AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – August 27, 2018

New facial recognition tech catches first impostor at D.C. airport

Facial recognition technology caught an impostor trying to enter the U.S. on a fake passport that may have passed at face value with humans, federal officials said Thursday. And the groundbreaking arrest came on just the third day the biometric technology has been used at Washington Dulles International Airport. The 26-year-old man arrived Wednesday on a flight from Sao Paulo, Brazil, and presented a French passport to the customs officer, according to the U.S. Customs and Border Protection (CBP). Using the new facial comparison biometric system, the officer determined the unidentified traveler did not match the passport he presented.

Spyware firm SpyFone leaves customer data, recordings exposed online

it appears that an oversight by spyware developer SpyFone has led to the online leak of terabytes of data belonging not just to customers but also their targets. California-based SpyFone, marketed as the world’s “number one parental monitoring software,” also boldly links to articles which describe the offerings as a way for employers to “protect [their] company from inappropriate usage” and to give spouses “peace of mind.” The spyware firm’s customers have now had their own information leaked alongside their victims after a researcher uncovered an Amazon S3 bucket belonging to the company which had been left unprotected. Misconfigurations allowed the leak of photos, audio, recordings, text messages, and browsing history. In addition, GPS data, IMEI numbers, names, hashed passwords, and device information was included in the breach.

Tech Companies Are Gathering For A Secret Meeting To Prepare A 2018 Election Strategy

Representatives from a host of the biggest US tech companies, including Facebook and Twitter, have scheduled a private meeting for Friday to share their tactics in preparation for the 2018 midterm elections. Last week, Facebook’s head of cybersecurity policy, Nathaniel Gleicher, invited employees from a dozen companies, including Google, Microsoft, and Snapchat, to gather at Twitter’s headquarters in downtown San Francisco, according to an email obtained by BuzzFeed News. “As I’ve mentioned to several of you over the last few weeks, we have been looking to schedule a follow-on discussion to our industry conversation about information operations, election protection, and the work we are all doing to tackle these challenges,” Gleicher wrote.

Superdrug targeted by miscreants who claim to have stolen customer data

Superdrug is urging its online customers to change their passwords after being contacted by cybercriminals who claim to have secured a range of personal details belonging to 20,000 customers of this British health and beauty retailer, Huffington Post reports. The personal data are thought to include names, addresses, dates of birth, and phone numbers. One silver lining is that, according to the company’s statement on Twitter, payment information has not been compromised. “On the evening of 20th August, we were contacted by hackers who claimed they had obtained a number of our customers’ online shopping information,” reads the company’s email. To prove that the breach was genuine, the criminals sent a portion of the alleged haul to the company. However, the company said that independent IT security advisors found no evidence of a breach of its systems or “mass data download or extraction” from them.

Russian trolls ‘spreading discord’ over vaccine safety online

Bots and Russian trolls spread misinformation about vaccines on Twitter to sow division and distribute malicious content before and during the American presidential election, according to a new study. Scientists at George Washington University, in Washington DC, made the discovery while trying to improve social media communications for public health workers, researchers said. Instead, they found trolls and bots skewing online debate and upending consensus about vaccine safety. The study discovered several accounts, now known to belong to the same Russian trolls who interfered in the US election, as well as marketing and malware bots, tweeting about vaccines.

Florida Man Arrested and Charged with Extensive Cyberstalking and Threats Campaign

A Florida man was arrested today and charged in U.S. District Court in Boston with conducting an extensive cyberstalking campaign that targeted his former schoolmate, a 30-year-old Massachusetts woman.  The victim’s name is being withheld to protect her privacy. He launched his campaign in February 2017, shortly after the victim wrote, and had published in an online magazine, an essay describing a one-time, traumatic sexual encounter she had with Cardozo when she was approximately 13 and he was approximately 17 and they attended the same school in Florida.  She used pseudonyms for Cardozo and others in the essay.  He sent hundreds of online communications, many of which he made in the “comments” section to the essay. 

