AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – May 1, 2019

New data out by Agari  confirms just one presidential hopeful — Democratic candidate Elizabeth Warren  — uses domain-based message authentication, reporting, and conformance policy — or DMARC . This email security feature sits on top of two existing security protocols, Sender Policy Framework (SKF) and DomainKeys Identified Mail (DKIM), which cryptographically verifies a sender’s email, and can mark emails as spam or reject them altogether if an email can’t be properly validates. Agari, which has a commercial stake in the email security space, said the remaining 11 candidates it checked — including Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump — do not use DMARC on their campaign domains.

 

2 Facebook funds research on the impact of social media on elections

Facebook is committed to preventing manipulation of elections through social media by funding research on the impact of social media on elections. Facebook announced the involvement of 60 researchers from 30 academic institutions across 11 countries that were selected by the Social Science Research Council and the independent group Social Science One. The research began in 2018 following revelations of influence on the 2016 US election and the Brexit vote, and this week the social network giant revealed its first grants. “We hope this initiative will deepen public understanding of the role social media has on elections and democracy and help Facebook and other companies improve their products and practices.” reads a blog post by Facebook executives Elliot Schrage and Chaya Nayak. “This initiative will deepen our work with universities around the world as we continue to improve our ability to address current threats and anticipate new ones.”

 

3 Apple Defends Parental Control App Removal Amid Backlash

Apple is defending its decision to take down several highly popular parental control apps amidst a firestorm of backlash, saying it did so for “privacy and security” reasons. Apple came under scrutiny this weekend after a New York Times article alleged that the phone giant had unfairly removed or restricted at least 11 top screen-time and parental-control apps from its marketplace – after creating its own screen-time app. Among those that have been removed are OurPact, which has 3 million downloads, and Mobicip, which has 2.5 million downloads. While it looks like a competitive move, Apple tells a different story: Its aim was to weed out apps that were using mobile device management (MDM) technology it said, which gives third-party control and access over other devices and sensitive information, including location, app use and more. Parental-control apps, which allow parents to keep tabs (and set limits) on their children’s on-phone activities, locations and more, are thus effectively collecting way too much data, Apple said.

 

4 Tech Support Scammers Freeze Browsers Using Iframes

Tech support scammers are using iframes to lock web browsers and to trick people into calling their support hotlines posing as legitimate services to have their computers fixed after being presented with a "computer has been blocked" alert. Crooks use browser pop-ups to display warnings saying that the computer was infected or "blocked" because it was hacked, and designed to look like they're coming from companies like Microsoft, Google, or various security outfits. This is done by the crooks behind the scam in an attempt to induce a feeling of urgency that would trick the targets into calling a "support" hotline using the phone number included in the fake alert pop-up.

 

5 Slack warns investors it might be targeted by organized crime, nation-state hackers

Slack Technologies, the company whose cloud-based collaboration tools and services are used by companies worldwide, has warned potential investors that the company faces threats from a wide variety of sources, including “sophisticated organized crime, nation-state, and nation-state supported actors.” “The security measures we have implemented or integrated into Slack and our internal systems and networks (including measures to audit third-party and custom applications), which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to protect Slack and our internal systems and networks against certain attacks,” the company added, pointing out as an example the data breach it suffered in March 2015.

 

6 Piracy streaming apps are stuffed with malware

Does the offer to “Never pay for cable again” sound tantalizing? It shouldn’t. It should sound abhorrent, not only because of piracy being illegal and unfair to content creators, but also because researchers have found that pirated streaming devices are stuffed with malware and/or open the door for it to come streaming in. According to a report published on Thursday, researchers have found that many of the devices are rigged with malware, be it on preinstalled apps or apps added later. In order to assess the streaming piracy ecosystem, researchers from cybersecurity firm Dark Wolfe Consulting and the Digital Citizens Alliance (DCA) – a consumer-focused group devoted to making the internet safer –  picked up six streaming devices that use the Kodi platform.

