AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 08/16/2019

1 Google employees protest: ‘Don’t bid for border control cloud contract’

Google employees are calling on the company not to bid on a cloud contract with the US Customs and Border Protection (CBP) in protest against the agency’s alleged human-rights abuses at the Mexican border. The petition demands that Google does not bid on a recently published CBP request for information (RFI) for a “cloud services provider”. However, Google employees also want the company to publicly commit to not providing its services to CBP or to related border control authorities US Immigration and Customs Enforcement (ICE) and the Office of Refugee Resettlement (ORR).


2 U.S. Cyber Command warns of North Korea-linked Lazarus Group malware

Malicious software samples uploaded by U.S. Cyber Command to VirusTotal on Wednesday are associated with campaigns from Lazarus Group, an advanced persistent threat group linked with North Korea, two cybersecurity researchers told CyberScoop. Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike.


3 Windows 7 SHA-2 Updates Blocked If Symantec, Norton AVs Installed

Microsoft is blocking Windows 7 and Windows Server 2008 R2 updates from being installed if they are code signed using a SHA-2 certificate and the machine has Symantec or Norton antivirus installed. This is because the antivirus software is deleting the updates during installation and causing Windows to not start. For the past couple of months, Microsoft has been updating a support bulletin to remind companies and users about the retiring of SHA-1 signed updates and their move towards using SHA-2 certificates. Starting yesterday as part of the August Patch Tuesday updates, Windows 7 SP1 and Windows Server 2008 R2 SP1 will only install updates if they are signed with SHA-2 code signing certificates.


4 Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail

It’s starting to look like the global private sector might have a real problem on its hands. Despite international media attention and a series of high-profile arrests, some of the world’s most prolific cybercriminals only seem to be accelerating their hacking sprees. Financially motivated hacking groups including FIN7, Cobalt Group and the Contact Crew remain active, staying busy well into this year, according to Accenture Security’s 2019 Threatscape report. The cybercrime syndicates, which have haunted financial and retail companies since at least 2016, have spent the first half of 2019 updating their malicious software tools and expanding their reach.


5 UPS has been quietly delivering cargo using self-driving trucks

UPS has had autonomous trucking startup TuSimple hauling cargo for it between Phoenix and Tucson, Arizona, since May as part of a newly publicized partnership between the two companies. The delivery giant made the announcement today alongside the news that its venture arm is taking a minority stake in TuSimple. Terms of the deal were not disclosed. TuSimple had previously run a partnership with the United States Postal Service in May, where the startup’s trucks carried mail on the 1,000-mile stretch between the USPS’s Phoenix, Arizona, and Dallas, Texas, distribution centers. That pilot has since ended, though the two sides are discussing “next steps,” according to a TuSimple spokesperson.


6 The Mainframe Is Seeing a Resurgence

As the face of IT has changed, the mainframe has kept up with trends, with its ever-evolving ability to provide the performance and number-crunching required by technologies such as machine learning and artificial intelligence. But while mainframe technology has evolved to meet the trends, the security processes and practices needed to keep the platform secure haven’t exactly kept up. It’s not for lack of technology and tools, however. The phenomenon is largely due to a series of misconceptions among IT professionals around mainframe security. Those misconceptions are placing countless businesses — and an enormous amount of sensitive customer data — at serious risk.


7 Apple Brings Contactless Student IDs to More Universities

Apple is expanding contactless student IDs to more U.S. universities. Starting this fall, 100,000-plus pupils will be able to tap their iPhone or Apple Watch to enter dorms, the library, and campus events, or pay for laundry, snacks, and meals around campus. A dozen schools have been added to Apple’s lineup. “We’re happy to add to the growing number of schools that are making getting around campus easier than ever with iPhone and Apple Watch,” Jennifer Bailey, Apple’s vice president of internet services, said in a statement. “We know students love this feature.”


8 Former Student Sentenced For Destroying Computers at The College of St. Rose

Vishwanath Akuthota, age 27, of Albany, was sentenced today to 12 months in prison, to be followed by 1 year of supervised release, for intentionally damaging computer equipment owned by The College of St. Rose.  Akuthota was also ordered to pay restitution in the amount of $58,471. In pleading guilty, Akuthota admitted that on February 14, 2019, he inserted a “USB Killer” device into 66 computers, as well as numerous computer monitors and computer-enhanced podiums, owned by the college in Albany.  The “USB Killer” device, when inserted into a computer’s USB port, sends a command causing the computer’s on-board capacitors to rapidly charge and then discharge repeatedly, thereby overloading and physically destroying the computer’s USB port and electrical system.


9 Apple Class Action Says iCloud Service is Misrepresented

Apple Inc. has been hit with a class action lawsuit by customers who claim that their data was supposed to be stored by the company’s iCloud service, but it was actually assigned to cloud services offered by other entities. Plaintiffs Andrea M. Williams and James Stewart say Apple did not have the infrastructure in place to host customers’ data. “Unbeknownst to Plaintiffs and the putative class members, instead of storing class members’ data on Apple cloud servers and facilities, Apple actually stored users’ data on cloud facilities owned and operated by other entities, like Amazon, Microsoft or Google—all undisclosed to these class members who paid and entrusted Apple to store their data,” the Apple class action lawsuit maintains.


10 New Malware Norman Uses Your PC to Secretly Mine Cryptocurrency

Security firm Varonis has uncovered a new strain of cryptojacking malware called Norman that deploys sophisticated techniques to avoid detection. Cryptojacking is an increasingly popular class of malware that mines cryptocurrencies on devices without permission. According to the researchers, Norman hides itself when you open the Task Manager in Windows to see why your machine is running slow. Once the Task Manager is closed, the cryptojacking malware reinjects itself, as reported by UK tech publication Verdict. “Norman seems to be an elaborate cryptominer, more so than the average cryptominer. It tries to hide from analysis, and it uses elaborate techniques to hide itself further. This is not typical behavior for cryptominers.”

Related Posts