AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – June 25, 2018


Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Johannes Ullrich, dean of research at the SANS Technology Institute, said Wednesday that there’s been an uptick in Netflix phishing mails using TLS-certified sites. The bad actors behind the attacks will take advantage of unpatched installs or plugins, or weak passwords, to compromise usual-suspect CMS software, like WordPress or Drupal, said Ullrich. From there, they can create phishing sites that could be mistaken for real Netflix domains. In some cases, they’re using wildcard DNS records.

Tariff war of words with China resulting in cyberattacks against the U.S.

President Trump’s threat last week to place additional tariffs on Chinese made goods have not only led to counter threats being made by China’s leadership, but Stealthcare CEO Jeremy Samide believes the trade situation has spurred China to launch cyberattacks against the United States. The attacks Samide’s firm detected and attributed to China came from the LuckyMouse group, also known as, Emissary Panda, APT27. These were found pushing a new malware strain based on the HyperBro Remote Access Trojan RAT. Another incident involved an espionage campaign dubbed MirageFox, attributed to APT15, also known as Vixen Panda, Ke3chang, Royal APT and Playful Dragon.

Someone Is Taking Over Insecure Cameras and Spying on Device Owners

Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user’s equipment and its video stream. In the last nine months, two security firms have published research on the matter. Both pieces of research detail how the camera vendor lets customers use a mobile app to control their device from remote locations and view its video stream.

Canadian utility makes blockchain upstarts bid for their ravenous rigs’ electricity supply

One of Canada’s largest utilities is planning to make blockchain companies bid for access to electricity. Hydro Quebec says it will set aside a 500MW block of power that will be reserved for companies that are “using cryptography as applied to blockchain technology.” Access to that block will be subject to a bidding process and companies that want to operate their servers and miners will be required to make bids in order to get power. The starting rate for the bids will be an increase of 1 cent per kilowatt hour above the current price.

Microsoft Releases Microsoft News App as it Rebrands its News Aggregation Engine

Microsoft announced today that it’s news aggregation service that powers MSN has been rebranded as Microsoft News. This engine is used to display a list of curated news stories gathered from more than a thousand publishers, which is then aggregated in their MSN news feeds and in their Microsoft News app for Android and iOS. According to Microsoft, more than 100,000 pieces of content are submitted to the Microsoft News engine, which is then processed by AI to determine the contents freshness, category, topic type, photos to pair with the content, and potential popularity. This content is then given to the Microsoft News editors who curate the stories that they feel should be promoted in the Microsoft News feed.

DHS chief: We’re cracking down on hackers more than Obama did

The U.S. government is trying to more effectively deter cyberattacks by imposing clear consequences on nation-state-linked hackers, Homeland Security Secretary Kirstjen Nielsen said Thursday, casting the Trump administration as tougher on the issue than the Obama administration. “This is one of those areas where deterrence has to be clear,” Nielsen said at a Capitol Hill national security event. “We will no longer stand by while nation-states attack the government or our private sector entities.” “For so long, we’ve had these attacks, it’s taken us over a year to attribute it in some cases,” she said. “Then you attribute it, nothing happens.”

Skynet for the win? AI hunts down secret testing of nuclear bombs

AI can detect signs of nuclear weapons testing banned under the Comprehensive Nuclear-Test-Ban Treaty, according to research from the US Pacific Northwest National Laboratory. A group of scientists have built a neural network to sniff out any unusual nuclear activity. Researchers from the Pacific Northwest National Laboratory (PNNL), one of the United States Department of Energy national laboratories, decided to see if they could use deep learning to sort through the different nuclear decay events to identify any suspicious behavior. The lab, buried beneath 81 feet of concrete, rock and earth, is blocked out from energy from cosmic rays, electronics and other sources. It means that the data collected is less noisy, making it easier to pinpoint unusual activity.

Smartphones to become car keys by 2019

Smartphones are set to quickly become car keys after the influential Car Connectivity Consortium (CCC) published their first Digital Key specification. The agreement and release straddles members including Apple, BMW, Gemalto, General Motors, Hyundai, LG, Panasonic, Samsung and Volkswagen. The release of the global standard clears a path for developers and drivers to be able to lock, unlock, start and share access to vehicles from smart devices as developers across industries tool-up to build the NFC based functionality into new cars and handsets.

Orlando Airport to scan faces of all international passengers, including U.S. citizens

The Orlando International Airport announced Thursday it will become the first airport in the country to require face scans of all passengers arriving or departing on international flights, including U.S. citizens. Customs and Border Protection says the facial recognition scans compares the traveler’s face to others on the Department of Homeland Security’s watch list databases. “We are at a critical turning point in the implementation of a biometric entry-exit system, and we’ve found a path forward that transforms travel for all travelers,” CBP Commissioner Kevin McAleenan said in a statement. CBP says the process takes about two seconds, has a 99 percent match rate and will save passengers time. But critics say the facial recognition program has serious flaws and is an affront to privacy.

