AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 22, 2019

1 Firefox 66 now blocks autoplaying audio by default

It’s been on the to-do list for a while, but Mozilla announced yesterday that with the release of Firefox 66 for desktop and Firefox for Android this week, media autoplay of video or audio is now blocked on websites by default. According to Mozilla’s developer blog, this means that when users: Go to a site that plays videos or audio, the Block Autoplay feature will stop the audio and video from automatically playing. If you want to view the video, simply click on the play button to watch it. Until the user does something to initiate a video or audio stream, the only thing that will be possible is muted autoplay.

 

2 The Prevention of Fraud in Finance: Who Is Responsible?

With a spate of large-scale corporate fraud cases hitting the headlines in recent months, public debate is raging as to who is responsible for stopping the fraudsters in their tracks. Is it the responsibility of the statutory auditors, the internal audit team, the compliance team in house, or the board of the company to ensure that adequate prevention and detection mechanisms are in place to deal with threats before it is too late and to find out whether large scale fraud has taken place?

 

3 Global threat group Fin7 returns with new SQLRat malware

The notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware. Fin7 has been active since at least 2015 and since the group's inception has been connected to attacks against hundreds of companies worldwide. Over 100 companies have been impacted in the United States alone, with many victims in the catering, gaming, and hospitality industries. The hackers are believed to have stolen at least 15 million US credit card records from over 6,500 point-of-sale (PoS) terminals in thousands of locations to date.

 

4 A $90 million “smart” system has totally screwed up these residents’ water bills

Sharon Parker received a water bill for $7,431.92 last month. And in Jackson, where she lives alone, that’s not surprising. Parker is one of more than 20,000 people with delinquent water bills ranging from a few dollars to several thousand. And counterintuitively, a big part of the reason for the high delinquency rate is a system the city installed in 2013 that was supposed to significantly upgrade water metering and billing. The upgrade was part of a deal signed with the manufacturing giant Siemens for $90 million, that gave Jackson 65,000 new smart meters, among other things.

 

5 80-year-old conman set up fake sites for Bernie Sanders, Beto O'Rourke, and others that tricked supporters into sending him $250,000

An 80-year-old man from California was charged for stealing more than $250,000 with fake donation sites for political candidates, prosecutors said. In a years-long scheme, John Pierre Dupont pretended to raise money for Bernie Sanders, Beto O'Rourke, and other Democratic politicians, according to the Department of Justice. Dupont did not donate the money to campaigns, but used it to pay for rent, car insurance, and a Mercedes Benz, prosecutors say. Dupont has been convicted before for bank fraud and money laundering, and spent years in prison. If convicted, he could receive as many as 22 more years behind bars.

 

6 13-Year-Old Allegedly Hacked Teacher Account to Create Student 'Hit List'

A 13-year-old is currently under investigation after he allegedly used a teacher's credentials to hack into his school district's computing system to steal fellow students' personal information and create a "hit list." As detailed in the initial report from ABC 22, the teen is a student at the Columbus City Preparatory School for Boys and, according to the Columbus Police from Ohio, he "had hacked into his teacher's work account and created a site with a 'hit list' of names, school ID numbers, and dates of births." Columbus City Schools also told ABC 22 that the kid got the personal information of roughly 60 other students connected to the school he went and used it to build a website he titled "User Names and Passes for Columbus Schools."

 

7 FCC to Cough Up $43,000 Settlement for Refusing to Turn Over Fake Comment Records

While not admitting to any fault, the Federal Communications Commission on Wednesday settled a lawsuit for tens of thousands of dollars after unlawfully withholding records from a reporter under the Freedom of Information Act (FOIA). The FCC will pay over $43,000 in attorneys’ fees and costs to New York journalist Jason Prechtel over records he initially requested almost two years ago concerning its 2017 net neutrality proceeding. Represented by Chicago law firm Loevy & Loevy, Prechtel sued the FCC in a Washington, D.C., federal court after it failed to respond to his request in the timeframe provided under the statute.

 

8 Hacked tornado warning systems leave Texans in the dark

Last week, around 2:30 a.m., blaring emergency sirens woke the people of two Texas towns… and then, until about 4:00 a.m., the alarms kept sounding, on and off, until crews finally managed to turn them off. The towns of DeSoto and Lancaster are both in Tornado Alley: one of two regions of the US that have a disproportionately high frequency of tornadoes (the other being Florida). The outdoor alerts are meant to warn people to get to safety. But there were no tornados on 12 March: just the noise of false alarms that had been set off by hackers, as officials of the two towns concluded. Over 30 sirens kept going on and off, with 10 in DeSoto and 20 in Lancaster. The city of DeSoto said in a statement that there was no malfunction in the warning system. The false alarms set off in both cities seem to have been triggered intentionally.

 

9 Machines Treating Patients? It's Already Happening

Rayfield Byrd knows when it’s time to wake up every morning. The 68-year-old Oakland, Cal., resident hears a voice from the living room offering a cheery good morning. Except Byrd lives alone. A little after 8 a.m. each day, a small yellow robot named Mabu asks Byrd how he’s doing. Byrd has Type 2 diabetes and congestive heart failure, and about three years ago, he had surgery to implant a microvalve in his heart to keep his blood flowing properly. To stay healthy, he takes four medications a day and needs to exercise regularly. To make sure his heart is still pumping effectively, his doctor needs to stay on top of whether Byrd gets short of breath. But instead of checking in with his doctor all the time, Byrd now talks with Mabu every morning — and sometimes again later in the day.

Related Posts