AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – May 6, 2019

Sanyam Jain, a security researcher and a member of the GDI Foundation, discovered a database belonging to the employment-recruitment site Ladders left exposed online on a misconfigured AWS-hosted database. The archive contained 13 million user records, data related to job seekers who had signed up for the service. Exposed records included contact details, current compensation, and applicants’ employment histories. “Ladders, one of the most popular job recruitment sites in the U.S. specializing in high-end jobs, has exposed more than 13.7 million user records following a security lapse.” reads a report published by TechCrunch. “The New York-based company left an Amazon -hosted Elasticsearch database exposed without a password, allowing anyone to access the data.”


2 GAO Flags New Cybersecurity Issues for Upcoming Census

To conduct the 2020 Decennial Census, the bureau will collect sensitive insights about more than 100 million American households including birth dates, marital status, people’s living situations, ages and other data that’s considered personally identifiable information. For the first time ever, the bureau will enable the public to respond to the census via the internet and field-based enumerators to use mobile device applications to survey households—both efforts increase the risk of that private information being digitally hacked. To protect from impending threats, GAO said the bureau should “better ensure that cybersecurity weaknesses are addressed within prescribed time frames” and “improve its process for addressing cybersecurity weaknesses identified by [the Homeland Security Department].”


3 Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords

Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. Orpak’s SiteOmat systems monitor the amount of fuel stored in a gas station’s tanks, as well as their temperature and pressure. The software also sets the price of the gas and processes card payments. Its user interface is password protected, preventing unauthorized access to its data or configuration. According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system. CISA didn’t publish the password.


4 Super Micro will move chip production out of China to avoid spying claims

Server maker Super Micro is moving production out of China in a bid to allay US customer's concerns about spying, even though independent tests have shown no evidence of cyber espionage. The company has also announced its plans to expand its own in-house manufacturing facilities to help mitigate any perceived risks. A spokesperson for the company said Super Micro wants to be more self-reliant "without depending only on those outsourcing partners whose production previously has mostly been in China." Super Micro's problems started last year, when Bloomberg reported that an unnamed major US telecom company had found "manipulated hardware" from Super Micro, modified at a factory in Guangzhou, in its network. The cited security researcher, Yossi Appleboum, also said that other companies had fallen "victim" to China modifying hardware for surveillance.


5 Google spends hundreds of millions of dollars on content review

Alphabet Inc’s Google unit told a U.S. House panel it spends hundreds of millions of dollars annually on content review and said it manually reviewed more than 1 million suspected “terrorist videos” on YouTube in the first three months of 2019. Google disclosed in a April 24 letter made public on Thursday that the manual review found 90,000 videos violated its terrorism policy. In March, following the live-streaming on social media of a mass shooting in New Zealand, the chair of the U.S. House Committee on Homeland Security urged the top executives of Google, Facebook Inc, Twitter Inc and Microsoft Corp do a better job of removing violent political content.


6 A glitch is breaking all Firefox extensions

Reports are pouring in of a glitch that has spontaneously disabled effectively all Firefox extensions. Each extension is now being listed as a “legacy” extension, alongside a warning that it “could not be verified for use in Firefox and has been disabled”. A ticket submitted to Mozilla’s Bugzilla bug tracker first hit at around 5:40 PM Pacific, and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM (or midnight on May 4th in UTC time). Because the glitch stems from an underlying certificate, re-installing extensions won’t work — if you try, you’ll likely just be met with a different error message. Getting extensions back for everyone is going to require Mozilla to issue a patch.


7 Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts

Eddie Bauer and the Veridian Credit Union have reached a $9.8 million compensation deal to settle a class action lawsuit over the leak of data belonging to one million Veridian customers. The case, Veridian Credit Union v. Eddie Bauer LLC (2:17-cv-00356), was filed in the US District Court for the Western District of Washington. The $9.8 million settlement was filed last week and requires court approval. As noted by Top Class Actions, the class-action lawsuit was filed following a data breach in 2016. It was claimed that Eddie Bauer's lack of adequate security practices allowed the security incident to occur, leading to the compromise of roughly one million Veridian customer accounts.


8 Senate Passes Bill to Allow Cyber Talent to Rotate Through Agencies

A Senate bill passed unanimously Tuesday would create a civilian personnel rotation program for federal cybersecurity professionals. The bipartisan Federal Rotational Cyber Workforce Program Act of 2019, authored by Sens. Gary Peters, D-Mich., and John Hoeven, R-N.D., would establish a rotational system to allow select IT and cybersecurity professionals to apply for duty assignments of between 180 days and one year. Under the program, existing federal tech talent would have avenues to bolster their training and experience, while smaller agencies would gain access to cyber employees who can improve their security posture. “I’m pleased the Senate passed this bipartisan bill to help the federal government recruit and retain highly skilled cybersecurity professionals, address staffing challenges in agencies across government, and strengthen our ability to combat cybersecurity threats and secure our systems,” Peter said in a statement.


9 Ex-Missouri Sheriff Gets 6 Months for Illegally Tracking Other Cops’ Cellphones

A Missouri sheriff who tracked the mobile phones of other law enforcement officers and civilians illegally without a warrant lost his job—and is now going to get 6 months in a federal prison. Cory Hutcheson, 35, was sentenced on Monday. After his six months with the U.S. Bureau of Prisons, he will serve an additional 4 months under house arrest.  The former sheriff of Mississippi County was also required to resign his position last November, after pleading guilty to one count each of identity theft and wire fraud. Numerous victims, including Missouri State Highway Patrol troopers, attended the sentencing in U.S. District Court in St. Louis. “Cory Hutcheson is the worst kind of person who could have ever been a law enforcement officer,” said Sgt. Jeff Johnson, of the Highway Patrol, during testimony at the court hearing, according to The Riverfront Times.


10 New Extortion Email Scam Threatens to Release Your Sex Tape

Scammers are now sending extortion emails stating that they have a tape of you and them having intercourse and are threatening to release it if you do not send them a $1,500 in bitcoins. In a new email scam campaign going around, extortionists are stating that they had intercourse with you a long time ago and had secretly recorded it. They then state that they stole all of your passwords and contact lists while you were in the bathroom. The email goes on to say that if you send them $1,500 in bitcoins, they will delete everything they have about you and you will never hear from them again. The reality is that this is just a scam and the senders do not have a tape of them having intercourse with you. Therefore, you should not send them any money or be worried that it is true.


11 A hacker is wiping Git repositories and asking for a ransom

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand. The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening. What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570). The hacker claims all source code has been downloaded and stored on one of their servers, and gives the victim ten days to pay the ransom; otherwise, they'll make the code public.


12 Alleged Ukrainian Malvertiser Extradited, Faces Hacking Charges

A 31-year old Ukrainian national named Oleksii Petrovich Ivanov who allegedly ran multiple malvertising campaigns between October 2013 through May 2018 was extradited to the U.S. from the Netherlands and is facing hacking charges. Ivanov got arrested on October 19, 2018, by the Dutch authorities following an investigation conducted by the U.S. Secret Service Criminal Investigations in collaboration with the National High Tech Crime Unit of the Dutch National Police and UK's National Crime Agency. The defendant was indicted on December 3, 2018, with "one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud," with the indictment—available HERE—being unsealed on May 2, 2019, when he entered the U.S. and got detained without bail.

Related Posts