AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

Infosec News Nuggets – June 12, 2018

Russia appears to be ‘live testing’ cyber attacks – Former UK spy boss Robert Hannigan

Russia presents a greater threat in terms of sophistication and a greater overall danger – not least because it doesn’t mind being destructive, Hannigan warned. The destructive element of attacks blamed on Russia includes NotPetya and attacks on the Ukrainian power grid. Attacks attributed back to Russia have become more sophisticated, brazen and even a little bit reckless. Russia appears to be live-testing cyberattacks – as has been speculated about the recent planting of the VPNFilter backdoor on routers – although the intent is unknown. “It’s unclear if that was a mistake or an experiment,” Hannigan said. “Russia seems to be live testing things in cyber, as it has been [on the ground] in Syria, but it’s a doctrine we don’t fully understand.”

Physicist Max Tegmark on the promise and pitfalls of artificial intelligence

Technology isn’t bad and technology isn’t good; technology is an amplifier of our ability to do stuff. And the more powerful it is, the more good we can do and the more bad we can do. I’m optimistic that we can create this truly inspiring, high-tech future as long as we win the race between the growing power of the technology and the growing wisdom with which we manage it. Therein lies the rub, I think, because our old strategy for winning this race has been learning from mistakes. We discovered fire, screwed up a lot, and then invented the fire extinguisher. So with more powerful technology like nuclear weapons or superhuman AI, we don’t want to have to learn from mistakes — it’s much better to want get things right the first time.

Weight Watchers IT Infrastructure Exposed via No-Password Kubernetes Server

Just like many companies before it, weight loss program Weight Watchers suffered a small security breach after security researchers found a crucial server exposed on the Internet that was holding the configuration info for some of the company’s IT infrastructure. The exposed server was a Kubernetes instance, a type of software for managing large IT networks and easily deploying app containers across multiple servers, usually on a cloud infrastructure. Researchers from German cyber-security firm Kromtech discovered that Weight Watchers forgot to set a password for the administration console of one of its Kubernetes instances.

Net Neutrality Is Officially Repealed

Six months after the Federal Communications Commission voted to repeal federal net neutrality protections, the changes have quietly gone into effect. “There was an internet-wide freakout in December and I have not seen the same freakout around this deadline,” said Democratic Washington state Representative Drew Hansen, who introduced a bill that restored net neutrality laws in that state. As of Monday, the only state with net neutrality laws in effect is Washington, but many others have laws that will likely pass in the next few months, or have some protections under executive orders.

Wi-Fi phishing attacks discovered around Atlanta City Hall

As Atlanta continues to fully recover from March’s ransomware attack, new evidence discovered today by Coronet reveals hundreds of active Wi-Fi phishing attacks currently ongoing both inside of and in close proximity to Atlanta City Hall. The research also found attacks currently underway in Georgia’s State Capitol Building, which is just a few blocks away. In total, Coronet identified 678 active threats within a 5-mile radius of Atlanta’s City Hall.

International Business E-Mail Compromise Takedown

Today, federal authorities—including the Department of Justice and the FBI—announced a major coordinated law enforcement effort to disrupt international business e-mail compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation WireWire—which also included the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service—involved a six-month sweep that culminated in over two weeks of intensified law enforcement activity resulting in 74 arrests in the U.S. and overseas, including 42 in the U.S., 29 in Nigeria, and three in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers.

Password reset flaw at internet giant Frontier allowed account takeovers

The vulnerability, found by security researcher Ryan Stevenson, allows a determined attacker to take over an account with just a username or email address. And a few hours worth of determination, an attacker can bypass the access code sent during the password reset process. After disclosing the bug to Frontier, the cable giant told ZDNet that an investigation is underway. “Out of an abundance of caution, while the matter is being investigated Frontier has shut down the functionality of changing a customer’s password via the web,” said the spokesperson.

Tens of Thousands of Android Devices Are Exposing Their Debug Port

The issue is that some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version of their product that landed in users’ hands. Customers using these devices may be unaware that their device is open to remote connections via the ADB interface, normally accessible via TCP port 5555. Furthermore, because ADB is a troubleshooting utility, it also grants the user access to a slew of sensitive tools, including a Unix shell. The best advice at this moment is for Android device owners to check if their vendor has left the ADB interface enabled on their device. This tutorial should help users with advice on enabling or disabling the ADB interface (referred to USB Debugging in most Android OS settings menus).

US unveils new Russia sanctions over cyberattacks

The US Treasury Department has imposed fresh sanctions on five Russian entities and three individuals, saying that they worked with Moscow’s military and intelligence services in an effort to conduct cyberattacks against the US. The latest step by the Trump administration comes in response to “Russia’s malign and destabilizing cyber activities” against the US and its allies, including the NotPetya cyberattack and cyber intrusions of the US energy grid, Treasury said, and includes a firm that’s controlled by Russia’s Federal Security Service or FSB.

Related Posts