AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – July 12, 2018

Russian company had access to Facebook user data through apps

A Russian internet company with links to the Kremlin was among the firms to which Facebook gave an extension which allowed them to collect data on unknowing users of the social network after a policy change supposedly stopped such collection. Facebook told CNN on Tuesday that apps developed by the Russian technology conglomerate Mail.Ru Group, were being looked at as part of the company’s wider investigation into the misuse of Facebook user data in light of the Cambridge Analytica scandal.

The FBI’s 10 Most-Wanted Black-Hat Hackers – #1

In completion of our countdown, the FBI’s most wanted black-hat hacker is Nicolae Popescu. On December 20, 2012, the United States District Court, Eastern Division of New York, Brooklyn indicted Popescu on a number of charges, including wire fraud, passport fraud, money laundering and trafficking in counterfeit service marks. Shortly thereafter, the court issued a federal warrant for his arrest. Popescu was previously the ringleader of more than 70 Romanian hackers who used online auction sites including eBay, Cars.com, AutoTrader.com and CycleTrader.com to sell non-existent cars. The hackers posed as legitimate sellers of a range of items, which they advertised to online users based in the United States.

New Spectre-like attack uses speculative execution to overflow buffers

The new attack is most similar to the array bounds check variant of Spectre. This attack takes advantage of a common coding pattern: before accessing the Nth element of an array, a program first checks that the array has an Nth element to access by comparing N to the size of the array. In most cases, that comparison succeeds, so the processor will speculatively assume that the comparison is OK and blindly try to access the Nth element. In the Spectre attack, an attempt is made to read an element that doesn’t exist. The speculative access will therefore try to read memory that isn’t part of the array. This speculatively read data can then be used to disturb the processor’s cache in a detectable way. When the processor notices that the element doesn’t exist and that the read shouldn’t be performed, it will cancel the speculative execution. But the cache remains disturbed. This disturbance means that an attacker can make inferences about the data that was speculatively read.

Man Tried To Bring Python On Plane By Hiding It In computer Hard Drive

A man tried to bring a python onto a plane in Miami by hiding it inside a hard drive, according to a news report. He and the snake did not make the flight that was headed to Barbados, authorities said. The incident unfolded Sunday at a screening area of the Miami International Airport. An article in the Miami Herald said Transportation Security Administration officers found the snake inside a piece of checked luggage when a TSA security officer noticed something odd. Officials did not tell the Herald how big the snake was, why the man said he had the snake and what airline was involved. Sari Koshetz, a spokeswoman for the TSA, told the newspaper that a bomb expert then examined the bag and found the python – still alive – in the hard drive.

Mitsubishi Wants Your Driving Data, and It’s Willing to Throw in a Free Cup of Coffee to Get It

According to the Wall Street Journal, Mitsubishi’s new smartphone app is the first of its kind. A driver can sign up and allow their driving habits to be tracked by their phone’s sensors, which monitor data points like acceleration, location, and rotation. Along the way, they’ll earn badges (reward points) based on good driving practices like staying under the speed limit. For now, the badges can be exchanged for discounted oil changes or car accessories, but the company plans to expand its incentives to other small perks like free cups of coffee by the end of the year.

Legalizing online sports betting means a new need for security

Security will be of the utmost importance to state gaming commissions. States have a golden opportunity to get it right the first time and leverage the latest technologies in identity and access management and authentication. After verifying the identity of the individual, the identity should be bound to a device to ensure that future bets are coming from a trusted device. States will likely deploy the latest in easy to use mobile apps for users to download from the App Store or Google Play Store or from their own state-managed website.

Woman who once bought bitcoins for $300,000 cash in paper bags sent to prison

A woman who for years went by the name “Bitcoin Maven” on localbitcoins.com—a peer-to-peer website for buying and selling anonymous bitcoins in person—was sentenced Monday to 366 days in federal prison, three years of supervised release, and a $20,000 fine. While selling bitcoins is not inherently illegal, doing so in such large volumes without keeping extensive records to mitigate money laundering is. Federal prosecutors in Los Angeles called the case against Theresa Lynn Tetley—a 50-year-old former stockbroker who bought and sold several million dollars’ worth of bitcoins—the first of its kind in the region.

Facebook Is Testing a Feature to Tell You If That DM Came from Russia

Facebook is testing a feature that provides additional information about direct messages from unknown contacts, including whether an account was recently created and what sort of phone number it used to log in. “We are testing a way to provide people with more context on folks they may not have connected with previously,” Dalya Browne from Facebook’s Messenger team told Motherboard in an email. Erin Gallagher, a multimedia artist, provided Motherboard with a screenshot of the new messenger warning. It says that the person sending a direct message logged into Messenger using a phone number from Russia; that the account was recently created; and that the unsolicited user is different from a Facebook friend with the same name. The last point would presumably be helpful for identifying accounts that may be trying to impersonate other users.

