AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 8, 2019

1 New York, Beijing Chip Away at Silicon Valley

Amazon.com Inc. may have dropped plans to build a campus in New York, but many technology industry leaders say the city is on track to become a go-to innovation source for businesses world-wide in the next few years, according to a study by KPMG LLP. More than half of the executives recently surveyed by the accounting giant said Silicon Valley will cease to dominate global tech innovation within the next four years, as New York, Boston, Beijing, London and other cities continue their evolution into tech innovation powerhouses. They cite factors that include an expansion of tech investing in cities and regions outside of San Jose, Palo Alto and Menlo Park, Calif., KPMG said. The rapid adoption of cloud computing and other emerging digital tools at ventures outside of the tech sector also is having an impact, corporate information technology leaders say.

 

2 Thousands of patients impacted by ransomware attack at medical billing company

Following a ransomware attack at a medical billing company, thousands of patients are being warned that their highly sensitive medical information and personal details were amongst the breached data. Michigan-based Wolverine Solutions Group (WSG) says that it discovered its systems had suffered a security breach on September 25 last year. Malware had infected the company’s computers and encrypted “many” of the firm’s records, rendering them inaccessible. One week later WSG called in a team of external forensic security experts who attempted to recover the encrypted data. According to WSG, its critical operations were back up and running by November 5, 2018 — over 40 days after the ransomware attack was initially detected.

 

3 Sonic hit by $5 million suit over 2017 data breach

The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for $5 million in an attempt to recoup money the credit union lost due to Sonic’s data breach in 2017. American Airlines Federal Credit Union said because of the attack it incurred losses by having to cancel or reissue cards, close accounts, block transactions, refund affected customers and increase fraud monitoring efforts, according to NewsOK.com. In the suit the credit union also claims Sonic did not properly protect its POS system from cyberattack enabling malicious actors to insert the payment card info stealing malware.

 

4 Research confirms rampant sale of SSL/TLS certificates on darkweb

A study sponsored by Venafi and conducted by researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. discovered that SSL and TLS certificates and associated services can be easily acquired from dark web marketplaces. Experts analyzed 60 marketplaces hosted by the Tor network and 17 websites on the I2P network collecting data on SSL and TLS certificates and related services. SSL/TLS certificates are a precious commodity in cybercrime ecosystem, they are ordinarily used by threat actors for several malicious activities, including for spoofing websites, eavesdropping on traffic, stealing data, and setting up fraudulent e-commerce sites.

 

5 U.S. Conducting 5G Security Review Amid Hacking, Huawei Concerns

The Department of Homeland Security is conducting a broad review of risks posed by 5G technology, officials said, as the U.S. grapples with concerns about the new network’s vulnerability to hacking and the rise of Chinese telecommunications giant Huawei Technologies Co. The study — a wide-ranging assessment of risks — should be completed within “a couple months,” Chris Krebs, who heads the Cybersecurity and Infrastructure Security Agency within Homeland Security, told reporters at the RSA Conference in San Francisco. The worldwide mobile industry is racing to deploy advanced 5G networks that promise faster connections, enabling uses such as autonomous vehicles and remote surgery. China has a narrow lead over the U.S. and South Korea, according to research commissioned by CTIA, a Washington-based trade group for mobile carriers.

 

6 Uber won't face criminal charges after its robo-car killed woman crossing street

This month last year, one of Uber's self-driving cars operating in autonomous mode hit and killed Elaine Herzberg as she walked a bicycle across a road at night in Tempe, Arizona. The deadly crash is believed to be the first pedestrian death attributable to autonomous vehicle. This week, the Yavapai County Attorney’s Office in the US state decided not to file charges against the taxi-app biz. "After a very thorough review of all the evidence presented, this Office has determined that there is no basis for criminal liability for the Uber corporation arising from this matter," Yavapai County Attorney Sheila Sullivan Polk said in a letter to Maricopa County Attorney Bill Montgomery.

 

7 Man Admits to Hacking Minnesota Databases Over Cop Acquittal

A Minnesota man admitted Thursday that he hacked into state government databases in 2017 as an act of retaliation after the acquittal of an officer who fatally shot Philando Castile during a 2016 traffic stop. Cameron Thomas Crowley, 20, apologized for his actions as he pleaded guilty in U.S. District Court to one count of intentional access to a protected computer. As part of the plea agreement, four other counts against him will be dismissed. Prosecutors and Crowley’s attorney agreed to a sentence of five years’ probation, but the count allows for a maximum penalty of one year in prison and his sentence will ultimately be up to a judge. The plea agreement also said the estimated amount of loss is between $40,000 and $90,000, but there was no agreement on how much Crowley will have to repay his victims. He will be sentenced July 17.

Related Posts