AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 13, 2019

1 Lawyers for alleged LinkedIn hacker appear ready to fight results of psychiatric evaluation

The ongoing court case tied to an accused Russian hacker took another turn last week when the results of his psychiatric evaluation became a topic of contention. Now court deliberations in the case of Yevgeniy Nikulin, an alleged hacker accused of breaching LinkedIn, are scheduled to continue after a court-ordered psychiatric evaluation sought to determine whether he was fit to stand trial. Nikulin, a Russian national, is set to be tried in U.S. court for allegedly hacking into LinkedIn and other websites in 2012, when prosecutors say some 117 million usernames and passwords were stolen.


2 Pandora's Box: Another New Way to Leak All Your Sensitive Data

Box is a "cloud based content management platform", primarily used to share files and folders. Much like AWS S3 buckets, these files can be shared to anyone with the link, restricted to those within your company (Box Enterprise), or to specific users. Companies using Box Enterprise get their own sub-domain, and documents saved on Box can be shared to anyone with the unique URL. After identifying thousands of Box customer sub-domains through standard intelligence gathering techniques and using a relatively large wordlist, we discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers.


3 John Oliver says he’s going to ‘unleash hell’ on FCC by creating his own robocalls

John Oliver is calling out the FCC — and HBO’s new parent company AT&T — for not doing enough to fight robocalls. In fact, the “Last Week Tonight” host revealed during the main segment of Sunday night episode (on HBO) that he’s going to “unleash hell” and get the FCC’s attention by spamming the office lines of its five commissioners every 90 minutes with robocalls of his own. The comedian/political commentator cited statistics showing that robocalls and spam calls are on the rise; in fact, half of all mobile calls are expected to be spam robocalls by the end of this year, according to call protection company First Orion, which analyzed data from 50 billion calls over 18 months. It found that the percentage of spam phone calls has jumped from 3.7% of total calls in 2017 to 29.2% in 2018 — and it predicts that number will hit 44.6% by early 2019 before rising to half of all calls by year-end.


4 NASA's infosec could be 'significant threat' to space ops

NASA's Office of the Inspector General has once again concluded the American space agency's tech security practices are "not consistently implemented". Confirmation that the US government department's infosec abilities are not up to scratch was a repeat of last year's federally mandated security audit, which also found that processes and procedures were below par. Oversight personnel from NASA's Office of the Inspector General (OIG) criticised the space agency's staff for the "untimely [sic] performance of information security control assessments", saying it "could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the Agency's ability to protect the confidentiality, integrity, and availability of its data, systems, and networks."


5 Adobe Shockwave will be discontinued on April 9th

In news that made us go “That’s still around? Huh,” Adobe announced that Shockwave will be discontinued, and the Shockwave player for Windows will no longer be available to download starting on April 9th. Adobe cited declining Shockwave usage for the shutdown, as interactive content has moved to platforms like HTML5 Canvas and WebGL in recent years. Enterprise customers will still be able to use Shockwave until their contract runs out in 2022. Everyone else, say your goodbyes now. The multimedia platform was used for interactive apps long before the word “apps” was even a thing. It’ll probably be most remembered for the browser-based games on sites like Miniclip and Newgrounds. Anyone remember Donut Boy?


6 The US threatens Germany with decreased intelligence sharing if it allows Huawei to build its 5G network

The US is trying to recruit Germany in its campaign against Huawei. In a letter sent by the United States ambassador to Germany Richard A. Grenell, the United States has warned Germany that it will reduce intelligence sharing if Germany allows Huawei to build its 5G infrastructure, according to a report from the Wall Street Journal. Germany reportedly relies on US intelligence to combat terrorism, so the threat of decreased collaboration in this area carries significant weight. However, Germany does not appear swayed by the US' arguments against Huawei, and plans to allow Huawei to bid for the project.


7 Names, banking information accidentally shared in emails to University of Waterloo students

Personal information including names, student numbers, addresses and banking information of some University of Waterloo students was accidentally sent to a mailing list of 2,000 students, the school says. The emails went out Wednesday evening. Of the emails sent to the mailing list, 15 contained some private information like names and student numbers, Matthew Grant, the university's director of media relations, told CBC Kitchener-Waterloo in an interview. "Three of the emails included some more personal information including one that had some bank information and two that had either a home or a mailing address," he said. "We quickly became aware of the issue and were able to prevent any future emails from going out," he said, noting some students contacted the school's privacy officer to raise the issue.

Related Posts