AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 4, 2019

1 Montreal-based UN aviation agency tried to cover up 2016 cyberattack

In November 2016, the Montreal-based International Civil Aviation Organization (ICAO) was hit by the most serious cyberattack in its history, and internal documents obtained by CBC suggest key members of the team that should have prevented the attack tried to cover up how badly it was mishandled. As the United Nations body that sets standards for civil aviation around the world, ICAO is the gateway to everyone in the aviation industry, so an uncontained cyberattack left not just ICAO vulnerable, but made sitting ducks of its partners worldwide. The documents obtained by CBC suggest the hacker was most likely a member of Emissary Panda, a sophisticated and stealthy espionage group with ties to the Chinese government.


2 Group running robocalls impersonating Trump's campaign has already raised more than $100,000

The call sounds like it is coming from President Donald Trump's 2020 re-election campaign. It even uses a recording of the President's voice: "I'm Donald Trump. Tonight I am asking you to defend our very dangerous southern border, out of love and devotion to our country." A deep-voiced narrator then comes on asking the listener to "be one of the hundreds thousands of patriots that helped President Trump finally build a the wall by making a one-time urgently needed donation to the campaign." Calls like this one, said to number more than 200,000, have helped raise more than $100,000 in January alone, but that money isn't going to the Trump campaign, whose spokesperson told CNN they were not affiliated with the calls. Instead, the calls are coming from a political action committee that isn't affiliated with Trump's re-election effort and hasn't spent any money so far in this or last election cycle, according to records from the Federal Election Commission.


3 Apple’s now-defunct home button is a reminder that even the best buttons can fail

Buttons are one of the most ephemeral parts of modern technology. A text file from a decade ago will still load the same, a dead console’s games can live on in emulators, and as the adage goes, nothing is ever really gone from the internet. But even the best button is doomed to fail. As the only physically moving part in most modern tech, buttons are the one element that can truly, permanently wear down or break. And nothing illustrates that reality quite as much as the iPhone’s home button, a textbook illustration of how that crucial flaw can affect a product and shape it over time.


4 Buyer beware: Scourge of fake reviews hitting Amazon, Walmart and other major retailers

The fake reviews threaten to undermine the credibility of retailers struggling with the influx, according to Fakespot, which uses algorithms to look for patterns of deception in reviews. Manufacturers are eager to earn 5-star reviews that can push their products to the top of a search result on Amazon, for instance, with some turning to trickery to make their products stand out. "You need a lot of good positive reviews to convince people to check out their products," said Khalifah, who wrote a software program to detect fake reviews after getting tricked himself by glowing reviews for a sleep supplement. After the supplement didn't work, he realized many of those positive reviews were fake.


5 Netflix may be losing $192M per month from piracy, cord cutting study claims

As many as 1 in 5 people today are mooching off of someone else’s account when streaming video from Netflix, Hulu or Amazon Video, according to a new study from CordCutting.com. Of these, Netflix tends to be pirated for the longest period — 26 months, compared with 16 months for Amazon Prime Video or 11 months for Hulu. That could be because Netflix freeloaders often mooch off their family instead of a friend — 48 percent use their parents’ login, while another 14 percent use their sister or brother’s credentials, the firm found.


6 US Lawmakers Kick Off Debate Over Online Privacy

US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms. Most companies have said they would accept new federal legislation in the wake of bombshell revelations about Facebook and other online platforms' mishandling of users' personal data. Lawmakers face several key choices, including whether to adopt the model in the European Union's data protection rules, and whether to pre-empt the strict privacy rules adopted by California. A House of Representatives committee hearing on Tuesday is to be followed by a Senate panel Wednesday where industry and interest groups will make recommendations on US legislation.


7 Equifax expecting punishment from CFPB and FTC over massive data breach

Equifax is expecting various forms of punishment from the Consumer Financial Protection Bureau and the Federal Trade Commission over the credit reporting agency’s massive data breach that exposed the personal information of 148 million U.S. consumers to hackers. The company revealed the expected sanctions in a recent filing with the Securities and Exchange Commission. According to Equifax, the CFPB and FTC have both notified the company that they expect to seek “injunctive relief damages” in regards to the data breach. Beyond that, the CFPB plans to seek “civil money penalties,” the company said. The company added that it has submitted written responses to both agencies addressing the allegations, and said that it continues to cooperate with the agencies in their investigations.


8 NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking

The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday. “We have to impose costs in a visible way to start deterrence,” said Rob Joyce, senior cybersecurity adviser at NSA. “We have to go out and try to make those operations less successful and harder to do.” Speaking to an industry association in Hanover, Maryland, Joyce cited the 2017 WannaCry and NotPetya malware outbreaks — and Russia’s use of information operations in the 2016 U.S. election — as examples of nation-states moving from “exploitation to disruption” to impose their will in cyberspace. Washington has blamed North Korea and Russia, respectively, for the devastating WannaCry and NotPetya attacks, which cost billions of dollars in economic damage.


