AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – February 20, 2019

1 A Real Tube Carrying Dreams of 600-M.P.H. Transit

California just decided to sharply scale back its plans for a high-speed rail artery meant to transform travel up and down the state. But in the desert outside Las Vegas, the transportation ambitions still seem limitless. Here, engineers working for Virgin Hyperloop One are testing a radically different type of mass transit: one that aims to move people and cargo in small wheel-less pods in a vacuum tube at speeds that could exceed 600 miles per hour. Today’s swiftest rail travel, at top speeds less than half as fast, would become a quaint anachronism. The company, which counts Sir Richard Branson’s Virgin Group as a minority investor, is one of several in the United States, Canada and other countries developing hyperloop technology.


2 A Deep Dive on the Recent Widespread DNS Hijacking Attacks

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.


3 Russian hackers 8 times faster than Chinese, Iranians, North Koreans

In its latest threat report, CrowdStrike — the company that discovered that the Russians had hacked he Democratic National Committee — finds that Russian intelligence hackers are quicker and more nimble than the North Koreans, the Chinese, the Iranians and sophisticated criminals. CrowdStrike measured what it calls "breakout time" — the speed at which a hacking group can break into a network and start stealing data. That speed is important because intrusions are being detected and stopped faster than ever before. The faster the hackers can smash and grab, the more data they can steal. "It is quite remarkable to see that Russia-based threat actors are almost eight times as fast as their speediest competitor — North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China," CrowdStrike says in the threat report.


4 Personal information of students exposed in Stanford data breach

For the second time in 15 months, Stanford University has been hit by an embarrassing data breach that exposed the personal information of students, including home addresses, Social Security numbers and even test scores and essays. The Stanford Daily is reporting that Stanford students could view applications and high-school transcripts of other students “if they first requested to view their own admission documents under the Family Educational Rights and Privacy Act (FERPA).” Documents that were compromised by the hackers including extremely sensitive personal information like Social Security numbers for some students, as well as “students’ ethnicity, legacy status, home address, citizenship status, criminal status, standardized test scores, personal essays and whether they applied for financial aid. Official standardized test score reports were also accessible,” the paper reported, which explained that while students’ documents could not be search by name, the were “accessible by changing a numeric ID in a URL.”


5 Taco Bueno announces data breach at certain US locations

US-based fast-food restaurant chain Taco Bueno Restaurants has reported a data breach compromising the payment cards information of customers at certain locations. The company launched an investigation to identify the breach after it has received a report of the incident from a third party source. It has also appointed cybersecurity experts to assist in identifying the issue. According to the investigation, the card data of customers who made payments at these affected locations between March 2018 and November 2018 may have been accessed. The hacker installed malware into the company’s point-of-sale (PoS) devices to gain access to access to payment card data from cards used on these devices. However, the malware failed to access payment card from POS systems at certain restaurants where the company has deployed an end-to-end encryption (E2EE) payment processing solution.


6 Mueller questions Cambridge Analytica director Brittany Kaiser

A director of the controversial data company Cambridge Analytica, who appeared with Arron Banks at the launch of the Leave.EU campaign, has been subpoenaed by the US investigation into possible collusion between the Trump campaign and the Russian government. A spokesman for Brittany Kaiser, former business development director for Cambridge Analytica – which collapsed after the Observer revealed details of its misuse of Facebook data – confirmed that she had been subpoenaed by special counsel Robert Mueller, and was cooperating fully with his investigation. He added that she was assisting other US congressional and legal investigations into the company’s activities and had voluntarily turned over documents and data.


7 DART Officer Sues Social Media Giants Over 2016 Downtown Police Ambush

A DART police officer shot in the July 7, 2016 ambush in downtown Dallas is now suing Twitter, Facebook and Google, alleging the social media companies aided in radicalizing the gunman. Five officers died in the shooting. Officer Jesus Retana was one of nine other people injured. “Mentally, he’s just not the same person. He has nightmares, sweats. It has a tremendous impact on his life and his husband’s. They suffer every single day from what happened,” said attorney Keith Altman. Altman filed the lawsuit on behalf of Retana and his husband Andrew Moss.


