AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 4, 2019

1 Walmart partners with Google on voice-enabled grocery shopping

Following the latest wave of price cuts at Amazon’s Whole Foods, announced Monday evening, Walmart today introduced its own plans to challenge Amazon on grocery shopping through a partnership with Google. The company is rolling out a new voice-ordering capability, Walmart Voice Order, which works across Google Assistant-powered platforms, including Google’s smart speakers and displays, smartphones, smartwatches and more. The news follows several efforts by Walmart to enter voice-based commerce, despite not offering its own hardware or voice assistant platform, as Amazon does with Echo and Alexa, respectively.

 

2 Georgia Tech Data Breach Potentially Exposed 1.3M Users’ Personal Data

On 2 April, the public research university published a statement on its website in which it revealed that an unknown actor had gained unauthorized access to one of its web applications. The party thereby obtained the necessary privileges to view a central database containing the personal information of up to 1.3 million people including current and former faculty, staff, students and student applicants. As of this writing, Georgia Tech doesn’t know the identities of all the persons whom the data breach might have affected. It also is uncertain about what types of personal information the incident might have compromised. That being said, the university’s notice did state that the event could have breached users’ names, addresses, Social Security Numbers and birth dates.

 

3 Dozens of Credit Card Info Skimming Scripts Infect Thousands of Sites

Malicious web code that Magecart groups use to steal payment card data from online stores is bustling business on underground forums. There are at least 38 unique families of such scripts, some more advanced than others, but each with multiple custom variants under their belt. Coined by researchers at RiskIQ, the name Magecart refers to groups that scrape card data via malicious JavaScript code that loads on checkout pages. In late February, the company had discovered 12 Magecart groups operating independently. The prolific activity of these groups prompted attention from other companies.

 

4 Arizona Beverages knocked offline by ransomware attack

Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month, TechCrunch has learned. The company, famous for its iced tea beverages, is still rebuilding its network almost two weeks after the attack hit, wiping hundreds of Windows computers and servers and effectively shutting down sales operations for days until incident response was called in, according to a person familiar with the matter. More than 200 servers and networked computers displayed the same message: “Your network was hacked and encrypted.” The company’s name was in the ransom note, indicating a targeted attack.

 

5 Facebook app developers leaked millions of user records on cloud servers, researchers say

Facebook app developers left hundreds of millions of user records exposed on publicly visible cloud servers, researchers from security firm UpGuard said today. The researchers said the larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said. A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 Facebook passwords, the researchers reported. It’s not clear how long the data was publicly available, or who may have obtained it from the servers, if anyone. Both data sets were found on Amazon cloud servers, and the data was removed after Facebook was contacted, the researchers said.

 

6 OIG: FBI Communication with Cyber Crime Victims Falls Short

Department of Justice (DOJ) Inspector General Michael E. Horowitz today released a report examining the Federal Bureau of Investigation’s (FBI) process for notifying and engaging with victims of cyber intrusions (cyber victims). The DOJ Office of the Inspector General (OIG) found issues with the completeness and quality of the data stored in the FBI’s Cyber Guardian system — which tracks the production, dissemination, and disposition of cyber victim notifications — and identified problems with how the FBI conducted cyber victim notifications, both internally and in coordination with other government agencies.

 

7 NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia

In a statement sent to reporters Sunday evening, a spokesperson for NSO Group said that “we can say unequivocally that our technology was not used in this instance.” The spokesperson said that NSO’s software “cannot be used on US phone numbers.” “Our technology, which is only licensed to prevent or investigate crime and terror, was not used by any of our customers to target Mr. Bezos’ phone,” the spokesperson said. NSO Group sells hacking and surveillance technology to around 60 government agencies in around 30 countries around the world, according to recently published financial audits. Over the years, researchers have accused countries like Mexico of using NSO's spyware to target human rights activists and journalists. On Saturday, Bezos’s security advisor Gavin De Becker wrote in a piece on The Daily Beast that he had concluded that Saudi Arabia had hacked Bezos’s phone. De Becker wrote that “our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.”

Related Posts