AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 12, 2019

1 Attack on Software Giant Citrix Attributed to Iranian Hackers

Software giant Citrix on Friday revealed that its internal network had been breached and the attackers may have stolen business documents. The company said it was informed by the FBI on March 6 that its systems had been breached by “international cyber criminals.” Citrix has launched a forensic investigation and it has taken action to secure its network.Citrix’s investigation so far suggests that the attackers may have accessed and downloaded some business documents, but it has yet to determine exactly which documents may have been stolen. The company says there is no evidence that the security of its products or services has been compromised as a result of the attack.


2 Insert Skimmer + Camera Cover PIN Stealer

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM. And sometimes, the scammers just hijack the security camera built into the ATM itself. Below is the hidden back-end of a skimmer found last month placed over top of the customer-facing security camera at a drive-up bank ATM in Hurst, Texas. The camera components (shown below in green and red) were angled toward the cash’s machine’s PIN pad to record victims entering their PINs. Wish I had a picture of this thing attached to the ATM.


3 Ransomware Attack on Jackson County Gets Cybercriminals $400,000

A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key. County offices were forced to revert to paper to do their job, which slowed operations drastically. Jackson County Sheriff Janis Mangum said for StateScoop that arrest bookings and reports are done the old-fashioned way when there were no computers. As it is typical with ransomware, the payment demand was in bitcoins, to lower the chances of tracking it to the perpetrators. Giving in to the request of the crooks happened because the county did not have a backup system in place, one that is separate from the network for daily county government operations.


4 Hackable car alarms leave three million cars at risk of hijack

Millions of car owners were left at risk of having their vehicles stolen, because of the poor security of third-party app-connected car alarms. After-market car alarms, designed to add an additional layer of security for vehicles, have been found to be seriously lacking – even when sometimes marketed as “unhackable.” New research by Pen Test Partners suggests in fact that installing a third-party car alarm can in fact make your vehicle less secure, and even open opportunities for criminals to hijack your vehicle. Researchers examined alarms manufactured by Pandora and Clifford (known in the United States as “Viper”). Both produce alarms that can be accessed and controlled via smartphone apps, and are being used inside some three million cars.


5 City knew of massive cyber breach days before admitting it

Saint John officials waited three days before letting the public know of a massive cyber breach that exposed the names and credit card information of thousands of parking customers, documents show. The municipality's official line is that it learned of a malware attack on its parking fine server Dec. 21, 2018, in a pair of online information technology news reports. But documents obtained by CBC News show one of the reporters involved, Howard Solomon of IT World, contacted the city by email Dec. 17 asking for comment on the breach. He followed up the next day with a link to a U.S.-based cyber security blog, Gemini Advisory, that listed Saint John among dozens of cities hacked.


6 Samsung Galaxy S10 facial recognition fooled by a video of the phone owner

Experts have proven once again that facial recognition on modern devices remains hilariously insecure and can be bypassed using simple tricks such as showing an image or a video in front of a device's camera. The latest device to fall victim to such attacks is Samsung Galaxy S10, Samsung's latest top tier phone and considered one of the world's most advanced smartphones to date. Unfortunately, the Galaxy S10's facial recognition feature remains just as weak as the one supported in its previous versions or on the devices of its competitors, according to Lewis Hilsenteger, a smartphone reviewer better known as Unbox Therapy on YouTube.


7 The NYPD is using a new pattern recognition system to help solve crimes

The New York City Police Department is using a new software system called Patternizr, which helps officers search through “hundreds of thousands” of case files, according to a report in The Washington Post. The report says that the software was developed in house, and allows analysts to search across a wide range of files to look for patterns or similar crimes. Previously, they would have had to have gone through physical files. In one example, officers used the system to connect two crimes — a man who used a syringe to steal a drill in two different Home Depots in New York City. Rebecca Shutt, the crime analyst who solved the case explained to the Post that the system “brought back complaints from other precincts that I wouldn’t have known.”


8 Hundreds of immigrant recruits risk ‘death sentence’ after Army bungles data, lawmaker says

Army officials inadvertently disclosed sensitive information about hundreds of immigrant recruits from nations such as China and Russia, in a breach that could aid hostile governments in persecuting them or their families, a lawmaker and former U.S. officials said. A spreadsheet intended for internal coordination among recruiters was accidentally emailed to recruits and contained names, Social Security numbers and enlistment dates. The list was sent out inadvertently at least three times between July 2017 and January 2018. The breach prompted at least a dozen asylum claims amid concern that if the list were intercepted and recruits were forced to return to autocratic nations such as China or Russia, their enlistments would be harnessed to punish them or their families with jail time, harsh interrogations or worse.


9 Firefox picks up advertiser-dodging tech from Tor

Firefox users will soon get yet another privacy feature to help them avoid snooping advertisers – and the measure comes straight from its cousin, the Tor browser. The new privacy protection will help Firefox users avoid a long-used snooping technique called fingerprinting. Browser cookies are not the only way to track users as they visit different websites. Even with cookies turned off, advertisers can still identify you across multiple sites. They do this by looking at other characteristics that your computer reveals when visiting a website such as the size of your browser window.


10 3 men cop to $21 million vishing and smishing scheme

Three Romainian citizens have pleaded guilty to carrying out a scheme that used recorded messages and cellphone texts to trick thousands of people into revealing their social security numbers and bank account information, federal authorities said. The "vishing" and "smishing" scams are variations of phishing that use voicemails and SMS messages instead of email, federal prosecutors in Atlanta, Ga., said on Friday. From 2011 to 2014, the three Romanians compromised computers located in the US and installed interactive voice response and bulk emailing software on them. The hacked computers initiated thousands of phone calls and text messages that tricked recipients into disclosing personal information including account numbers, PINs, and social security numbers.


11 “It’s show time:” Apple confirms March 25 event at the Steve Jobs Theater

Apple has sent invites out to members of the press and other guests for a March 25 "special event." The tagline and animation on the invitation strongly suggest that the company's long-rumored streaming TV service will take center stage. The invitation is accompanied by the words "it's show time." Apple used the same tagline in 2006 for an event at which it unveiled its then-future Apple TV product. TechCrunch editor Matthew Panzarino tweeted out a GIF of the animation: it is a countdown throwback to old films and film production, again suggesting that video content be a focus for the event.


12 Elizabeth Warren's Ad Saying Facebook Has Too Much Power Briefly Taken Down by Facebook

Facebook removed advertisements by Senator Elizabeth Warren calling for the breakup of Facebook and other American big tech companies, a newly major issue for Warren’s 2020 presidential campaign. That’s the kind of irony you can only dream up, sparking the kind of smirking outrage that quickly spins beyond comprehension all over social media. The takedown of the ads, first reported by Politico, took place on Monday because they “violated our policies against use of our corporate logo,” a Facebook spokesperson told New York Times reporter Cecilia Kang. After the takedown became public, the company quickly restored the ads on Monday evening “in the interest of allowing a robust debate."

Related Posts