AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – July 16, 2018

Engineer Found Guilty of Stealing Navy Secrets via Dropbox Account

A jury trial found a former engineer at a Navy contractor guilty of stealing trade secrets regarding Navy projects by uploading the files to his personal Dropbox account. The man, Jared Dylan Sparks, 35, of Ardmore, Oklahoma, worked as an electrical engineer for LBI, Inc., a company authorized to build unmanned underwater vehicles (drones) for the US Navy’s Office of Naval Research, and weather data-gathering buoys for the National Oceanic and Atmospheric Administration (NOAA). According to an indictment obtained by Bleeping Computer, LBI accused Sparks of uploading over 5,000 files containing information about LBI’s work on Navy contractors to his personal Dropbox account, right before he quit his job in December 2011. Some files he sent via email.

The woman in the #PlaneBae saga breaks her silence

Earlier in July, the #PlaneBae saga went viral on social media, as one Rosey Blair documented on Twitter what she presented as a love connection between strangers — a man and a woman, sitting in front of her on an airplane. Now, for the first time, the woman involved in the #PlaneBae saga has broken her silence, and she says being an unwitting part of this social-media phenomenon has had serious consequences for her in the real world. “I did not ask for and do not seek attention,” the woman, dubbed #PrettyPlaneGirl by social media, said in a statement provided to Business Insider by her lawyer, Wesley Mullen of New York City-based law firm Mullen PC, on Thursday. “#PlaneBae is not a romance — it is a digital-age cautionary tale about privacy, identity, ethics and consent.”

Hackers are selling access to law firm secrets on dark web sites

It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that’s not the case when it comes to online networks. Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in. The price for the access was $3,500. That law firm was not alone, says Eli Dominitz the founder and CEO of Q6, which is based on Hollywood, Florida. Q6 has found similar information from law firms in Beverly Hills and other locations across the country for sale. They would not name any of the law firms.

Researchers Tricked AI Into Doing Free Computations It Wasn’t Trained to Do

Facial recognition systems have become ruthlessly efficient at picking people out of a crowd in recent years, and people are finding ways to thwart the artificial intelligence that powers them. Research has already shown that AI can be fooled into seeing something that’s not there, and now these algorithms can be hijacked and reprogrammed. As detailed in a recent paper posted to arXiv, three Google Brain researchers have taken this type of malicious image manipulation (called adversarial examples) a step further and demonstrated that small changes to images can actually force a machine learning algorithm to do free computations for the attacker, even if it wasn’t originally trained to do these types of computations. This opens the door for the possibility of attackers being able to hijack our increasingly AI-driven smartphones by exposing them to subtly manipulated images.

US indicts 12 Russians for hacking DNC emails during the 2016 election

Grand jury indictments against the 12 alleged Russian intelligence officials were announced by Rod Rosenstein, the deputy US attorney general, at a press conference in Washington. “The internet allows foreign adversaries to attack America in new and unexpected ways,” said Rosenstein. Lamenting what he called “partisan warfare” in the US around the ongoing Russia inquiry, Rosenstein said: “The blame for election interference belongs to the criminals who committed election interference.”

Why going cashless is discriminatory – and what’s being done to stop it

Mobile payments. Credit cards. Digital currencies. Going cashless seems to be a worldwide trend. In Belgium, it is illegal to buy real estate with cash. Some banks in Australia have eliminated cash from their branches. Sweden has seen its use of cash drop to less than 2% of all transactions, and the number could be heading even lower in the next few years. However, one city in the US is resisting that trend: Washington DC. In the nation’s capital cash is still king, and a new bill introduced this week wants to keep it that way. The Cashless Retailers Prohibition Act of 2018 would make it illegal for restaurants and retailers not to accept cash or charge a different price to customers depending on the type of payment they use.

Use Wikipedia as Your Personal Tour Guide With WikiCompass

With it, you can pull up Wikipedia articles about places near you. The app marks each place that has a Wikipedia article available about it on a map. You can tap on the icon on the map to pull up a small picture of what the Wikipedia articles is about. If you’re still interested, you can tap on it again to launch the article and read more. There’s also an augmented reality feature where you can simply hold your phone up and get that info overlaid over the world around you.

Senators Ask FTC to Investigate Smart TVs for Invading Users’ Privacy

Two US senators have asked the Federal Trade Commission (FTC) to investigate smart TV makers amid fears and evidence that companies might be using devices to collect data and track users without their knowledge. To justify their alarming letter, the two senators cited a recent New York Times report about Samba TV, a vendor of smart TVs. According to the report, while Samba tells users and lets them decide if to enable data collection for analytics purposes, it does not inform customers of the real depth of the collected data, which includes much more information than users believe they are agreeing to. The two senators also cite an FTC settlement from February 2017, when Vizio agreed to pay a $2.2 million fine after it was caught secretly collecting user data and then selling it to third-parties without the user’s explicit consent.

GitHub to Pythonistas: Let us save you from vulnerable code

GitHub’s added Python to the list of programming languages it can auto-scan for known vulnerabilities. In March, the social code-host added Ruby and Javascript libraries to the dependency graph service it announced last year. Now, Python developers have the same lack of excuse for fixing flawed code. In this post, GitHub quality engineer Robert Schultheis explained that “a few recent vulnerabilities” are covered in the current version of the scanner.

BEC Scam Losses Top $12 Billion: FBI

The losses and potential losses reported as a result of business email compromise (BEC) and email account compromise (EAC) scams exceed $12 billion globally, according to an alert published last week by the FBI. The report is based on data collected by the FBI’s Internet Crime Complaint Center (IC3), international law enforcement and financial institutions between October 2013 and May 2018. The amounts represent both money that was actually lost by victims and money they could have lost had they taken the bait.

US Lifts Export Ban on Suppliers to China’s ZTE

The United States on Friday formally lifted a crippling ban on exports to China’s ZTE, rescuing the smartphone maker from the brink of collapse after it was denied key components. The US Commerce Department said it would continue to monitor the company to prevent further violations of US sanctions on Iran and North Korea. “While we lifted the ban on ZTE, the Department will remain vigilant as we closely monitor ZTE’s actions to ensure compliance with all US laws and regulations,” Commerce Secretary Wilbur Ross said in a statement.

Trump might ask Putin to extradite the 12 Russian intelligence officers

Ahead of the Trump-Putin meeting in Helsinki on Monday, the US President announced that he may ask the extradition of the 12 Russian intelligence officers accused of attempting to interfere with the 2016 presidential election. Trump will meet with Putin in Finland, despite calls from Democratic lawmakers to cancel the summit in light of indictments. Journalist asked Trump whether he would request the extradition to the US of the Russian intelligence officers accused of hacking Hillary Clinton‘s presidential campaign, and the reply was clear.

Related Posts