AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 19, 2019


As he Googled his company's name that morning last June, Hardigree found a growing list of headlines pointing to the 10-person marketing firm he'd founded three years earlier, Exactis, as the source of a leak of the personal records of nearly everyone in the United States. A friend in an office adjacent to the one he rented as the company's headquarters in Palm Coast, Florida had warned him that TV news reporters were already camped outside the building with cameras. Ambulance-chasing security firms were scrambling to pitch him solutions. Law firms had rushed to assemble a class action lawsuit against his company. All because of one unsecured server. "As you can imagine," Hardigree says, "I went into panic mode."


2 Spam Warns about Boeing 737 Max Crashes While Pushing Malware

A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient's computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them. This new campaign was discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, who posted about them on Twitter. The emails are coming from an email address at info@isgec.com and have subject lines similar to "Fwd: Airlines plane crash Boeing 737 Max 8". They also contain a JAR file as an attachment with names similar to MP4_142019.jar.


3 Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online. How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.


4 A huge trove of medical records and prescriptions found exposed

A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password. The little-known software company, California-based Meditab, bills itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. The company, among other things, processes electronic faxes for healthcare providers, still a primary method for sharing patient files to other providers and pharmacies. But that fax server wasn’t properly secured, according to the security company that discovered the data.


5 Data breach at Papa Del's may have exposed customers' card info

A data breach at Papa Del's may have exposed customers' credit- and debit-card numbers, expiration dates and security codes. Customers who paid with a credit or debit card between May 9 and Sept. 30, 2018, at the Pizza Factory at 1201 S. Neil St., C, could be affected, said the restaurant known for its deep-dish pizza. "Obviously, we never want something like this to happen," manager Andrea Seten said. She said personal information attached to a card, such as names, addresses and phone numbers, were not part of the breach.


6 Blistering report scolds Navy for longstanding cybersecurity challenges

The Department of the Navy this week released a scathing assessment of the service’s approach to cybersecurity, lamenting that hackers have been relatively unimpeded in their years-long plundering of data from the department and its contractors. “Competitors and potential adversaries have exploited DON [Department of Navy] information systems, penetrated its defenses, and stolen massive amounts of national security” intellectual property, says the “cybersecurity readiness review” released by Richard Spencer, the secretary of the Navy. The Navy failed to account for the fact that defense companies it contracts with would be aggressively targeted by foreign hackers for their valuable data, according to the audit.


7 Welcome. You're now in a timeline in which US presidential hopeful Beto was a member of a legendary hacker crew

Newly minted US presidential hopeful Beto O'Rourke says he was a member of Cult of the Dead Cow, one of the most legendary hacking groups in cyber-history. And multiple folks within the US-based crew, most active in the 1980s and 1990s, have confirmed that O'Rourke, during his adolescence in El Paso, Texas, was one of their own. According to journalist Joseph Menn, author of a forthcoming book on the group and who broke the news today, O'Rourke's links to cDc were kept under wraps by members of the gang who feared it would hurt the Democrat's political aspirations. O'Rourke was a House representative of Texas from 2013 to January this year, stepping down so he could launch an ultimately unsuccessful bid to take Ted Cruz's senate seat in the Lone Star State.


8 Will the next version of Android get location privacy right?

Better late than never, Google has confirmed that improved control over location tracking is one of several new privacy features in the next version of its mobile OS, Android Q, due to appear later this year. It’s an issue that’s been giving Google some grief in the last year as a series of investigations have revealed the way that Android apps – and even perhaps Google itself – furtively track users’ locations. Currently, location access can be granted or denied on an app-by-app basis. However, there is nothing to stop an app that has been granted that permission continuing to track users’ locations even when it is not in use. It’s become so controversial that Facebook even announced that it was unilaterally adding location-tracking control to its Android app to head off public concern about its data-gathering behaviour. From Android Q onwards, apps will no longer be able to do this by default and will need to request background location access.

Related Posts