. The case was dropped after the Department of Justice was able to access the iPhone days before an expected trial. The company or person who was eventually able to crack the iPhone’s security has not been made public.


7 Scientists pull speech directly from the brain

In a feat that could eventually unlock the possibility of speech for people with severe medical conditions, scientists have successfully recreated the speech of healthy subjects by tapping directly into their brains. The technology is a long, long way from practical application but the science is real and the promise is there. Edward Chang, neurosurgeon at UC San Francisco and co-author of the paper published today in Nature, explained the impact of the team’s work in a press release: “For the first time, this study demonstrates that we can generate entire spoken sentences based on an individual’s brain activity. This is an exhilarating proof of principle that with technology that is already within reach, we should be able to build a device that is clinically viable in patients with speech loss.”


8 Security researcher creates new backdoor inspired by leaked NSA malware

A security researcher has created a proof-of-concept backdoor inspired by the NSA malware that leaked online in the spring of 2017. This new malware is named SMBdoor and is the work of RiskSence security researcher Sean Dillon (@zerosum0x0). Dillon designed SMBdoor as a Windows kernel driver that once installed on a PC will abuse undocumented APIs in the srvnet.sys process to register itself as a valid handler for SMB (Server Message Block) connections. The malware is very stealthy, as it doesn't bind to any local sockets, open ports, or hooks into existing functions, and by doing so avoiding triggering alerts for some antivirus systems.


9 Facebook expects FTC fine could be as much as $5 billion

Facebook is bracing for a massive fine from federal regulators after a year of data privacy scandals. Facebook (FB) said Wednesday that it expects an ongoing investigation from the Federal Trade Commission could result in fines ranging from $3 billion to $5 billion. The company set aside $3 billion in legal expenses related to the investigation, which cut into its profit for the first three months of 2019. Facebook's profit for the quarter was $2.4 billion, a decrease of 51% from the same period a year ago. "This matter is not resolved so the actual amount of payment remains uncertain," David Wehner, Facebook's CFO, said on a conference call with analysts on Wednesday after the earnings report. "However we are estimating this range of loss to be $3 to $5 billion."

Related Posts