AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 11, 2019

1 Beyond Hybrid War: How China Exploits Social Media to Sway American Opinion

We studied Chinese state-run social media influence operations and concluded that the Chinese state utilized techniques different from the Russian state. These differences in technique are driven by dissimilar foreign policy and strategic goals. President Xi Jinping has global strategic goals for China different from those President Vladimir Putin has for Russia; as a result, the social media influence techniques used by China are different from those used by Russia. Further, our research has revealed that the manner in which China has attempted to influence the American population is different from the techniques they use domestically. We believe that the Chinese state has employed a plethora of state-run media to exploit the openness of American democratic society in an effort to insert an intentionally distorted and biased narrative portraying a utopian view of the Chinese government and party.


2 IT guy at US govt fraud watchdog stole 16 computers from… US govt fraud watchdog

An IT contractor for a US government fraud and abuse watchdog pleaded guilty on Thursday to stealing 16 US government computers. According to prosecutors, Andrew Cheveers, 31, served as a techie for the State Department's Office of Inspector General (State OIG), where he held a security clearance and set up PCs for government employees. The State OIG helps assess and mitigate risks to State Department personnel and facilities abroad. It also oversees contracts, grants, and foreign assistance programs; and it advises the State Department on IT security and management. Justice Department prosecutors say Cheveers, between July 2016 and February 2017, stole as many as 16 Microsoft Surface Pro laptops belonging to Uncle Sam, and sold them online at sites like Craigslist and eBay.


3 Companies Having Trouble Translating Security to Mobile Devices

As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet. That's one of the big takeaways from Verizon's "Mobile Security Index 2019," released here this week. The report is based on responses from 671 enterprise IT professionals from a wide range of business sizes across a broad array of industries. The picture they paint in their responses is one where mobile security is a major concern that's getting worse, not better, as time goes on. More than two-thirds (68%) say the risks of mobile devices have grown in the past year, with 83% now saying their organizations are at risk from mobile threats. Those risks have changed in the year since the first edition of the "Mobile Security Index."


4 Hackers Broke Into Admissions Databases at 3 Colleges — and Then Offered to Sell Applicants Their Files

On Thursday morning a high-school senior in Texas received a strange email. “You are now presented with a unique opportunity,” it said, “to purchase your entire admissions file.” The message appeared to have been sent by Grinnell College, to which the student had applied. But Grinnell hadn’t sent the message; apparently, someone outside the Iowa campus had. Whoever it was claimed to have accessed the college’s admissions database. As if to provide proof, the message included the applicant’s correct date of birth. The mysterious sender offered the student a chance to see his file, including comments by admissions officers, assigned ratings, interview notes, teacher recommendations, and a tentative decision. “Although the price tag is substantial,” the message said, “this offer presents a unique opportunity to look at yourself from the inside of Grinnell Admissions office absolutely unfiltered.” All he had to do was pay one Bitcoin, or about $3,900.


5 Hackers are reportedly cracking the iPhone using stolen Apple prototypes

We all know the story of the prototype iPhone 4 that was left at a bar, spoiling what could have been one of the biggest surprises in Apple history. But have you heard the one about the stolen prototype iPhones that are still winding up in unintended hands — in this case, hackers bent on finding ways to break into Apple’s operating system? That’s the focus of a new Motherboard investigation this week, which claims there’s now a gray market for “dev-fused” iPhone prototypes that have been stolen from Apple’s production lines. They’re devices which are uniquely valuable for helping security researchers find vulnerabilities because they run a less hardened version of the OS where root access is trivial to obtain, according to the report.


6 As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits

On Thursday, Crowdfense, a company that buys zero day exploits from researchers and then sells them to government agencies, announced it is now offering a total of $15 million to hackers who have particular exploits for sale. Zero days are attacks which take advantage of vulnerabilities that the impacted vendor—Apple, Google—is unaware of. The highest tier of exploit chains for iPhones and certain Android devices can fetch $3 million each. But notably, Crowdfense’s roster of desired hacking tools goes beyond the usual suspects of fully up-to-date phones and desktop devices. Crowdfense is now also buying exploits that can break into internet routers.


7 We had to find out from the FBI that our internal IT was hacked

Citrix is warning customers that hackers unknown have been romping through its internal company network stealing corporate secrets. The enterprise software giant said today it was contacted on Wednesday by the FBI, who claim to have evidence that miscreants accessed the business's IT systems and exfiltrated files. What is most concerning about the cyber-break-in is not the information Citrix chief information security officer Stan Black gave in his report, but what he wasn't able to give. Black said that, as of right now, Citrix does not know exactly which documents the hackers obtained, and the company did not say when the hackers got in, how they got in – the FBI thinks it was by brute-forcing weak passwords – or for how long they may have been camping on the corporate network.


