AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – January 2, 2019

Newspapers report suspected malware attack

Staffers at some of America’s best-known newspapers are wondering whether their systems were the victim of a foreign cyberattack. Several papers, including the Los Angeles Times and The San Diego Union-Tribune, suffered printing and distribution delays as a result of the incident. Some reporters chuckled at the irony of a digital bug interrupting printed papers. But there is also real concern about the effectiveness of the attack. Tribune Publishing said “malware” was detected on its servers Friday. The Union-Tribune, which also called it a “virus,” said most subscribers were left without a Saturday morning paper as a result.

US Investigating CenturyLink Internet Outage, 911 Failures

U.S. officials and at least one state said Friday that they have started investigations into a nationwide CenturyLink internet outage that has disrupted 911 service. Federal Communications Commission Chairman Ajit Pai called the outage that began Thursday “completely unacceptable” because people who need help couldn’t use the emergency number. “Its breadth and duration are particularly troubling,” he said. The commission’s Public Safety and Homeland Security Bureau will investigate the cause and effect of the outage, he said. The Monroe, Louisiana-based telecommunications giant is one of the largest in the United States. It offers communications and information technology services in dozens of states. Customers from New York to California reported outages. CenturyLink spokeswoman Debra Peterson said the outage “is not related to hacking,” but she declined further comment.

Pilot project demos credit cards with shifting CVV codes to stop fraud

US-based PNC Bank is in the middle of a pilot project that aims to test out credit cards with constantly changing card verification values (or CVVs) to reduce online credit card fraud. The dynamic CVV is displayed on the back of such a card in e-ink and changes according to an algorithm supplied by Visa. Credit card fraud has long been a problem in the US. To stop thieves from re-using credit card numbers in brick-and-mortar stores, the US has been moving to chip-based credit and debit cards, which create a unique code for each transaction (although this transition to chip cards has been less successful than was hoped). But online credit card fraud is another beast. Once a fraudster has stolen a credit card number, they often can use the static number to make online purchases without being thwarted by chip complications.

Open-source tool aims to curb BGP hijacking amid Chinese espionage concerns

BGP security is going global. International agencies including the U.S. Department of Homeland Security, the National Science Foundation, the European Research Council and others are funding the Automatic and Real-Time dEtection and Mitigation System (ARTEMIS), in an effort to stop hackers from rerouting internet traffic through malicious networks. Border Gateway Protocol hijacking occurs when attackers redirect web traffic away from its intended destination and instead send those connections somewhere else. Perhaps the best known example of BGP hijacking occurred in November when millions of IP addresses aimed at Google were instead sent to a state-controlled telecom in China, apparently by accident.

Blue Cross alerts 15,000 Medicare customers of potential data breach

Blue Cross Blue Shield of Michigan has notified about 15,000 Medicare Advantage members of a potential breach of personal information after a laptop computer of an employee of a subsidary of the insurer was stolen in late October. Though the stolen laptop of an employee at COBX Co. “was encrypted and password-protected, the employee’s access credentials may have been potentially compromised,” Blue Cross said in a news release Friday. No Social Security or financial information of the Medicare Advantage customers was accessible in the computer, which was stolen on Oct. 26, according to the Detroit-based health insurance company. But first name, last name, address, date of birth, gender, medication, diagnosis, provider information and enrollee identification numbers may have been breached from the stolen laptop.

Mozilla: Ad on Firefox’s new tab page was just another experiment

Some Firefox users yesterday started seeing an ad in the desktop version of the browser. It offers users a $20 Amazon gift card in return for booking your next hotel stay via Booking.com. We reached out to Mozilla, which confirmed the ad was a Firefox experiment and that no user data was being shared with its partners. The ad appears at the bottom of Firefox’s new tab page on the desktop version with a “Find a Hotel” button that takes the user to a Booking.com page. The text reads: “Ready to schedule that next family reunion? Here’s a thank you from Firefox. Book your next hotel stay on Booking.com today and get a free $20 Amazon gift card. Happy Holidays from Firefox! (Restrictions apply).” A second version reads: “For the holidays, we got you a little something just for using Firefox! Book your next hotel stay on Booking.com today and get a free $20 Amazon gift card. Happy Holidays from Firefox! (Restrictions apply.)”

Popsugar’s Twinning app was leaking everyone’s uploaded photos

I thought the worst thing about Popsugar’s Twinning tool was that it matched me with James Corden. Turns out, the hundreds of thousands of selfies uploaded to the tool were easily downloadable by anyone who knew where to look. The popular photo-matching tool is fairly simple. “It analyzes a selfie or uploaded photo, compares it to a massive database of celebrity photos to find matches, and finally gives you a ‘twinning percentage’ for your top five look-alikes,” according to Popsugar, which developed the tool. Then, you share those matched photos on Facebook and Twitter so everyone knows that you don’t look at all like one of the many Kardashians. All of the uploaded photos are stored in a storage bucket hosted on Amazon Web Services. We know because the web address of the bucket is in the code on the Twinning tool’s website. Open that in your web browser, and we saw a real-time stream of uploaded photos.

Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks

On Monday, New Year’s Eve, a hacker group announced it had breached a law firm handling cases related to the September 11 attacks, and threatened to publicly release a large cache of related internal files unless their ransom demands were met. The news is the latest public extortion attempt from the group known as The Dark Overlord, which has previously targeted a production studio working for Netflix, as well as a host of medical centres and private businesses across the United States. The announcement also signals a slight evolution in The Dark Overlord’s strategy, which has expanded on leveraging the media to exert pressure on victims, to now distributing its threats and stolen data in a wider fashion.

OWASP Top 10 Internet of Things 2018

The OWASP Internet of Things Project was started in 2014 as a way help Developers, Manufacturers, Enterprises, and Consumers to make better decisions regarding the creation and use of IoT systems. This continues today with the 2018 release of the OWASP IoT Top 10, which represents the top ten things to avoid when building, deploying, or managing IoT systems. The primary theme for the 2018 OWASP Internet of Things Top 10 is simplicity. Rather than having separate lists for risks vs. threats vs. vulnerabilities—or for developers vs. enterprises vs. consumers—the project team elected to have a single, unified list that captures the top things to avoid when dealing with IoT Security.

Related Posts