AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – August 1, 2018

Steam game Abstractism pulled after cryptomining accusations

Valve has pulled a game from its online Steam store after allegations were made that it was exploiting players’ computer resources to mine for cryptocurrency. Warning bells rang for players of the game, a simple and minimalist platformer called “Abstractism”, because it was consuming so much processing power from their CPUs and GPUs. When you see the very-basic game in action, it’s hard to believe that it could have any legitimate need to stretch the abilities of a typical gaming PC. If things weren’t suspicious enough already, the game was also accused of duplicating expensive items from other video games, and attempting to sell the fake goods at inflated prices in Steam’s Community Market.

BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters for a Week

On Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24. The ransomware infection crippled the Borough’s government networks and has led to the IT staff shutting down a large swath of affected IT systems. “Last Tues., July 24, the Borough first disconnected servers from each other, then disconnected the Borough itself from the Internet, phones, and email, as it recognized it was under cyber attack,” said Mat-Su Public Affairs Director Patty Sullivan. “Since then, infrastructure is steadily being rebuilt, computers cleaned and returned, and email, phones, and Internet connection becoming restored.”

Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week

A massive malvertising campaign has been exposed today in a report published by cybersecurity firm Check Point. Researchers believe the operators of this malvertising campaign have cozied up to an ad network and ad resellers in order to make sure their hijacked traffic reaches preferred bad actors, who then redirect victims to tech support scams or exploit kits that infect them with ransomware, banking trojans, or others. Check Point named this complex scheme Master134, after the URL of a central and crucial server in the campaign’s entire operational scheme. According to the Check Point report, it all starts with the Master134 crooks taking over WordPress sites. Researchers say they unearthed over 10,000 WordPress sites compromised by this gang.

US airport security’s ‘Quiet Skies’ programme tracks passengers

The US Transportation Security Administration (TSA) is facing criticism for secretly tracking Americans on flights, US media report. The “Quiet Skies” programme reportedly uses an unknown algorithm to flag flyers without any criminal record for surveillance on domestic flights. Air marshals tasked with carrying out surveillance have pushed back against the programme, according to US media. TSA denies any racial profiling and says it is a “practical” method. “With routine reviews and active management via legal, privacy and civil rights and liberties offices, the programme is a practical method of keeping another act of terrorism from occurring at 30,000 feet,” the agency said to the BBC in a statement.

Click on this iOS phishing scam and you’ll be connected to “Apple Care”

India-based tech support scams have taken a new turn, using phishing emails targeting Apple users to push them to a fake Apple website. This phishing attack also comes with a twist—it pops up a system dialog box to start a phone call. The intricacy of the phish and the formatting of the webpage could convince some users that their phone has been “locked for illegal activity” by Apple, luring users into soon clicking to complete the call. Scammers are following the money. As more people use mobile devices as their primary or sole way of connecting to the Internet, phishing attacks and other scams have increasingly targeted mobile users. And since so much of people’s lives are tied to mobile devices, they’re particularly attractive targets for scammers and fraudsters.


Hackers find creative way to steal $7.7 million without being detected

Hackers managed to steal $7.7 million dollars’ worth of cryptocurrency from the platform known as KICKICO by using a novel technique—destroying existing coins and then creating new ones totaling the same amount and putting them in hacker-controlled addresses, KICKICO officials said. The technique evaded KICKICO’s security measures because it didn’t change the number of KICK tokens issued on the network. Such security measures are generally designed to spot thefts and other malicious actions by detecting sudden shifts in total cryptocurrency funds available on the market. The unknown attackers were able to destroy the existing coins and create new ones by first obtaining the secret cryptographic key controlling the KICKICO smart contract. KICKICO officials didn’t learn of the breach until they received complaints from several users reporting that $800,000 dollars’ worth of digital coins were missing from their wallets.

Connected Car Apps Open Privacy Hole For Used Car Owners

When we think about hacking connected cars, most of the research has been around difficult-to-exploit vulnerabilities that would allow someone besides the owner to do things such as control the infotainment system, unlock the car remotely or even take control of the steering mechanism. But it turns out that there’s a much less flashy danger at play – involving a potentially widespread privacy issue. Matt Watts, data strategist and director of technology at NetApp, discovered after buying a used car that a previous owner could access a range of his personal information via the app that connects with the vehicle.

