Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – May 8, 2019

A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan. Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second–infinitely faster than a human hacker can work and thousands of times faster than even the fastest electronic hacking techniques. “With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”

 

2 Google Search gets podcast management, News Coverage, and AR 3D models

At its annual I/O developer conference this week in Mountain View, Google announced a refresh of Google Search on mobile. The company’s introducing navigable 3D models in augmented reality (AR), a news feature called Full Coverage, and podcast management. Now, when you search for something like “muscle flexion” in Search, you’ll see a related 3D model directly from results, which you’ll be able to place in 3D space. The same goes for products: perform a search for New Balance shoes, for example, and you’ll get sneakers you can see from all angles and project onto the real world through a phone’s camera and screen. “Seeing it action, right in front of you … very handy,” said Aparna Chennapragada, Google Lens director of product.

 

3 Feds nab top exec on allegations he hacked a competitor, stole info… about school lunches?!

After a year-long investigation, a top California exec has been arrested by the FBI for allegedly hacking into a competitor's website and stealing their customer data in an effort to ruin their business. There is an unusual twist, however: this isn't the high-stakes world of big tech or high finance, but American school lunches. Chief financial officer of Choicelunch, Keith Wesley Cosbey, 40, was collared last month over claims that he illegally grabbed details from competitor The LunchMaster on what precisely youngsters across the San Francisco Bay Area like to eat and are allergic to. He has been charged with unlawful computer access and fraud, and identity theft. If found guilty, Cosbey faces up to three years behind bars.

 

4 This hack could take control of your Ford

Using a $300 software-defined radio, a security researcher says he has figured out how to take control of some of Ford’s newer and higher-end cars and trucks. Through a radio frequency capture-and-manipulation technique he described to The Parallax, Dale “Woody” Wooden, the founder and president of Weathered Security, says a hacker could unlock a Ford vehicle, interfere with its onboard computer systems, and even start its engine. A successful hack on its own isn’t likely to result in stolen vehicles, however: Wooden’s exploit does not deactivate a car’s immobilizer. Wooden’s methodology is unusual for this kind of key fob replay attack. “I’ve never heard of someone using multiple key fobs and manipulating the protocol in the RF spectrum by having the receiving machine reset its rolling codes,” he says.

 

5 Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever. On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

 

6 How many dark web marketplaces actually exist? About 100

Despite a years-long drumbeat of sensational headlines and high profile arrests implying there’s an abundance of criminal masterminds lurking in the hidden corners of the internet, the reality is that the number of sites makes up less than 0.005 percent of the number of web pages on the open internet, according to new research. In findings set to be published Tuesday, the threat intelligence company Recorded Future sought to map the number of so-called .onion sites reachable via the anonymity browser Tor. Researchers found 55,828 different onion domains, and only 8,416 were active, though it’s not clear exactly how many of those are used for criminal activity, Garth Griffin, Recorded Future’s director of data science, told CyberScoop.

 

7 Binance hacked for over $40M worth of Bitcoin

Binance suffered what it’s calling a “large scale security breach” yesterday evening. The hackers were able to transfer 7,000 Bitcoin $BTC0.51% (over $40 million at the time of writing) in one transaction from the company’s hot wallet. In an announcement last night, Binance‘s CEO Changpeng Zhao said that hackers were able to obtain user API keys, two-factor authentication (2FA), and potentially other info – it has not disclosed what, though. At this point, Binance also doesn’t know how many accounts have been affected. Binance claims the attackers used a range of techniques including phishing and malware to carry out the hack. The attack managed to circumvent Binance‘s security checks, but after noticing the strange activity, the exchange blocked all withdrawals.

 

8 Cyberattack Cripples Baltimore's Government Computer Servers

Baltimore’s government on Tuesday rushed to shut down most of its computer servers after its network was hit by a ransomware virus. Officials believe it has not touched critical public safety systems. Agents with the FBI’s cyber squad were helping city technology employees try to determine the source and extent of the cyberattack. Baltimore Mayor Bernard “Jack” Young said police, fire and EMS dispatch systems have not been affected, but other layers of the mid-Atlantic city’s network have been “infected with a ransomware virus.” “At this time, we have seen no evidence that any personal data has left the system,” Young tweeted Tuesday afternoon.

 

9 CIA’s Latest Layer: An Onion Site

Secure, anonymous, untraceable—traits ever-present in CIA’s intelligence collection mission—and the same is true for our onion site, which is now available over the Tor network. “Our global mission demands that individuals can access us securely from anywhere. Creating an onion site is just one of many ways we’re going where people are,” said Brittany Bramell, CIA’s Director of Public Affairs. Everything on CIA.gov, from The World Factbook to reporting information to applying for a job, is available on our onion site. Our onion site is one of several ways individuals can contact CIA.

 

10 Verizon Publishes 2019 Data Breach Investigations Report (DBIR)

The Verizon 2019 Data Breach Investigations Report (DBIR) was published just after midnight today. This is the 12th edition since its launch in 2008, and the most extensive to date, with 73 contributors and an analysis of 41,686 security incidents including 2,013 confirmed breaches. A breach is defined as an incident that results in the confirmed disclosure or exposure of data. Purely from its detail and breadth of coverage, DBIR has become the breach bible for the security industry. Verizon does not speculate on the meaning of the data it provides, leaving that to independent security analysts. Like all surveys, it can only analyze and catalog the data it receives — it knows nothing about that which it knows nothing. As a result, DBIR provides evidence of security trends across the greater part of industry, but little in terms of specific causes for specific trends.

Related Posts