McAfee opens lab to demo threats from lock picking to medical device hacking

The lab officially opened for demos on Wednesday, with representatives from the health care industry, government, law enforcement and academia touring the facility. The current demos represent current areas of active research at McAfee. The automotive demo, for instance, showed how a malicious actor could manipulate a Mobileye camera into misidentifying a Stop sign — just with a simple piece of paper with a pattern printed on it. Other demos included a Cortana vulnerability discovered by McAfee, a medical device vulnerability, a Wemo smart plug vulnerability and a Windows Defender bypass. The lab also has a blockchain station, to help customers understand exactly what it is and to demonstrate some attack scenarios.

Online-inspired extremists are ‘the greatest terrorist threat,’ declassified CSIS document says

Attacks by extremists inspired over the internet have become the country’s top terrorist threat, according to a declassified Canadian intelligence document obtained by Global News. “The greatest terrorist threat is from extremists who are inspired, enabled or directed by others online,” said the Canadian Security Intelligence Service document released under the Access to Information Act. Titled Terrorism in the Digital Age, the CSIS document named al-Qaida and mentioned the transition from “the physical Caliphate to a virtual one,” an apparent reference to the so-called Islamic State.

Millions of Texas voter records exposed online

The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters. It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections. TechCrunch obtained a copy of the file, which was first found by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. It’s not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.

Is there new ‘hackproof’ cyber defense? Air Force, industry test new system

The Air Force is working with industry to test an emerging cybersecurity technology which has not as of yet been “hacked,” despite massive amounts of attempted penetrations. The software, made by Merlin Cyrption, is engineered to defeat advanced AI and Quantum computing hacking techniques by “never repeating a pattern,” developers say. Engineers of the new product explain that AI and Quantum computing are able to crack sophisticated encryption by recognizing patterns and analyzing mathematical sequences. “This encryption is non-deterministic and never repeats patterns. This cannot be broken through statistical analysis. It is not based on math. All encryption algorithms are based on math and this one is not,” Brandon Brown, Merlin Cyrption CEO told Warrior Maven in an interview.


Airbnb is suing New York City over a recently passed law that allows the collection of Airbnb hosts’ data, claiming the ordinance violates users’ constitutional rights. The company is hoping to avoid millions in losses when the law, designed to police short-term home rentals, takes effect this winter. The New York City legislation, which passed with a 45-0 vote, would require Airbnb to share the names and addresses of its hosts with the city’s Office of Special Enforcement. “The ordinance is an unlawful end-run around established restraints on governmental action and violates core constitutional rights,” the company said in a claim filed in New York court on Friday.

Uber ‘to focus on bikes over cars’

Uber says it plans to focus more on its electric scooter and bike business, and less on cars, despite the fact it could hurt profits. Boss Dara Khosrowshahi said that individual modes of transport were better suited to inner city travel. He also forecast users would make more frequent shorter journeys in future. “During rush hour, it is very inefficient for a one-tonne hulk of metal to take one person 10 blocks,” he told the Financial Times. “Short-term financially, maybe it’s not a win for us, but strategically long term we think that is exactly where we want to head.”

Google researcher found Fortnite Android App vulnerable to Man-in-the-Disk attacks

After a long wait, Fortnite Android app has finally arrived but it hides an ugly surprise, it is vulnerable to Man-in-the-Disk (MitD) attacks that can allow a third-party application to crash it or run malicious code. The flaw was discovered by Google security researchers, it could be exploited by low-privileged malicious apps already installed on a users’ phone to hijack the Fortnite Android app. Threat actor can carry out MitD attacks when an Android app stores data outside its highly-secured Internal Storage space, for example on an External Storage, that is shared by all apps. The attacker could tamper with the data stored in the external storage space. The attacker could hijack the installation process and install other malicious apps with higher permissions.

Related Posts