AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – February 15, 2019

Some GPS receivers may malfunction on or after April 6

April sees the GPS network go through a mini "millennium bug" of its own because the week number will roll back to a zero. While this is a known issue arising from the way the system works, it's recommended that those in charge of critical infrastructure which make use of GPS, along with other businesses and users who believe a malfunction would result in problems, to prepare for the event. A GPS Week Rollover happens because of the way the navigation signal works. The current week number is encoded into the signal message received from the satellites using a 10-bit field, and this allows for a week range from zero to 1023. The current period began back on 1 August 1999, and on 6 April 2019 the week number rolls over back to zero, where it will start counting back up to 1023.


Image-I-Nation supply chain breach exposes data of major credit agencies’ customers

Technologies, Inc., which provides hosting services and software to consumer reporting agencies like Equifax, Experian and TransUnion, experienced a supply chain breach that left users’ personal information exposed for as long as two weeks. Last Dec. 20, the company “discovered that there had been unauthorized access to our database containing the personal information of individuals who had a consumer report through our system at some point in the past,” according to a breach notification filed with the Montana Department of Justice, noting that the incident occurred between Nov. 1-15, 2018. “Based on our investigation, we have determined that the personal information that was potentially accessed could have included first and last names, dates of birth, home addresses, and Social Security numbers,” the company, which is owned by FRS Software, said.


Pirates hijack Apple’s enterprise certificates to put hacked apps on iPhones

Software pirates have hijacked technology designed by Apple to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones, Reuters has found. Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a program Apple introduced to let corporations distribute business apps to their employees without going through Apple’s tightly controlled App Store. Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue.


California teen Googles difficult customer, learns he's wanted in Georgia for $1M Super Bowl ticket scam

A man who was wanted in a $1 million Super Bowl ticket scam in Georgia has been arrested in California thanks to one quick-thinking teenager. Ketan Shah, 48, of Lawrenceville, Ga., allegedly collected nearly $1 million in exchange for Super Bowl tickets and VIP treatment that he never delivered on to victims, who include his own mother and other members of his family, according to Atlanta news station WSB-TV. He then skipped town a month before the game. His family told WSB-TV that Shah may have been experiencing a midlife crisis and reported him missing in December. His wife, Bhavi Shah, filed for divorce in January. Investigators were able to track his movements through Florida, Alabama, Oklahoma and Las Vegas, but it was one 19-year-old in Temecula, Calif., who eventually led police to Shah’s whereabouts.


31 AGs ask FTC to update Identity Theft Rules

Attorneys general from 31 states have asked the Federal Trade Commission (FTC) to update its Identity Theft Rules. Noting the proliferation of identity theft and consumers’ inability to divine how information stolen from breaches is being used, the AGs said that the rules – also known as the Red Flags Rule and the Card Issuers Rule –

“appropriately place the burden on certain entities to detect, prevent and mitigate identity theft.” And only those entities, they contended, “have the ability to stop a fraudulent account from being opened at their own place of business or to notify a consumer of a change of address in conjunction with a request for an additional or replacement card, which is a strong indicator that the account may have been taken over by an identity thief.”


500px reveals almost 15 million users are caught up in security breach

Online photography community 500px told its members on Tuesday, February 12, that their data may have been stolen in a security breach and warned them to change their password. In a statement, the portfolio website for photographers said an unauthorized party gained access to its systems on or around July 5, 2018. However, the breach was only discovered by its engineers on February 8, 2019. It said that around 14.8 million users may be affected. In other words, its entire user base at the time the breach took place. Toronto-based 500px began contacting its members by email at around 8 p.m. ET on Tuesday. As a precautionary measure, it’s requiring all users to change their 500px account passwords, and to also change them for any other online accounts where the password is the same.


Standing In Data Breach Litigation: Will The U.S. Supreme Court Weigh In?

The U.S. Supreme Court may finally weigh in on the hottest issue in data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data breach. Plaintiffs in data breach class actions are often not able to demonstrate that they have suffered financial or other actual damages resulting from a breach of their personal information. Instead, plaintiffs will allege that a heightened “risk of future harm” such as identity theft or fraudulent charges is enough to establish an “injury-in-fact”.


Another WordPress commercial plugin gets exploited in the wild

Hackers are exploiting an old vulnerability in a commercial WordPress plugin to break into websites and plant backdoors. Ongoing attacks have been first spotted at the end of last month by incident responders from Defiant, the company behind the Wordfence WordPress firewall plugin. The vulnerability exploited in the attacks affects "WP Cost Estimation & Payment Forms Builder," a commercial WordPress plugin for building e-commerce-centric forms that has been on sale on the CodeCanyon marketplace for the last five years. In an interview with ZDNet, Defiant Threat Analyst Mikey Veenstra said hackers were using the hacked site they investigated to hijack incoming traffic and redirect it to other websites. He didn't exclude the attackers abusing the backdoor for other nefarious activities later down the line.


Hard drives in accused CIA leaker's case were 'misplaced' after jailhouse search, prosecutors say

Months after the government accused a former CIA computer engineer of leaking government secrets from behind bars, prosecutors said hard drives containing discovery materials in the case somehow have been “misplaced.” The announcement is the latest complication in a case that only has become more convoluted since it entered the public consciousness. The government said it intends to provide the defendant, Joshua Schulte, with a reproduction of the unclassified material. Prosecutors have accused Schulte, a former software engineer, of providing WikiLeaks with an archive of stolen documents — known as the Vault 7 files — detailing the agency’s surveillance and hacking capabilities.


Google is running an auto-update-to-HTTPS experiment in Chrome

The Google Chrome team will be running an experiment this week in an attempt to find solutions to an HTTPS problem that Mozilla also attempted to solve last year. The problem that Google is trying to solve is called "mixed content," which Google describes as below: Mixed content occurs when initial HTML [a web page] is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.


Government watchdog finds weak enforcement of US privacy regulations

Data privacy has gotten out of the government's control, according to a report released Wednesday. The Government Accountability Office report recommends the passage of a federal internet privacy law with real consequences for companies that violate it. The report found that over the last 10 years, most of the Federal Trade Commission's actions against data privacy abuses didn't include fines because the agency doesn't have the authority to impose fines for those specific violations. In the past, the FTC has fined companies like Google and Vizio for tracking your data. But the GAO found that of the 101 data privacy violations the FTC investigated since 2009, nearly all of them ended with settlement agreements without fines. The report is the result of a 2017 request by Rep. Frank Pallone, a Democrat from New Jersey who is now chairman of the House Energy and Commerce Committee.


ACLU: Here's how FBI tried to force Facebook to wiretap its chat app

A US federal judge has refused to unseal court paperwork that would show how the FBI tried to force Facebook to snoop on calls made through its instant-messaging app. Judge Lawrence O’Neill this week rejected [PDF] a petition from the American Civil Liberties Union (ACLU) to make the documents public because, he argued, "the materials at issue in this case concern techniques that, if disclosed publicly, would compromise law enforcement efforts in many, if not all, future wiretap investigations." The judge also refused to release partially redacted versions – a move favored by Facebook if details of its systems were removed – because "sensitive investigatory information is so thoroughly intertwined with the legal and factual arguments in the record such that redaction would leave little and/or misleading substantive information."


Related Posts