60,000 Android devices hit by battery-saving app attack

Computer security experts have discovered an unusual attack targeting users of Android devices. As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users’ devices as they browsed the web. The warning message is customized to the specific device by grabbing the model number and brand of the Android phone that is being used, presumably in an attempt to dupe users that the advice they are reading is legitimate rather than produced by a pop-up.

ACLU Warns on Forced Malicious Software Updates

According to a report by the ACLU on “How Malicious Software Updates Endanger Everyone”, it warned that “government agents may see malicious software updates as a means for surveillance” and the US government may force users to install malware to bypass passcode lockouts, enable wiretapping, turn on cameras, or physically track someone. “The likelihood that government actors may attempt to force software makers to push out software updates that include malware designed to obtain data from targeted devices grows as more companies secure their users’ data with encryption,” it said. “As companies close other technological loopholes, there will be increased pressure on law enforcement to find alternate vulnerabilities to exploit.”

Twitter punishes users for doxing White House advisor Stephen Miller

White House advisor Stephen Miller is widely seen as the mastermind behind President Donald Trump’s controversial policy of separating parents from their children at the US southern border. Yesterday, Splinter, a news and opinion site that was previously known as Fusion, published Miller’s personal cell phone number. When Splinter and others started tweeting out Miller’s number, it got the attention of Twitter’s content police. Twitter doesn’t allow users to post private information about someone else without their consent, and this rule doesn’t have an exception for people responsible for intensely controversial policies. Users who shared Miller’s number were forced to delete the tweet and had their accounts locked out for several hours. Some people have reported that users could get suspended just for linking to the Splinter story—even if the tweet itself didn’t contain Miller’s number.

The US made the wrong bet on radiofrequency, and now it could pay the price

The Pentagon’s belief in its technology drove the Department of Defense to trust it would have control over the electromagnetic spectrum for years to come, but that decision has left America vulnerable to new leaps in technology from China and Russia, according to a top military official. Gen. Paul Selva, vice chairman of the Joint Chiefs, has now concluded that the Pentagon needs to ensure it is keeping up with those near-peer nations, let along reestablishing dominance of electronic warfare and networking. “I think we assumed wrongly that encryption and our domination over the precision timing signals would allow us to evade the enemy in the electromagnetic spectrum. I think that was a bad assumption,” Selva said Thursday at the annual Center for a New American Security conference.

A Tesla telenovela

Tesla’s  lawsuit against a former employee was filed just 24 hours ago and it’s already ripe fodder for Hollywood. As CEO Elon Musk has noted in the past, Tesla is a real drama magnet. Get ready, it’s exhausting. Tesla filed the lawsuit against former employee Martin Tripp for $1 million, alleging the man, who worked as a process technician at the massive battery factory near Reno, hacked the company’s confidential and trade secret information and transferred that information to third parties, according to court documents. The lawsuit also claims the employee leaked false information to the media. Within hours, The Washington Post had an interview with Tripp, who said he did not tamper with internal systems and is instead a whistleblower who was compelled to act. Tripp admitted to speaking to the media, but only because he saw “some really scary things” inside the company. Post reporter Drew Harwell later tweeted that Tripp told him Musk emailed him shortly after the lawsuit today to say he was a “horrible person.”

Supreme court bans police access to phone records without a warrant

A US supreme court ruling issued Friday barred police from accessing cellphone records such as call listings and location data without first obtaining a search warrant, in a landmark decision in favor of privacy protections. Advocates hailed the 5-4 ruling as a victory for personal privacy rights in an age when digital technology and the widespread use of mobile devices could create easy paths for law enforcement or other state bodies into the most intimate corners of private life. “This is this most important fourth amendment ruling in recent memory, and plainly the most important decision of this term,” wrote Bob Loeb, a former leader of the justice department’s appellate division who has argued cases before the high court, on Twitter.

Apple acknowledges faulty MacBook and MacBook Pro keyboards with new repair program

Apple has officially acknowledged that there are problems with its “butterfly” mechanism built into the keyboards of the recent MacBook and MacBook Pro laptops. The company is now offering an extended keyboard service program for computers affected by the issue, via iMore. The extended warranty covers replacement of one or more keys or the whole keyboard, depending on the extent of users’ problems, and it covers eligible laptops up to four years after the computer was bought at retail. (Every MacBook and MacBook Pro model with the butterfly switches seems to be included.) That’s dramatically longer than the limited warranty the computers ship with or even Apple’s extended AppleCare Plus.

Related Posts