AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – Feb 13, 2019

              February 13, 2019


Microsoft States Windows Update DNS Issues are Finally Fixed

Starting in late January, Windows 10 users began reporting that when they tried to perform an update, Windows would state that it could not connect to the Windows Update service. At the time, Microsoft did not disclose the cause of the issue, but as users could fix the problem by changing their DNS servers, it was widely thought to be a DNS problem.

Microsoft finally disclosed that this was a DNS issue that was caused by an outage at an external DNS provider, which caused corruption of DNS Data. To make matters worse, these "corrupted DNS records" were propagated to downstream DNS providers causing a big mess for users who were trying to perform Windows updates. In an updated Windows 10 and Windows Server 2019 update history support article, Microsoft has stated that this issue should now be fully resolved as all local ISPs have refreshed their DNS servers and are now using the correct DNS records.


The world's biggest spice company is using AI to find new flavors

McCormick — the maker of Old Bay and other seasonings, spices and condiments — hopes the technology can help it tantalize taste buds. It worked with IBM Research to build an AI system trained on decades worth of data about spices and flavors to come up with new flavor combinations. The Baltimore, Maryland-based company plans to bring its first batch of AI-assisted products to market later this year. The line of seasoning mixes, called One, for making one-dish meals, includes flavors such as Tuscan Chicken and Bourbon Pork Tenderloin. Hamed Faridi, McCormick's chief science officer, told CNN Business that using AI cuts down product development time, and that the company plans to use the technology to help develop all new products by the end of 2021.


Trump Signs Executive Order Promoting Artificial Intelligence

President Trump signed an executive order Monday meant to spur the development and regulation of artificial intelligence, technology that many experts believe will define the future of everything from consumer products to health care to warfare. A.I. experts across industry, academia and government have long called on the Trump administration to make the development of artificial intelligence a major priority. Last spring, worried that the United States was not keeping pace with China and other countries, Jim Mattis, then the defense secretary, sent a memo to the White House imploring the president to create a national strategy on A.I. Now, Mr. Trump has taken that step, though this “American A.I. Initiative” might not be as bold as some had hoped.


Apple will let military veterans access their health records on the iPhone

Military veterans treated by the US Department of Veterans Affairs will soon be able to access their medical records on the iPhone Health Records app, Apple announced today. It’s the latest major collaboration between Apple and a health care system, and a sign of the company’s growing interest in the world of electronic health records. Electronic health records are a famously contentious sector of the health care system. For many patients, the tangled evolution of e-health technology has led to a fragmented paper trail filled with gaps, which makes it hard to bring their own health information from one network to another and can slow down their treatment. The new collaboration would allow the 9 million veterans served by the VA, which is the largest medical system in the country, to see their aggregated medical records — including conditions, vaccinations, lab tests, medical procedures, and diagnoses — in one place.


Right-clicking in Gmail is about to get a whole lot more useful

Google is finally addressing one of the more annoying quirks of Gmail’s web interface by overhauling the right-click menu, adding a lot more options in the pop-up list that should make it way more useful. As updates go, it’s a pretty simple one: once the rollout hits your account, you’ll be presented with the above list of options when you right-click on an email, adding options to reply, forward, label, move, mute, and snooze emails — options that honestly should have been there for a long time. Compare that to the old right-click menu, which gave just a paltry three options: archive, mark as unread, or delete.


Dunkin' Donuts accounts compromised in second credential stuffing attack in three months

Dunkin' Donuts announced today that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts. This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks. Credentials stuffing is a cyber-security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked at other sites and use them to gain (illegal) access on accounts on new sites. Just like in the first, hackers used user credentials leaked at other sites to gain entry to DD Perks rewards accounts, which provide repeat customers with a way to earn points and use them to get free beverages or discounts for other Dunkin' Donuts products.


Hackers wipe US servers of email provider VFEmail

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process. The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost." "This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said.


FTC to Send Refund Checks to Consumers who Lost Money to Tech Support Scam

The Federal Trade Commission is sending refund checks to people deceived by the operators of an alleged tech support scheme. The refunds stem from a settlement the FTC and the State of Alabama reached last year with Troth Solutions over allegations that the defendants tricked people into believing their computers were infected with viruses and malware, and then charged them hundreds of dollars for unnecessary repairs. According to the complaint, the defendants used phone calls and online ads resembling security alerts from major technology companies to trick people into contacting the defendants and providing access to the consumers’ computers. The defendants then claimed consumers’ computers were infected with viruses, hacked, or experiencing other problems. The scheme’s operators used high-pressure tactics to persuade consumers to pay hundreds of dollars for unnecessary computer repair services, service plans, anti-virus protection or software, and other products and services.


Hackers keep trying to get malicious Windows file onto MacOS

Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files. “We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design,” Trend Micro researchers Don Ladores and Luis Magisa wrote.


New Offensive USB Cable Allows Remote Attacks over WiFi

Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computer's keyboard. When plugged into a Linux, Mac, or Windows computer, this cable is detected by the operating system as a HID or human interface device. As HID devices are considered input devices by an operating system, they can be used to input commands as if they are being typed on a keyboard. Created by security researcher Mike Grover, who goes by the alias _MG_, the cable includes an integrated WiFi PCB that was created by the researcher. This WiFi chip allows an attacker to connect to the cable remotely to execute command on the computer or manipulate the mouse cursor.


First CryptoCurrency Clipboard Hijacker Found on Google Play Store

Researchers last week found the first Android app on the Google Play store that monitors a device's clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker's control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. A malicious Android app called MetaMask was added to the Google Play store that pretended to be a mobile version of the legitimate service of the same name.  This app, though, was detected by ESET as malicious and when ESET Android security researcher Lukas Stefanko performed an analysis, it was discovered to be stealing a user's cryptocurrency using two different attack methods.


OkCupid Denies Data Breach Amid Account Hack Complaints

Dating is tough as it is, but some OkCupid users are reporting a new kind of challenge: Hackers are breaking into accounts, changing their email addresses and passwords, and locking them out. However, the dating website states it has not been affected by a security breach. One user whose account was hacked contacted TechCrunch, which reports a hacker accessed his account, changed his information, and sent him strange text messages. Several other users reported similar situations. Some had difficulty regaining account access, stating OkCupid did not alert them when their information was changed and took two days to unlock the account. In response to the incidents, OkCupid pointed to the prevalence of account takeover attempts, which it noted are common across all websites. Its support pages contain warning signs related to account takeover and guidance for users whose accounts have been breached.


U.S. Senators Urge VPN Ban for Federal Workers Over Spying

Two U.S. senators are taking bipartisan aim at foreign-owned virtual private networks (VPNs), which they say are often headquartered “in countries that do not share American interests or values” – specifically, China and Russia. Sens. Ron Wyden (D-Ore.) and Marco Rubio (R-Fla.) have signed a joint letter to Christopher Krebs, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). They’re urging an investigation into whether such VPNs present a risk to homeland security – the concern is that the services are logging web browsing data and sending it directly to Chinese and Russian intelligence. “Because these foreign apps transmit users’ web browsing data to servers located in or controlled by countries that have an interest in targeting US government employees, their use raises the risk that user data will be surveilled by those foreign governments,” according to the letter.

CategoriesInfoSec News Nuggets

Related Posts