8 Microsoft Open Sources the Windows 10 Calculator on GitHub

Have you ever wanted to know exactly how the Windows 10 Calculator works or want to extend its functionality? Now you can, as Microsoft has open-sourced their Windows Calculator so that anyone can play with it. In a GitHub project released today by Microsoft, the full source code for the Windows Calculator is now available to anyone who wants to give it a download and try compiling it. Calculator is written in C++ and contains over 35,000 lines of code. In order to compile the project, users will need to be running Windows 10, version 1803 or newer and install the latest version of Visual Studio, which includes the free Visual Studio Community Edition. The full requirements can be found on the project's GitHub page.


9 Health records giant Epic temporarily halts additions to its app store because of privacy concerns

Epic Systems, the giant medical records software vendor, created an app store two years ago so that companies including Apple, Oscar Health and other providers of health apps could sync their services with patient data from large hospitals and clinics. The Store, called App Orchard, became the major way for dozens of developers of health software to reach patients who visited some of the largest medical centers like Mayo Clinic, Cleveland Clinic and Massachusetts General Hospital, as well as the doctors that work there. But in December, Epic froze enrollment in App Orchard, according to three people familiar with matter who asked not to be named because of the sensitivity of the issue. In an email to CNBC, Epic confirmed the move and indicated that it was temporary and related to security and privacy concerns with some third-party developers.


10 Stalkers and Debt Collectors Impersonate Cops to Trick Big Telecom Into Giving Them Cell Phone Location Data

Motherboard previously reported that AT&T, T-Mobile, and Sprint have been selling their customers’ real-time location data, which trickled down through a network of middlemen and data brokers before arriving in the hands of bounty hunters. But some people don’t even pay for this data at all. Instead, bounty hunters and people with histories of domestic violence have managed to trick telecommunications companies into providing real-time location data by simply impersonating US officials over the phone and email, according to court records and multiple sources familiar with the technique. In some cases, these people abuse telecom company policies created to give law enforcement real-time location data without a court order in “exigent circumstances,” such as when there is the imminent threat of physical harm to a victim.


11 Sorry Amazon: Philadelphia bans cashless stores

This week, Philadelphia's mayor signed a bill that would ban cashless retail stores, according to The Morning Call. The move makes Philadelphia the first major city to require that brick-and-mortar retail stores accept cash. Besides Philadelphia, Massachusetts has required that retailers accept cash since 1978, according to CBS. The law takes effect July 1, and it will not apply to stores like Costco that require a membership, nor will it apply to parking garages or lots, or to hotels or rental car companies that require a credit or debit card as security for future charges, according to the Wall Street Journal. Retailers caught refusing cash can be fined up to $2,000. Amazon, whose new Amazon Go stores are cashless and queue-less, reportedly pushed back against the new law, asking for an exemption.


12 MongoDB Security Error Leaks 808m Records

Security researchers have discovered a massive trove of over 808 million records, including email addresses, phone numbers and other personal information (PII) left exposed on a MongoDB instance. Bob Diachenko claimed to have found the non-password protected, 150GB MongoDB instance at the end of February. A “mailEmailDatabase” contained three folders: with over 798 million email records in one; around 4.2 million email-plus-phone records in another; and 6.2 million “business leads” records in a third including gender, date of birth, mortgage details, corporate information, social media accounts and more. “As part of the verification process I cross-checked a random selection of records with Troy Hunt’s HaveIBeenPwned database. Based on the results, I came to conclusion that this is not just another ‘collection’ of previously leaked sources but a completely unique set of data,” explained Diachenko in a blog post.


13 Family upset after 'robot' doctor informs patient he doesn't have long to live

On March 3, a nurse wheeled a robot into the ICU of 78-year-old Ernest Quintana at Kaiser Permanente Medical Center emergency department in Fremont, California, their granddaughter, Annalisia Wilharm, told USA Today. "The nurse came around and said the doctor was going to make rounds and I thought 'OK, no big deal; I'm here," said Wilharm. What she didn't expect was what happened after the nurse opened the door. Wilharm didn't see a human being, but a machine with a video screen of a doctor. She told USA Today the machine was there to tell her grandfather how the hospital had run out of effective treatments.

Related Posts