 

7 Email hackers steal $1.75 million from St. Ambrose Catholic Parish in Brunswick

The FBI determined hackers tricked St. Ambrose into believing that the construction firm it is working with to repair and restore the church changed its bank account. The hackers deceived St. Ambrose into wiring the money to a fraudulent bank account, Father Bob Stec said in the letter. The hacker then moved the money out of the fraudulent bank account “before anyone knew what had happened,” Stec said in the letter. The full letter can be read at the bottom of this post. Stec said the hackers accessed two St. Ambrose employees’ email accounts. He did not say how the hackers accessed those accounts.

 

8 P2P Weakness Exposes Millions of IoT Devices

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology. iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

 

9 Northern Virginia cements spot as bit barn capital of the world with jigawatt capacity

Northern Virginia – the bit barn capital of the world, the beating heart of our digital universe – has become the first regional market to reach 1,000MW of wholesale colocation capacity, according to real estate specialist CBRE. For comparison, London – the world’s second largest colo market – has just 559MW of capacity. CBRE added that two thirds of all new data centre construction in primary US markets is taking place in the commonwealth (technically, Virginia should not be called a state). “Explosive growth in cloud computing has created strong demand for data centres in the Northern Virginia region,” said Jamie Jelinek, veep for Data Centre Solutions at CBRE.

 

10 A Crash-Course in Card Shops

The notorious Joker’s Stash is perhaps the best-known of many illicit shops in the deep & dark web (DDW) that specialize in, and serve as a primary means through which cybercriminals obtain, stolen payment card data. Commonly referred to as card shops, these shops can also be invaluable resources for those seeking to better understand and combat fraud and cybercrime. Here’s a crash-course in how card shops operate and some key considerations for security practitioners.

 

11 Russian Hackers Were ‘In a Position’ to Alter Florida Voter Rolls, Rubio Confirms

It was the day before the 2016 presidential election, and at the Volusia County elections office, near Florida’s Space Coast, workers were so busy that they had fallen behind on their correspondence. Lisa Lewis, the supervisor of elections, stumbled on an important email sent to her and three others in the office, by then a week old, that appeared to be from VR Systems, the vendor that sells electronic voter list equipment to nearly every county in the state. “Please take a look at the instructions for our modernised products,” it said, using British spelling and offering an attachment. Something about the email seemed off. “It was from Gmail,” Ms. Lewis said. “They don’t have Gmail.”

 

12 Augusta cyber-attacker sought more than $100,000 in ransom

The apparent, and still unknown, source of a cyberattack that shut down the city’s computer network and forced the closure of Augusta City Center for two days sought a ransom payment of more than $100,000 to unlock the frozen system. Instead of paying the ransom, city officials — who as soon as they knew an attack was underway, literally pulled wires from devices as fast as they could to prevent the malicious software from spreading further through the system — decided they had the necessary data backed up, erased the city’s servers and set about restoring them. Fred Kahl, director of information technology, said if the city paid the ransom it may not have even fixed the problem.

 

13 Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion

A former CIA computer engineer compared himself to a victim of the Nazis and said the government has caused him to lose more than $50 billion in income in a new court filing that accuses the U.S. Department of Justice of violating his civil rights. Joshua Schulte has filed a preliminary complaint seeking immediate release from federal detention, according to court documents filed earlier this month. Schulte was arrested in 2017, accused of crimes including sexual assault, possessing child pornography and, later, providing documents detailing CIA hacking capabilities to WikiLeaks. Schulte now argues that he has suffered “irreparable harm from torture imposed by the Federal Terrorists” and that he needs to be released in order to prepare a legal defense.

 

14 E*Trade Is Close to Launching Cryptocurrency Trading

E*Trade Financial Corp. is getting ready to let customers trade cryptocurrencies on its platform, according to a person familiar with the matter. The firm will start by adding Bitcoin and Ethereum, and will consider adding other currencies in the future, said the person, who asked to remain anonymous because the matter is private. A spokesman for E*Trade declined to comment. E*Trade would be one of the largest securities brokerages to allow crypto trading. It will enter into a competitive market with startups like Coinbase Inc., which have made names for themselves as go-to places for such transactions. Closely held Coinbase reached a valuation of $8 billion in 2018 and projected sales of $1.3 billion. Fintech startup Robinhood, most recently valued at $5.6 billion, has also added cryptocurrency trading as a way to woo millennial customers.

