AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – April 5, 2019

1 Windows 10 News App Blunder Made Users Think They're Infected

A configuration mistake in the Microsoft News app caused Window 10 users to receive strange test notifications, which caused them to think they were infected. Last Friday, users on Reddit began posting about strange notifications they were receiving in the Windows 10 action center. These notifications indicated they were from the Microsoft News app, but were labeled as coming from Microsoft Movies. Even stranger, these notifications contained messages stating "Test Notification, "thsi test notification", and "this is test notification" as shown below. When users started receiving these errors, especially the ones that were misspelled, they became worried that Windows was infected with a virus.


2 Amazon’s Alexa now handles patient health information

Today, Amazon announced that six health care companies and providers will allow customers to access some of their personalized medical information by talking to Alexa-enabled devices. The announcement marks another huge move for Amazon into the health care business. The main health privacy law in the US — the Health Insurance Portability and Accountability Act of 1996 (HIPAA) — typically ensures that health information can only be shared between patients and those in the health care system, like doctors or hospitals. In other words, information like medical diagnoses and pharmaceutical prescriptions are not available to third parties. Now, Amazon says it has created a way for companies to transmit this information via Alexa-enabled devices and remain HIPPA-compliant. It invited six health companies to develop voice programs — which Amazon refers to as “skills” — using their systems. This development was earlier reported by CNBC and Stat News.


3 To catch a drug thief, hospital secretly recorded births, women’s surgeries

A California hospital faces a lawsuit from 81 women who allege they were secretly filmed by hidden cameras in labor and delivery operating rooms while undergoing extremely intimate procedures, including Caesarean births, sterilizations, and operations to resolve miscarriages. The women claim that their privacy was egregiously violated by the hospital, Sharp Grossmont Hospital in La Mesa, California, which is run by Sharp HealthCare. The women say they did not consent to be filmed during the procedures—and would not have done so if given the choice. Moreover, they allege that their sensitive videos were insecurely stored on various desktop computers, some of which were not even password protected, and that numerous non-medical staff members—including security guards and attorneys—were able to watch the videos. The lawsuit further alleges that the hospital made no effort to log or monitor who viewed the footage and did not ensure proper deletion of the data. In all, the lawsuit estimates that the hospital had secret recordings of around 1,800 procedures that took place in the women’s center.


4 Realistic Phishing Attacks Take Advantage of U.S. Tax Season

With the United States tax season in full swing, attackers are utilizing a variety of realistic methods to lure victims into opening malicious documents or submit sensitive information. In a new report released today, ProofPoint researchers illustrate how campaigns are targeting the tax season with realistic phishing emails and malicious attachments. These emails are used to install malware on victim's computers or convince them to submit sensitive informaton on servers that are under the attacker's control. In January 2019, ProofPoint observed a campaign targeting accounting firms that pretended to be an email from a fictitious taxpayer named Timothy. These emails pretended to contain information that was requested by the accounting firm in order to prepare Timothy's tax return.


5 This new malware is scanning the internet for systems info on valuable targets

A new form of malware is scanning the internet for exposed web services and default passwords in what's thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come. Researchers at AT&T Alien Labs first spotted the malware in March and have named it Xwo after its primary module name. It's thought that Xwo could be related to two other forms of malicious software – MongoLock ransomware and X Bash, a malware that rolls ransomware, a coinminer, a botnet and a worm into one – due to similarities in the Python-based code. But unlike MongoLock and Xbash, Xwo doesn't have any ransomware, cryptocurrency mining or any other similar money-making capabilities: it's main focus is scanning for credentials and exposed services and sending information back to its command and control server.


6 Few Claims Filed for Post-Data Breach Services

In the more than three years since the government started offering identity protection services and identity theft insurance to those affected by the breaches of OPM databases, only 61 individuals have received payouts from insurance claims, averaging about $1,800 per claim, GAO has found. GAO said that of the 22 million people—current and former federal employees, military personnel and others in a database of federal personnel files and another on people who had undergone background checks—about three million have enrolled in the services. Enrollment is still open and the benefits are to continue through 2026; some members of Congress have proposed that they be made permanent. About 1 percent of enrollees have made identity restoration requests, and of the 81 insurance claims filed, 61 were approved, GAO said.


7 Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists

Researchers in Israel say they have developed malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images — vulnerabilities that could have potentially life-altering consequences if unaddressed. The malware they created would let attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care.


8 Secaucus High School Freshmen Hacked School’s Wi-Fi, Made Life Difficult For Teachers For Week

A hacking scandal has rocked a New Jersey school district. Two tech-savvy teenagers are accused of disabling their high school’s Wi-Fi system. Police said they did it to get out of tests, but now they’re facing charges. Police are calling what happened at Secaucus High School illegal, but also ingenious. They said two 14-year-old boys — ninth graders — were arrested last Thursday for hacking into the school’s Wi-Fi, making it impossible for teachers to give any tests or teach any lessons that relied on the internet. It was all the talk at the school Tuesday. “I couldn’t access the internet. I couldn’t really do any work. My teachers were annoyed. We couldn’t take tests, couldn’t take notes,” freshman Athana Siachandris told CBS2’s Scott Rapoport.


9 Facebook gets one step closer to building your virtual copy

When it comes to representing yourself on social media, who you actually portray yourself as has always been a bit of a caricature. That thinking has always made it a little interesting to examine how a company like Facebook  approaches avatar design for services like their VR avatar system. Oculus Avatars have undergone a number of transformations and today they’re pushing an update that creates more robust facial expressions that are more human-like than the stiff representations that past iterations showcased. The new Sims-like “Expressive Avatars” are certainly the company’s most unsettling to date, but they’re also the most ambitious. The company calls the update, the “culmination of user feedback and years of research and innovations in machine learning, engineering, and design.”


10 Consumer routers targeted by DNS hijacking attackers

Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks. The Cisco routers targeted are Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers. The exploited vulnerabilities are CVE-2019-1653, CVE-2019-1652, and CVE-2019-1828. All three are in the web-based management interface of the routers and could allow an unauthenticated, remote attacker to retrieve sensitive information, execute arbitrary commands, or access administrative credentials.

Related Posts