AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – June 22, 2018

Senate to review fusion center plan to deter Russian cyberattacks

Members of the Senate Intelligence Committee said Wednesday they would consider plans offered by a Obama administration official to fight back against Russian aggression in cyberspace. Victoria Nuland, a former U.S. ambassador to NATO, told lawmakers that it would be pragmatic for the country to consider a new “fusion center” to deter foreign election meddling similar to what occurred in 2016. The approach Nuland described would look like the counter-terrorism model pursued by the U.S. government in the aftermath of the Sept. 11, 2001 terror attacks.

Thousands of records hacked at Latham health billing company

On March 22, Med Associates officials noticed “unusual activity” at a computer workstation at the company’s Airport Park offices, said company President Catherine Alvey on Tuesday. The company provides claims services for more than 70 health care providers. An investigation later found an “unauthorized party accessed the workstation, and through that, may have had access to certain personal and protected information.” That included patient names, addresses, date of birth, and insurance information including diagnosis and procedure codes.

Oregon state employees unable to email the public after computer ‘hijacked’ by phishing email

Oregon’s state technology workers are scrambling to fix a problem that is preventing thousands of government employees from corresponding with members of the public via email. Several private email providers have blacklisted the state email domain Oregon.gov after a state employee apparently clicked on a phishing email earlier this month that allowed a hacker to access the state’s computer system. “The malicious link hijacked the state-owned PC and generated over eight million spam emails from an Oregon.gov email address,” state officials wrote in an email explaining the situation to employees on Friday.

Lawmakers urge Google to end partnership with China’s Huawei

Five U.S. lawmakers urged Google CEO Sundar Pichai to end the company’s partnership with Huawei, the Chinese telecom giant that faces increasingly harsh criticism from Congress on national security grounds. “We urge you to reconsider Google’s partnership with Huawei, particularly since your company recently refused to renew a key research partnership, Project Maven, with the Department of Defense,” the letter reads. “While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies, we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military.”


An unusual botnet dubbed Mylobot has emerged, percolating up from the Dark Web – and displaying a never-before-seen level of complexity in terms of the sheer breadth of its various tools, especially evasion techniques. According to an analysis posted on Tuesday by Tom Nipravsky, a security researcher for Deep Instinct, Mylobot’s bag of tricks is bursting at the seams. These include anti-VM, anti-sandbox and anti-debugging techniques; wrapping internal parts with an encrypted resource file; code injection; process hollowing (where an attacker creates a new process in a suspended state, and replaces its image with the one that is to be hidden); reflective EXE, which involves executing EXE files directly from memory, without having them on disk; and, it also has a delaying mechanism of 14 days before accessing its C&C servers.

‘Hidden Tunnels’ Help Hackers Launch Financial Services Attacks

Financial firms have stronger security than most, securing Web applications with layers upon layers of access controls. Because apps are locked down, data has to be sent through “hidden tunnels” to move across an organization. There are legitimate use cases for this: Specific stock-tickers commercial apps and internal financial services use tunnels to communicate. The high volume of traffic flowing to and from enterprise Web applications creates an ideal place for attackers to hide, Morales says. Hidden tunnels are tough to detect because communications are hidden within connections that use normal, permitted protocols. Messages can be embedded as text in headers, cookies, and other fields, researchers say.

Google lays groundwork for secure offline app distribution

Google will start adding security metadata to Android application packages (APKs) distributed via Google Play, so that users with limited internet access can check whether the apps they get via peer-to-peer app sharing are legitimate. The move, announced late last year, is part of a wider push for improving app security and will surely benefit a lot of users. “Often when you buy a physical product, you’ll find an official label or a badge which signifies the product’s authenticity. The metadata we’re adding to APKs is like a Play badge of authenticity for your Android app,” Google explained.

Air Force eyes new cyber training facility in Florida

The Air Force is outgrowing its current cyber and information operations training facility. The demand for cyber training has increased substantially in recent years, so much so that the 39th Information Operations Squadron had to build another building adjacent to its headquarters in Hurlburt Field, Florida, in order to accommodate the influx of new students. “Looking toward the future, we are building a $14.2 million, 36,000-square-foot schoolhouse facility at our main cyber formal training unit,” Maj. Gen. Christopher Weggeman, commander of 24th Air Force, wrote in prepared testimony before the Senate Armed Services Cyber Subcommittee in March.

California legislators stealthily ‘eviscerate’ state’s net neutrality bill

California’s net neutrality bill has been cited as an excellent example of what states can do to protect their citizens now that the 2015 rules have been officially rolled back and weaker ones substituted. And in some ways it actually went further than the FCC’s popular rules, which were a bit more conservative on, for example, the practice of zero rating. While the FCC found that zero rating practices could basically be pursued up to a certain point, the California bill would essentially render illegal the ones that exist today. But late last night the chair of the committee through which the bill must pass, Miguel Santiago, proposed some “suggested amendments” that completely removed the zero rating rules and several other important protections. Now, disagreements on proposed laws are perfectly ordinary and that’s what committees like this are for, to balance different viewpoints and ostensibly produce a better law. And Sen. Wiener has indicated that he and the others behind the bill are willing to negotiate.

Cybersecurity Disclosures Should Be Beefed Up, Says SEC Commissioner

Securities and Exchange Commission Democratic Commissioner Robert Jackson, Jr. said today investors are not getting the type of cybersecurity disclosures they need. “Let’s give them some information for starters (and promptly),” the SEC Commissioner told the annual meeting of the Society for Corporate Governance in Washington, D.C. However, Jackson said he isn’t sure what additional cybersecurity information investors should be handed. Information should be given to investors quickly, but it is hard to know what disclosure best practices should be, he acknowledged.

Continued Conversation Now Available in Google Assistant. Here’s How to Enable

While digital assistants have become easier to use, it can become frustrating to have to say the wakeup word every time you want to ask a question. With this in mind, at Google I/O 2018 Google announced an optional new feature called “Continued Conversation” that would allow you to continue talking to Google Assistant without using the wake up word each time. Starting today, this new feature has begun to rollout to Google Home, Google Home Mini and Google Home Max devices worldwide. With this feature enabled you just need to say “Hey Google” once and then you can continue issuing commands or asking questions as needed.

Twitter acquires Smyte to tackle hateful content more proactively

As part of efforts to stem the flow of hateful content on its platform, Twitter announced today that it’s acquiring Smyte, a startup that “specializes in safety, spam, and security issues.” “The Smyte team has dealt with many unique issues facing online safety and believes in the same proactive approach that we’re taking for Twitter: stopping abusive behavior before it impacts anyone’s experience,” Twitter wrote in a blog post announcing the acquisition. Specifically calling out Smyte’s review tools, Twitter said it would be integrating Smyte’s technology into its products “in the coming months.”

Related Posts