AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – August 22, 2018

Kaspersky Ban Draws Few Public Comments

How concerned are government and industry about a new law requiring federal agencies and contractors to rid themselves of any trace of Kaspersky anti-virus software? Not very concerned, by the looks of two calls for public comments on implementing the law, which responds to intelligence community concerns that the Russian company’s software could be used as a Kremlin spying tool. The main call for comments on a joint rule implementing the law by the General Services Administration, Defense Department and NASA closed Aug. 14 with only three comments. The three comments were: a complaint from an alleged Pentagon employee that there was no government point of contact to help implement the rule; a request, seemingly from industry, for more specificity about how broadly the ban will be interpreted; and an expression of concern about a carveout for contract extensions of less than six months.

Elon Musk Announces Tesla Will Share Security Software With Other Car Makers As Open Source

It has been reported that Elon Musk told hackers at the private DEF CON conference last week that Tesla will share its security software with other car makers as open source. He says it’s a bid to make autonomous vehicle software safer by opening the software to more scrutiny, according to people who attended the gathering. IT security experts commented below. “It’s promising that Tesla will share its wealth of security knowledge and possible software. The automotive industry as a whole needs to catch up to the rest of the high tech innovators that have embraced an approach fostering open communication when it comes to security.

Russia denies Microsoft allegations it targeted U.S. think tanks

The Russian authorities deny allegations from Microsoft that hackers linked to Russia’s government tried to target the websites of two right-wing U.S. think-tanks, the Interfax news agency reported on Tuesday. The software giant said it had thwarted the Russia-linked attempts last week, which it suggested showed Moscow was broadening its attacks in the build-up to November elections. Interfax cited an unnamed Russian diplomatic source on Tuesday as describing Microsoft’s allegations as part of a political game. “Microsoft is playing political games,” it cited the source as saying. “The (mid-term U.S.) elections have not happened yet, but there are already allegations.”

Retail and finance top the list of vulnerable industries, increasingly targeted with credential threat campaigns

The finance, professional, and information sectors had the highest volume and most variety of malicious activity in Q2 2018, says Rapid7, and the manufacturing sector is steadily getting more and more targeted. According to the statistics from the company’s latest threat report, compiled from alerts validated by its Managed Detection and Response team and data from its Project Sonar (Internet scanning for vulnerable systems) and Project Heisenberg (150+ honeypot nodes watching for signs of attacker activity), there has also been a continued emphasis on credential theft and account leaks across all industries, along with an increase in remote access attempts.

Phishing scam claims recall on exploding Barclays credit cards

Scammers are taking phishing attack low tech in a scheme targeting Barclays customers, claiming that a recall has been issued for customers cards because their EMV chips could explode. The crooks are sending out letters in postal mail instructing users to return their debit and debit cards via mail and to include their PIN numbers for “verification purposes,” according to an Aug 17 Malwarebytes report. “Many of our bank costumers have reported that their debit cards have caught fire while they are in wallets and purses, and so as a precushion we are issuing an URGENT safety recall,” the scammer’s letter read. “This is a matter of the uppermost emergency as your card could create a pocket fire at any given moment, burning your legs and stomach terribly.”

What is Doxxing?

Doxxing is searching for and publishing personal information about a person publicly with malicious intent. Doxxing includes the hacker analyzing information posted online about the victim in order to identify and then harass the victim. It can also involve exposing an anonymous account to reveal the person’s identity. The term “doxxing” comes from the expression “dropping dox” which refers to a method of revenge hacking that originated in the early 1990s. Hackers would “drop” malicious information on a rival using the internet.

Animoto hack exposes personal information, location data

Animoto, a cloud-based video maker service for social media sites, has revealed a data breach. The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general. Names, dates of birth and user email addresses were accessed by hackers, but the company said it wasn’t known if data had been exfiltrated. The company also said that users’ scrambled passwords were exposed in the breach, but were hashed and salted, making it difficult for anyone to reveal the original password. The New York City-based company also said in a security announcement that user geolocations were also exposed to hackers, but noted that it “does not keep geolocation information for all users.” Payment data is not thought to be affected as it’s stored in a separate system, the company said.

The security changes you can expect in iOS 12

Later this year – very likely in September – Apple will unveil the next major release of its mobile operating system, iOS 12. The beta version of iOS 12 has been available for a little while now, so I took it for a test and tried out some of the security-related changes we’ll see rolling out when it is released. Apple has been making a point to position itself as taking user privacy seriously on a number of fronts. With the iOS 12 update, Safari takes a cue from a number of other browsers in slapping the hands of social media trackers and forcing them to stop tracking users. From iOS 12, Safari will both stop advertisers from knowing uniquely identifying information about the user’s phone, and stop sharing-buttons and comment boxes from tracking users unless the user has opted in to interacting with those buttons/boxes.