8 Microsoft removes eight cryptojacking apps from official store

Microsoft has removed from the official Microsoft Store eight Windows 10 apps that had been caught mining the Monero cryptocurrency behind users' backs for the benefit of the apps' developers. The names of the eight apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. The apps were developed by three developers, namely DigiDream, 1clean, and Findoo. US cyber-security firm Symantec, which discovered the malicious apps last month, says evidence they uncovered in the applications' source code and adjacent domains led them to believe all eight had been developed by the same person or group, despite the different names.


9 Behold, the Facebook phishing scam that could dupe even vigilant users

Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login windows on malicious sites, researchers said this week. Single sign-on, or SSO, is a feature that allows people to use their accounts on other sites—typically Facebook, Google, LinkedIn, or Twitter—to log in to third-party websites. SSO is designed to make things easier for both end users and websites. Rather than having to create and remember a password for hundreds or even thousands of third-party sites, people can log in using the credentials for a single site. Websites that don’t want to bother creating and securing password-based authentication systems need only access an easy-to-use programming interface. Security and cryptographic mechanisms under the hood allow the login to happen without the third-party site ever seeing the username and password.


10 Marriott now lets you check if you’re a victim of the Starwood hack

Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack. The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year. The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.


11 Password managers may leave your online crown jewels 'exposed in RAM' to malware

Researchers at ISE declared on Tuesday that the likes of 1Password, KeePass, LastPass, and Dashline all have vulnerabilities that would potentially allow malicious software on a Windows machine to steal either the master password or individual passwords stored by the applications. The problem here is mainly secure memory management. To some degree, every one of the four password managers left passwords – either the master password or individual credentials – accessible in memory. This would potentially allow malware on a system, particular malware with admin rights, to obtain those passwords.


12 Potential Privacy Lapse Found in Americans' 2010 Census Data

An internal team at the Census Bureau found that basic personal information collected from more than 100 million Americans during the 2010 head count could be reconstructed from obscured data, but with lots of mistakes, a top agency official disclosed Saturday. The age, gender, location, race and ethnicity for 138 million people were potentially vulnerable. So far, however, only internal hacking teams have discovered such details at possible risk, and no outside groups are known to have grabbed data intended to remain private for 72 years, chief scientist John Abowd told a scientific conference. The Census Bureau is now scrapping its old data shielding technique for a state-of-the-art method that Abowd claimed is far better than Google's or Apple's.


13 JP Morgan is rolling out the first US bank-backed cryptocurrency to transform payments business

The first cryptocurrency created by a major U.S. bank is here — and it's from J.P. Morgan Chase. The lender moves more than $6 trillion around the world every day for corporations in its massive wholesale payments business. In trials set to start in a few months, a tiny fraction of that will happen over something called "JPM Coin," the digital token created by engineers at the New York-based bank to instantly settle payments between clients. J.P. Morgan is preparing for a future in which parts of the essential underpinning of global capitalism, from cross-border payments to corporate debt issuance, move to the blockchain.


14 Cards Used at 137 Restaurants Exposed by Point-of-Sale Breach

North Country Business Products point-of-sale and security solutions provider with roughly 6500 customers around the Midwest has disclosed a data breach which led to the exposure of payment information for clients who used their credit and debit cards at 137 restaurants. According to the company's data breach notification, North Country first observed that suspicious activity was present on some of its clients' networks on January 4 and a joint investigation with a third-party cybersecurity forensic firm established that the cause was malware deployed on its partner restaurants' networks. On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information.


15 FDIC’s Top 3 Challenges Are All Tech Related

The Federal Deposit Insurance Corporation could solve its top three most pressing challenges by addressing issues with its oversight of cybersecurity and emerging technologies, according to a report from the agency’s inspector general. “The FDIC plays a critical role in maintaining the stability of our financial system, and in protecting the savings of millions of Americans,” FDIC Inspector General Jay Lerner wrote, noting the agency insures more than $7.4 trillion at some 5,400 banks. In order for the FDIC to meet this mission, the agency must ensure the security of its own systems, as well as the systems of the banks it oversees. As part of its oversight responsibilities, the FDIC conducts regular assessments of banks’ cybersecurity posture through a program called Information Technology Risk Examination, or InTREx. Since the InTREx process was adopted in 2016, FDIC bureaus have reported a significant increase in the time it takes to conduct an examination, according to the report.

Related Posts