 

15 Facebook gives first look at its promised overhaul

Facebook Inc on Tuesday debuted an overhaul of its core social network and introduced new business-focused tools, the first concrete steps in its plan to refashion itself into a private messaging and e-commerce company. “We believe that there is a community for everyone. So we’ve been working on a major evolution to make communities as central as friends,” said chief executive Mark Zuckerberg, speaking at Facebook’s annual F8 conference, where the company gives developers a peek at new product releases. Onstage, Zuckerberg unveiled a fresh design for the world’s biggest social network that de-emphasized its News Feed to instead feature services like its messaging app, online marketplace and video-on-demand site.

 

16 NIST tool boosts chances of finding dangerous software flaws

After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software for interactions between input variables that might cause unexpected failures. It sounds like a technical mouthful, but this is good news for software, especially when it’s inside complex systems such as aircraft, cars and power plants where these sorts of problems could be life-threatening. Typically, this will be software taking inputs from arrays of sensors that generate unexpected conflicts the software can’t resolve, for instance between temperature, pressure or altitude.

 

17 NSA's Russian cyberthreat task force is now permanent

The task force the National Security Agency and U.S. Cyber Command created last year to thwart Russian influence and cyberattacks on the U.S. is now permanent, spokespeople from both agencies confirmed to CyberScoop. The “Russia Small Group” — whose existence NSA Director Paul Nakasone announced in July of last year, absent guidance from the White House on how to handle Russian cyberthreats — settles in as the White House, Congress and the Pentagon have taken steps to clarify how and when the military should conduct offensive operations in cyberspace. The NSA would not comment on the number of people on the task force, where it is based, or when the operation became permanent.

 

18 Microsoft Outlook Email Breach Targeted Cryptocurrency Users

Earlier this month, Motherboard broke the news that hackers were not only able to access Outlook users’ email metadata as previously reported, but also email content. The breach centered around a hacker getting hold of a Microsoft customer support worker’s login credentials; from there, the hacker could dive into the content of any non-corporate Outlook, Hotmail, or MSN account, Motherboard found. Now, multiple victims have come forward to flag what they believe may be one of the motivating reasons behind the breach: emptying peoples’ cryptocurrency accounts. “The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin,” Jevon Ritmeester, a Microsoft user that the company alerted to the data breach, told Motherboard in an email, referring to popular cryptocurrency exchange Kraken.

 

19 Huawei denies existence of ‘backdoors’ in Vodafone networking equipment

Vodafone has confirmed that vulnerabilities were found in equipment supplied by Huawei to bolster the telecom giant's Italian fixed-line network. The vulnerabilities, described as "hidden backdoors" by Bloomberg, could have been utilized to give the Chinese networking giant unauthorized access to Vodafone infrastructure, the publication reported on Tuesday. According to Vodafone security documents viewed by the publication, the "backdoors" were found in Italian fixed-line network systems, which provides Internet access to millions of homes and businesses in the country. Huawei acknowledged the security issues but said they were resolved back in 2011 and 2012 at the time of discovery.

 

20 Citrix Hackers Camped in Tech Giant's Network for 6 Months

Citrix says the data breach it first disclosed in early March appears to have persisted for six months before being discovered. The company believes it has now expelled any hackers from its network. The technology giant, which is based in Fort Lauderdale, Florida, was alerted to the suspected intrusion on March 6 by the FBI and launched an investigation, which remains ongoing (see Citrix Hacked by Password-Spraying Attackers, FBI Warns). Citrix on Monday submitted a data breach notification to the California attorney general's office, as TechCrunch first reported. Such notifications are required by law in all 50 states for many types of breaches that result in residents' personal details being exposed.

Related Posts