WhatsApp urges Android users to manually backup their chats

The good news for Android users: WhatsApp chats, photos and videos are no longer going to eat into your precious Google Drive storage limit. Starting 12 November, your quota won’t budge due to that particular backup bucket. The catch: if you want to save your old WhatsApp content, you better back it all up before 12 November. That’s when WhatsApp will sweep out dusty old backups that haven’t been updated in more than a year, it said on its FAQ page. On Monday, the Independent reported that Google emailed users to let them know that the move comes out of a new agreement between itself and WhatsApp. The change in how the instant messaging app backs up data is reportedly being done to make backup more accessible and seamless.

Army cyber protection teams upgrade training with a ‘real’ city

The Army’s cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port. “There’s a dearth of realistic training venues,” John Nix, director of federal for SANS Institute, told FCW. “There are lots of cyber ranges, but they don’t have those rich training scenarios where you have an adversary that is being emulated — a real advanced persistent threat — and they bang away at the Cyber Protection Teams.” A task force comprised of two CPTs will endure a weeklong, 24-hour-a-day training exercise, called the SANS Cyber Situational Training Exercise (Cyber STX), at the Indiana National Guard’s Muscatatuck Urban Training Center in Butlerville, Ind., starting Aug. 20.

Georgia officials say it’s too late to switch to paper ballots despite security worries

County election officials across Georgia say it’s too late to switch to paper ballots in the upcoming elections, despite warnings that hackers could easily penetrate the state’s antiquated electronic voting system and that Russia could unleash a new wave of disruptive cyberattacks. U.S. District Judge Amy Totenberg is expected to rule any day on whether the state must switch to old-fashioned paper ballots. Her ruling would come in response to a year-old lawsuit by citizen activists. They argue that the state’s current system of relying on electronic voting machines that lack a paper backup is “hopelessly compromised” and paper ballots are necessary to ensure public confidence in the results.

Man sues over Google’s “Location History” fiasco, case could affect millions

As a result of the previously unknown practice, which was first exposed by the Associated Press last week, Google has now been sued by a man in San Diego. Simultaneously, activists in Washington, DC are urging the Federal Trade Commission to examine whether the company is in breach of its 2011 consent decree with the agency. In the lawsuit, which was filed in federal court last Friday in San Francisco, attorneys representing a man named Napoleon Patacsil argued that Google is violating the California Invasion of Privacy Act and the state’s constitutional right to privacy. The lawsuit seeks class-action status, and it would include both an “Android Class” and “iPhone Class” for the potential millions of people in the United States with such phones who turned off their Location History and nonetheless had it recorded by Google. It will likely take months or longer for the judge to determine whether there is a sufficient class.

Google’s ‘Tell me something good’ might just restore your faith in humanity

Being perpetually tuned into the news is not fun. Important, perhaps, but usually not particularly good for your outlook on humanity. Google, one of the world’s principal supplier of news, is taking a small step to make things better. Google Assistant is testing a new feature that will only feed you positive stories. Just ask the Assistant “tell me something good” and you’ll be greeted with a curated sumary of positive stories that might just brighten your day. Google says it highlights stories “about people who are solving problems for our communities and our world.”

New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. The approach relies on recording electromagnetic (EM) emanations coming off a device as it performs an encryption or decryption operation. The technique is not remotely novel, as it’s been known and detailed since the late 90s. Several white papers describing techniques that analyze EM waves to compute and leak encryption keys have been published in the past years.

Facebook bounces hundreds of Russian & Iranian-created pages

Facebook has taken down more than 600 phony pages, groups and accounts that were part of two separate disinformation campaigns — organized by Russia and Iran — targeting people worldwide, the company announced Tuesday night. The revelation is unusual for targeting people in many countries and for involving a nation-state actor other than Russia, which has been the main focus of reporting on disinformation operations targeting the United States. The discovery was made by cybersecurity firm FireEye, Facebook said. “We’ve removed 652 Pages, groups and accounts for coordinated inauthentic behavior that originated in Iran and targeted people across multiple internet services in the Middle East, Latin America, UK and US,” said Nathaniel Gleicher, the company’s head of cybersecurity policy, in a blog post.

Related Posts