AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – June 20, 2018

Can a new DISA app help solve the security clearance dilemma?

The federal government faces a substantial security clearance backlog, so the Defense Information Systems Agency has announced a potential solution. An electronic application, eApp, will be used to submit background security clearance investigation forms. The application debuted at the Armed Forces Communications and Electronics Association Defensive Cyber Operations Symposium in Baltimore in May. DISA’s eApp is designed to replace and improve upon the current portal for security clearance check processing, called e-QIP.

Judge says ‘literal but nonsensical’ Google translation isn’t consent for police search

The case in question involved a Mexican man named Omar Cruz-Zamora, who was pulled over by cops in Kansas. When they searched his car, with his consent, they found quite a stash of meth and cocaine, which naturally led to his arrest. But there’s a catch: Cruz-Zamora doesn’t speak English well, so the consent to search the car was obtained via an exchange facilitated by Google  Translate — an exchange that the court found was insufficiently accurate to constitute consent given “freely and intelligently.” The fourth amendment prohibits unreasonable search and seizure, and lacking a warrant or probable cause, the officers required Cruz-Zamora to understand that he could refuse to let them search the car. That understanding is not evident from the exchange, during which both sides repeatedly fail to comprehend what the other is saying.

The Guy Who Robbed Someone at Gunpoint for a Domain Name Is Getting 20 Years in Jail

On Thursday, 43 year-old Iowa man Sherman Hopkins Jr. was sentenced to 20 years in prison for attempting to forcibly steal a domain name from another man at gunpoint in 2017. Domain hijacking, when someone illegally gains control of another person’s website, is quite common, but this may be the first time someone has attempted to steal a domain name at gunpoint. Last June, Hopkins broke into the home of 26 year-old Ethan Deyo in Cedar Rapids, Iowa one afternoon and demanded that Deyo to log on to his computer to transfer the domain name for “doitforstate.com” to another account. According to Deyo’s bio on his personal website, he is a web entrepreneur who previously worked for the web hosting service GoDaddy.

Florida frat bros sued over Facebook revenge porn

Several members of the Delta Sigma Phi fraternity at the University of Central Florida, along with that chapter at large, have been sued by a woman who says her former romantic partner published nude photos of her on Facebook without permission. In a Thursday statement, the national Delta Sigma Phi organization said that its UCF chapter had been placed on “immediate suspension as we investigation these claims,” adding that the allegations are “disturbing and antithetical to our organization’s values and mission.”

FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry

The letter to Judge Kimba Wood stated that “the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal… The FBI has now obtained this material.” This change is likely because of the way the messages are stored by the applications, not because the FBI had to break any sort of encryption on them. WhatsApp and Signal store their messages in encrypted databases on the device, so an initial dump of the phone would have only provided a cryptographic blob. The key is required to decrypt the contents of such a database, and there are tools readily available to access the WhatsApp database on a PC.

Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict

The change in approach was not formally debated inside the White House before it was issued, according to current and former administration officials. But it reflects the greater authority given to military commanders by President Trump, as well as a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America. It is unclear how carefully the administration has weighed the various risks involved if the plan is acted on in classified operations. Adversaries like Russia, China and North Korea, all nuclear-armed states, have been behind major cyberattacks, and the United States has struggled with the question of how to avoid an unforeseen escalation as it wields its growing cyberarsenal.

Capitol Hill staffers learn what really happens when there’s a data breach

To try to demystify future breach-related discussions on Capitol Hill, cybersecurity firm FireEye held a quiet training session for roughly 40 Senate and House staffers last month. “There’s just so much ambiguity around what happens during these types of incidents that we wanted to highlight as an example of how complex it is,” Stacy O’Mara, FireEye’s director of government relations, told CyberScoop. The goal of the drill was to help staffers and their bosses understand that multiple variables – from remediating malware to notifying regulators – can affect the timing of a data-breach response.

Amazon made a special version of Alexa for hotels with Echo speakers in their rooms

Amazon is today introducing Alexa for Hospitality, a special version of the company’s voice assistant that will be distributed on an invitation basis to hotels, vacation rental spaces, and other locations starting today. The Alexa experience will be customized and tailored to each individual hospitality location, so guests will be able to do things like order room service, request a housekeeping visit, or adjust room controls (thermostat, blinds, lights, etc.) using an Echo in their room. They can also ask location-specific questions such as what time the hotel pool closes or where the fitness center is.