8 states take aim at 3D gun company, sue to get files off the Internet

Eight states announced Monday that they plan to ask a federal judge in Seattle to immediately issue a temporary restraining order against Defense Distributed, a Texas-based group that has already begun making 3D-printer gun files available on its DEFCAD website after a recent legal settlement with the US State Department. Those states include: Washington, Connecticut, Maryland, New Jersey, New York, Oregon, Massachusetts, Pennsylvania, and also the District of Columbia. A total of 20 states (and DC) have sent a separate letter expressing their support, but for now, only the group lead by Washington is officially part of the lawsuit.

Activist Publishes 11,000 Private DMs Between Wikileaks and Its Supporters

Wikileaks is possibly the most opaque transparency organization. The group, founded by Julian Assange, sometimes hides its true motives, and has not published any information about its own finances in years, despite amassing tens of millions of dollars worth of cryptocurrency. Now, an activist who has developed an adversarial relationship with the group has published over 11,000 Wikileaks Twitter direct messages. “The idea was that the attitudes and behavior of WL [Wikileaks] behind closed doors is relevant, especially their coordination of PR, propaganda and troll ops through assets that are public supporters but not publicly known to take cues from WL,” Emma Best, the freedom of information activist, told Motherboard in a Twitter direct message.

Canadian Prime Minister Justin Trudeau Reportedly Alarmed by Huawei’s Threat to National Security

Canadian Prime Minister Justin Trudeau is alarmed about the national security threat posed by Chinese telecommunication giant Huawei, according to a Globe and Mail article citing an unnamed senior government official. The article said Trudeau has been hearing about the risks directly from U.S. President Donald Trump’s national security adviser John Bolton, and has also been in discussion with leaders of Five Eyes member nations on cybersecurity risks posed by Huawei. Five Eyes is an alliance between Canada, New Zealand, the United States, Australia, and the United Kingdom that facilitates collaboration in intelligence activities.

Facebook Uncovers Political Influence Campaign Ahead of Midterms

Facebook said Tuesday it shut down 32 fake pages and accounts involved in an apparent “coordinated” effort to stoke hot-button issues ahead of November midterm US elections, but could not identify the source although Russia is suspected of involvement. It said the “bad actor” accounts on the world’s biggest social network and its photo-sharing site Instagram could not be tied directly to Russian actors, who American officials say used the platform to spread disinformation ahead of the 2016 US presidential election. The US intelligence community has concluded that Russia sought to sway the vote in Donald Trump’s favor, and Facebook was a primary tool in that effort, using targeted ads to escalate political tensions and push divisive online content.

DHS Stands Up New Cyber Risk Center to Protect High-Value Targets

The Homeland Security Department is launching a national risk management center to tackle key cybersecurity priorities, including creating a registry of the nation’s digital “crown jewels,” Sec. Kirstjen Nielsen said Tuesday during a government cyber summit in New York. The center will initially focus on the energy, telecom, health care and financial services sectors and will organize much of its work in a series of “90-day sprints” focused on particular national cyber priorities, Nielsen said. That early sprint focused on cataloging the nation’s most vital digital assets mirrors work Homeland Security has been doing internally to focus greater efforts on protecting the most important government systems rather than protecting all systems equally.

Funny Google Chromebook Ad Mocks Windows and macOS Operating Systems

In a mocking and hilarious Chromebook ad, Google takes aim at the various issues Windows and macOS users encounter while using these operating systems. With a resounding score, the Chromebook ad shows an increasing display of errors, problems, and crashes that users may frequently encounter while using macOS and Windows and then switches to the enjoyment people have when using a Chromebook. The advertisement is titled “If you want a laptop you can count on. You Chromebook.” and is a heads on attack showing the error messages and problems that Chome OS’s competitors have become well known for.

Yale Discloses Data Breach

Yale University has just disclosed that it suffered a data breach including names, Social Security numbers, dates of birth, and, in some cases, email addresses and physical addresses of certain individuals. And that is nearly as specific as the disclosure from the university gets. According to Yale, sometime between April 2008 and January 2009 someone gained access to a database and exfiltrated information. The database was purged of personally identifiable information in 2011, but it wasn’t until June 2018 that the university discovered a breach had taken place. The university says that, due to the time that has passed, there is no way of knowing who the attacker was. The school has, it says, notified all affected individuals and offered credit monitoring to U.S. residents on the list.

Related Posts