9 Xfinity irresponsibly using 0000 as default PIN, hacker steals customer’s phone number and buys a Mac

In the latest episode of consumers affected by tech companies’ security flaws, Comcast’s Xfinity Mobile wireless service was found to be setting customer PINs by default to 0000. As reported by The Washington Post (via The Verge) one of the users who had their phone number stolen because of Xfinity’s weak PIN default even saw a hacker purchase an Apple computer with his credit card. In this instance, somehow the hacker was able to use the credit attached to the victim’s Xfinity Mobile account, which remained on file after the phone number was stolen. Comcast confirmed this story to The Washington Post. The hacked user, from California, told the Post he had his phone number hijacked and transferred to a new account, with his credit card still attached to the new phone. The hacker then used the card to buy a new Apple computer in Georgia.


10 Huawei chairman accuses American critics of hypocrisy over NSA hacks

Huawei’s rotating chairman Guo Ping has gone on the offensive this week at Mobile World Congress, following continued pressure on US allies to drop the Chinese telecoms giant over national security fears. In a strident on-stage speech and a Financial Times editorial, Guo is escalating Huawei’s side of the story by explicitly calling out the NSA, which Edward Snowden has shown to have hacked Huawei in the past, while presenting his company as a more secure option for the rest of the world. “If the NSA wants to modify routers or switches in order to eavesdrop, a Chinese company will be unlikely to co-operate,” Guo says in the FT, citing a leaked NSA document that said the agency wanted “to make sure that we know how to exploit these [Huawei] products.” Guo argues that his company “hampers US efforts to spy on whomever it wants,” reiterating its position that “Huawei has not and will never plant backdoors.”


11 Microsoft Describes How Government Hackers Stole ‘Large Sums’ From Financial Firms

It’s a short — but startling — passage tucked inside Microsoft Corp.’s periodic cybersecurity report: State-sponsored hackers attacked several financial services firms and stole “large sums of cash.” Microsoft said it knows about the case because its experts helped victims in the aftermath. In a series of similar incidents, hackers gained administrative access to computer systems by infecting a machine with a “highly targeted, obfuscated backdoor implant,” possibly with a spear-phishing email. Then they sent cash to foreign accounts. In some instances, the hackers went undetected for more than 100 days, and once found, unleashed malware on the victims’ systems, halting operations.


12 DJ Marshmello concert on Fortnite

The American DJ Marshmello played a 10-minute set from within the hugely popular offering from Epic Games, Fortnite. However, as so often happens, malicious users also showed up and tried to trick users into buying tickets on social networks like Twitter as well as messages offering VIP access, even though the concert was free. The event was ‘attended’ by around 10 million users, the majority of whom were children and teenagers — the age group with which the game is most popular. Apart from the number of users it attracted and the fact that it had an audience 25 times larger than attended the legendary Woodstock Festival, the incident puts the issue of security back into the spotlight.


13 Palisades Park receives $200,000 advance after cyberattack

As proof that not all cyberattacks leave victims broke and out of luck, the New Jersey borough of Palisades Park received a $200,000 advancement on its insurance claim this week after a breach at Mariner’s Bank, based in the nearby town of Edgewater, drained nearly half a million dollars from its accounts. Last month, a fraudulent wire transfer resulted in $460,000 from the borough’s accounts after what Dave Lorenzo, the borough administrator, described as a “massive failure of internal controls by the bank” in  a hack into the borough’s computer systems, according to NorthJersey.com.


14 Beverly Man Arrested for Sending Threatening Letters and White Powder to an Online Dating Website

A Beverly man was arrested today and charged in federal court in Boston for sending nine letters, one of which contained a white powder, to the online dating website OkCupid.com. Liam MacLeod, 47, was charged by criminal complaint with mailing threatening communications and conveying false information and hoaxes. According to the complaint, between September and December 2017, OkCupid’s corporate headquarters in Dallas, Texas, received nine mailings containing either threatening communications and/or suspicious substances. All of the mailings were addressed to OkCupid’s Chief Executive Officer (CEO).


15 Facial Recognition Software to Identify Civil War Soldiers

Kurt Luther, Virginia Tech assistant professor of computer science, has developed a free software platform that uses crowdsourcing to significantly increase the ability of algorithms to identify faces in photos. Through the software platform, called Photo Sleuth, Luther seeks to uncover the mysteries of the nearly 4 million photographs of Civil War-era images that may exist in the historical record. Luther will present his research surrounding the Photo Sleuth platform on March 19 at the Association for Computing Machinery's Intelligent User Interfaces conference in Los Angeles, California. He will also demonstrate Photo Sleuth at the grand opening of the expanded American Civil War Museum, in Richmond, Virginia, on May 4, 2019.

Related Posts