AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – June 19, 2018

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives

Apple’s macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. The problem is that these cached thumbnails are stored on non-encrypted hard drives, in a known location and can be easily retrieved by malware or forensics tools, revealing some of the content stored on encrypted containers. On macOS, these thumbnails are created by Finder and QuickLook. Finder is the default macOS file explorer app, similar to Windows Explorer.

Virginia Department of Environmental Quality website hacked

The incident was reported on May 22 after the intrusion was “detected and contained quickly,” Virginia Information Technologies Agency spokeswoman, Marcella Williamson told the Richmond Times-Dispatch. “A malicious party got into the system; however, the intruder was detected early by VITA and blocked, preventing significant changes,” Williamson said. The agency subsequently took the site down for nearly two weeks and it has since been restored although a few applications remain out of order. Officials said there is no way to identify the attacker or their ultimate goal is but said the threat actor was initially targeted systems hosting the website and that the incident was discovered before they could access additional data.

State investigating ‘possible’ criminal breach of driver’s license info

Agents are “investigating possible improper use of personal identifying information” of the state’s licensed drivers put online by a Department of Highway Safety and Motor Vehicles (DHSMV) vendor, a Florida Department of Law Enforcement spokeswoman confirmed to Florida Politics on Friday. Roughly 17 million people hold a Florida driver’s license. Spokeswoman Gretl Plessinger said FDLE agents in Tallahassee — including the agency’s Cyber Crime Squad — were working the case, which she said falls under the “active” criminal investigation exemption to the state’s public record law. Plessinger declined further comment, including how many Floridians’ personal data was misused, if any.

Another flaw hits Tapplock smart locks, thanks to leaky server

For the second time this week, smart lock maker Tapplock is under fire over its security. Security researcher Vangelis Stykas found anyone can obtain sensitive information to locate and open a lock, simply by pulling the information directly from a leaky company’s API server. He demonstrated how to retrieve the lock’s last known postal address, and enough data to create an unlock code, which can be used to locate and open any smart lock. Tapplock said it will fix the security issue in an upcoming app update. Android users are expected to get the app later today, while iOS users have to wait until Apple approves the app.

The President Is Missing… a few finer points on how the cyber works in this novel

If you hadn’t heard, former President William Jefferson Clinton and well-established mass-production author James Patterson have collaborated on a novel titled The President Is Missing. The book is a political cyber-thriller of sorts, the second such book from a member of the Clinton family—that is, if you count Hillary Clinton’s What Happened as one. And just as with Ms. Clinton’s book, The President Is Missing gives shout-outs to Russian hacking groups, mentioning Fancy Bear by name. The President Is Missing is, however, a work of fiction.

‘Quads for Squads’ grounded over cyber concerns

The Corps is being forced to ground commercial drones it has been fielding to infantry units because of a recent Department of Defense policy memo. The policy memo, released at the end of May and signed by Deputy Secretary of Defense Patrick Shanahan, bans the purchase and use of commercial off-the-shelf, or COTS, drones, citing cybersecurity concerns. “The DoD Inspector General found that the DoD has not implemented an adequate process to assess cybersecurity risks associated with using commercial-off-the-shelf (COTS) Unmanned Aerial Systems,” the memo reads. The Corps has been rapidly issuing small Instant Eye quadcopters to every rifle squad as part of a program called ‘Quads for Squads.’

Justice Dept. releases new details on ‘micro-jamming’

If you get arrested soon, know that any cellphone you manage to smuggle into prison may not work. The National Telecommunications and Information Administration released a report on June 15 giving new details about “micro-jamming” technology that can render a jail cell without cellphone signal. Just 20 feet outside the area, however, wireless communication signals can run as normal. The results are “a step forward countering the security threat posed by contraband cellphones,” said Beth Williams, assistant attorney general for legal policy at the Department of Justice, in a news release. “The results indicate the potential for localized impact of this micro-jamming technology.”

Don’t install Fortnite Android APK because it could infect your mobile device

Fortnite is currently the most popular game, it is a co-op sandbox survival game developed by Epic Games and People Can Fly. The game was released as a paid-for early access title for Microsoft Windows, macOS, PlayStation 4 and Xbox One on July 25, 2017, with a full free-to-play releases in 2018.

The Fortnite game has now more than 125 million active users. The great success obtained by the Fortnite attracted cyber criminals that are attempting to exploit its popularity to target the fans. Unfortunately for Android users, Fortnite for Android devices is not available yet, it is currently under development while the iOS version was released in March by Epic Games. Surfing online it is quite easy to find blog posts and video tutorial with instructions to install fake Fortnite Android App.