IBM’s machine argues, pretty convincingly, with humans

On a stage in San Francisco, IBM’s Project Debater spoke, listened and rebutted a human’s arguments in what was described as a groundbreaking display of artificial intelligence. The machine drew from a library of “hundreds of millions” of documents – mostly newspaper articles and academic journals – to form its responses to a topic it was not prepared for beforehand. Its performance was not without slip-ups, but those in attendance made clear their thoughts when voting on who did best. While the humans had better delivery, the group agreed, the machine offered greater substance in its arguments.

Data breach at CarePartners

One of the province’s most well-known home care service providers has fallen victim of a cyber-attack. The attack has breached CarePartners’ computer system and as a result patient and employee information held in that system, including personal health and financial information, has been inappropriately accessed, according to Ontario’s Local Health Integration Network. “Acting immediately in partnership with Ontario’s LHINs, CarePartners took direct steps to prevent additional exposure and close vulnerabilities. CarePartners retained Herjavec Group, a leading cyber security firm, to contain and determine the extent of the breach. The Ontario Information and Privacy Commissioner and law enforcement officials have also been contacted and engaged.”

75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers

Three-quarters of malware samples uploaded to “no-distribute scanners” are never shared on “multiscanners” like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for security firms hunting down up-and-coming malware campaigns. These results also show that cyber-security firms do not have all the answers, and creating a good antivirus engine is not always enough. Most companies will also need an astute threat intelligence hunting team that can track down these links wherever they might be shared and add detection for malware not uploaded on places like VirusTotal.

Zacinlo malware spams Windows 10 PCs with ads and takes screenshots

The IT security researchers at Bitdefender have discovered a sophisticated and persistent malware stealing data and monitoring online activities of Windows users particularly Windows 10 and in some cases Windows 7 and Windows 8. The malware is equipped with several capabilities including installing itself on a targeted system, spamming the system with advertisements whenever a victim visits a website, opening multiple browser sessions and replacing legitimate ads on a website with ads it receives from the command and control (C&C) – It does not end here, malware authors also configure how ads should be displayed so that victims can click on them and malware authors can generate revenue.

Chicago Public Schools mistakenly emails private data of thousands of students, including names, phone numbers

“We sincerely apologize for this unintended disclosure and ask that you please delete the information in question,” the email read. “We are taking this matter very seriously, and a review of this incident is underway to determine how this breach occurred and ensure a similar matter does not occur again. ”The school district also said it would be removing the employee responsible from the employee’s position, “because violating your privacy is unacceptable to the district,” according to Howard.

U.S. lawmakers warn Canada about Chinese telecom giant Huawei

Senior lawmakers on U.S. intelligence committees are warning the Trudeau government that Chinese smartphone maker Huawei – which has turned Canada into a key research centre for next-generation mobile technology – is a national-security threat to a network of Canada’s allies. Republican Senator Tom Cotton and Democratic Senator Mark Warner told The Globe and Mail that the Chinese telecom giant is a grave cybersecurity risk and its smartphones and equipment should not be used by Canada and other Western allies.

Chinese hacking group resurfaces, targets U.S. satellite companies and systems

A Chinese-linked hacking group began targeting at least two different U.S.-based satellite companies, a Defense Department contractor and another private firm that sells geospatial imaging technology in late 2017, according to new research by Symantec. The focused hacking campaign appears to have been originally launched around the same time as talks about a U.S.-China trade war — which is now in full swing — were heating up late last year. Symantec discovered and notified the U.S. government about the malicious cyber activity roughly four months ago, according to Jon DiMaggio, a senior threat intelligence analysts with Symantec, who led the investigation.

Could The Verizon Location Data Sale Have Compromised US Spy Networks?

While most of the coverage of Verizon selling its customers’ realtime locations to data brokers has focused on the privacy implications for ordinary users, the sales raise a far more troubling question – could foreign powers have used shell companies to purchase the data to map out the US national security footprint and help uncover US clandestine personnel and their foreign assets? Beyond Verizon’s acknowledgement that it sold user location data to two brokers that then further resold it to at least 75 companies, little is known about the full extent of those data sales and especially how many companies or individuals accessed the data through any of those companies or any further brokers they sold to. This raises the question of whether foreign powers could have purchased user location data for key areas like Washington, DC to map out the US intelligence footprint or around US military installations.


Related Posts