DOD seeks classification “Clippy” to help classify data, control access

The DOD has issued a request for information (RFI) from industry in a quest for technology that will prevent the mislabeling and accidental (or deliberate) access and sharing of sensitive documents and data. In an announcement posted in May by the Defense Information Systems Agency (DISA), the Pentagon stated that the DOD CIO’s office—part of the Office of the Secretary of Defense—is “investigating the use of commercial solutions for labeling and controlling access to sensitive information.” Defense IT officials are seeking software that “must be able to make real-time decisions about the classification level of the information and an individual’s ability to access, change, delete, receive, or forward the information based on the credentials of the sending and/or receiving individual, facility, and system.”

Amazon Has Global Aspirations for Medical-Supplies Marketplace

Amazon.com Inc. has global aspirations for its medical-supplies marketplace, according to a job listing posted on its website, highlighting the e-commerce giant’s sweeping ambitions to disrupt health care by selling products to hospitals, doctors and dentists and offering prescription drugs. “Our mission is to make Amazon the preferred shopping destination for Healthcare customers,” the post states. “Our Healthcare customers have different needs than traditional Amazon Business customers and thus we are reinventing everything from how we display our selection, price our products, and provide the right customer experience. We seek to understand the specific needs of our healthcare customers, vendors, and sellers in order to deliver innovative solutions to serve their needs.”

Timehop admits to more data leakage, details GDPR danger

Nostalgia aggregator Timehop has revised its advice about the data breach it reported earlier this week. The news is bad in two dimensions, the first of which is that the company has found more data was accessed. Updates to its oops! post has now added “dates of birth, gender [and] country codes” to the list of lost information, in addition to names email addresses and phone numbers. After “closer examination of forensics and logs” the company has also revised its estimates of lost records and added an analysis of how many put it on the wrong side of GDPR. The second nasty dimension is that Timehop has revealed that the attacker who lifted the data was able to access its systems since December 2017 and logged on during March and April 2018 without detection, in part thanks to the absence of two-factor authentication.

Girl Scouts Are Learning to Pick Locks, Hack Computers

The Girl Scouts are hosting workshops to teach members the basics of science, technology, engineering, and math (STEM) careers, including Cyber Camps where such skills as computer hacking are taught. “There is a growing crisis in confidence among young girls, particularly when it comes to STEM education and the pursuit of STEM careers,” says the Girl Scouts of Texas’ Amanda Duquette. “As the largest girls leadership development program in the country, Girl Scouts is poised to fill this gap.”

Crypto Crime Is a Focus of Trump’s New Task Force on Consumer Fraud

In forming a new task force to protect consumers from fraud, the Trump administration made clear that one of the greatest threats to the public is just emerging: red-hot markets for crypto coins. The inclusion of virtual tokens — along with traditional crimes like money laundering and investment schemes targeting the elderly — as a focus of a panel announced Wednesday is the latest sign of Washington’s concern over digital currencies. The Justice Department, the Securities and Exchange Commission and the Commodity Futures Trading Commission are increasingly focusing their resources on scams tied to Bitcoin and other tokens, and government officials have frequently warned investors about potential dangers.

Google Enables “Site Isolation” Feature for 99% of Chrome Desktop Users

Google has secretly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May. Site Isolation isn’t a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers. The feature is an architectural shift in Chrome’s modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain.

A Maryland-based company wants to retrofit cars built after 2011 to park themselves

The shortest part of the journey is often the most complex for self-driving cars. The first and last mile of a journey, usually wrought with traffic lights, signage, pedestrians and cyclists, present endless challenges to autonomous vehicles that even human drivers often can’t safely navigate. One company — STEER Tech, an autonomous-parking company headquartered outside of Baltimore, Maryland — thinks it may have a solution that doesn’t require any new technology from manufacturers. STEER says it owns proprietary autonomous parking technology enabling a service that parks your car after you’ve stepped out of it and onto the sidewalk. The technology, the company says, will be ready as soon as next year and can be applied to almost any car made in 2012 or later.

The Chinese Government Likely Knew about Spectre and Meltdown Bugs Before the U.S.

Sharing information about newfound hardware and software vulnerabilities is a global project and there’s no good way to coordinate a major digital fix while ensuring the Chinese government is out of the loop, witnesses told the Senate Commerce Committee Wednesday. During a six-month secret process to repair the Spectre and Meltdown computer chip vulnerabilities in 2017, chipmakers notified numerous Chinese companies about the vulnerabilities and those companies likely passed that information along to Chinese officials and intelligence agencies, witnesses told the committee. Among the Chinese companies notified was the telecom Huawei, which U.S. intelligence agencies fear could be used as to spy on Americans.


Related Posts