ZTE ban, tucked inside the NDAA, passes the Senate

The $716 billion National Defense Authorization Act passed the U.S. Senate on Monday, including an amendment that kills a deal the Trump administration made with China that effectively saved telecommunications firm ZTE. The bill still has a long way to go. The House of Representatives’ version, which omits the ZTE Ban, has to be reconciled with the Senate version. Additionally, the White House strongly opposes the measure. Despite the process ahead, the amendment’s backers are taking the NDAA’s passage as a victory.

Ex-CIA Employee Charged with Leak of Classified CIA Vault 7 Hacking Tools

The Department of Justice has announced new charges against former CIA software engineer Joshua Schulte for allegedly leaking classified CIA documents, software projects, and hacking utilities called Vault 7 to WikiLeaks. Schulte was charged on August 24, 2017 with possession of child pornography, but was also believed to be the source of the embarrassing leak of CIA documents. Today, federal prosecutors have charged Schulte with 3 charges related to the theft and disclosure of the Vault 17 material and his possession of child pornography.

Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans

A woman has fessed up to using people’s personal information, leaked online from the US government’s Office of Personnel Management mega-hack, to take out loans and open bank accounts. Karvia Cross, 39, of Bowie, Maryland, USA, pleaded guilty on Monday in the eastern district of Virginia to one count of identity theft and conspiracy to commit bank fraud. She faces anywhere from two to 30 years when sentenced this Fall. Cross admitted to working with other fraudsters – five more people were charged in the case and one person beside Cross has already pleaded guilty – to use the names, dates of birth, and social security numbers of strangers to apply for and receive loans from the Langley Federal Credit Union in Virginia.

Got an Axis network cam? You’ll need to patch it, unless you like hackers

Researchers have detailed a string of vulnerabilities that, when exploited in combination, would allow for hundreds of models of internet-linked surveillance cameras to be remotely hijacked. Security biz VDOO said today it privately alerted cam-maker Axis Communications to the seven bugs it found in its gizmos, leading to the manufacturer issuing firmware updates for roughly 400 models of connected surveillance cameras that would be vulnerable to attack. Owners of at-risk gear are urged advised to update their camera firmware as soon as possible.

Upcoming iOS 12 Will Share Emergency Location With 911 Services

Apple announced today that the next version of the iOS operating system —iOS 12— would automatically and securely share a caller’s geo-location with 911 emergency services across the US. The goal is to give 911 call centers quick access to location data in extreme cases where the caller cannot relay this information on his own. To do this, Apple says iOS 12 will use two technologies. The first is HELO (Hybridized Emergency Location), a system that Apple developed and launched in 2015. HELO works by estimating a 911 caller’s location using cell towers and on-device data sources like GPS and WiFi Access Points. The second technology is a custom Internet-based protocol developed by RapidSOS, a US-based startup. This protocol’s purpose is to quickly and securely share HELO location data with 911 call centers.

Elon Musk emails employees about ‘extensive and damaging sabotage’ by employee

Tesla CEO Elon Musk sent an email to all employees on Monday morning about a factory fire, and seemed to reference possible sabotage. Now, CNBC has learned that Musk also sent an e-mail to all employees at Tesla late on Sunday night alleging that he has discovered a saboteur in the company’s ranks. Musk said this person had conducted “quite extensive and damaging sabotage” to the company’s operations, including by changing code to an internal product and exporting data to outsiders. Several employees, from different divisions within Tesla, confirmed receipt of the e-mail to CNBC.

Trade Tensions With Allies Not Affecting Cyber, Top Diplomat Says

Tensions between the U.S. and its allies over trade and other issues have not affected the U.S.’s ability to cooperate with allies on enforcing rules of the road in cyberspace and punishing nations that violate them, the Trump administration’s top cyber diplomat told Nextgov recently. President Donald Trump has feuded with allies such as Canada and Germany over trade restrictions, most notably following the G7 meeting in Quebec City this month when Trump refused to join other leaders of seven of the world’s largest national economies in signing a joint communique. That tension has not spilled over into the cyber realm, however, said Robert Strayer, the State Department’s deputy assistant secretary for cyber and international communications and information policy.

Shareholders protest selling Amazon’s facial recognition software to law enforcement

Nearly 19 groups of Amazon shareholders have expressed reservations over sales of the company’s Rekognition service to law enforcement, NBC and CNN report. In a letter addressed to Amazon CEO Jeff Bezos on Friday, a copy of which was provided to NBC by the American Civil Liberties Union (ACLU), the undersigned warn against potential abuses of the facial recognition technology. And they point to recent scrutiny of Facebook over its data privacy policies, which have negatively impacted its stock. “While Rekognition may be intended to enhance some law enforcement activities, we are deeply concerned it may ultimately violate civil and human rights,” the shareholders wrote.

Google to Fix Location Data Leak in Google Home, Chromecast

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor. Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.

Related Posts