AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – September 5, 2018

Twitter testing new feature that reveals when you’re online

The feature, revealed in a post from Twitter’s director of product management and shared more widely by Twitter CEO Jack Dorsey, reveals that the site is toying with the idea of displaying a green dot next to active, online users. What isn’t entirely clear, however, is whether Twitter plans to make the feature opt-in or opt-out when/if it eventually rolls out to the great unwashed masses. Why does that matter? Well, it’s an erosion of my privacy to share with the world that I’m currently online checking Twitter. And it’s easy to imagine how digital stalkers could use such a feature to harass victims (“I know you’re online… why haven’t you replied to my message?”)

Chrome: Flash is almost, almost, almost dead

If you use Google’s Chrome browser after 4 September the latest update will make it even harder to use in-browser Adobe Flash. Starting with Chrome update 69, the browser will require users to explicitly enable Flash every single time they want to use it. Chrome will no longer remember this preference between sessions, so every time a user hits a site that uses Flash, they’ll have to say “yes, I really want to enable this extension.” If it sounds annoying, it absolutely is, and that’s by design. This is just another step on the timeline that Chrome and many other browsers have set upon to slowly, slowly wean the public off Flash in anticipation of Adobe’s official plan to end support for the plugin by 2020.

Windows utility used by malware in new information theft campaigns

Researchers have uncovered a new attack chain which exploits little-known Microsoft Windows utilities and innocuous software to fly under the radar in the quest to steal data. According to Symantec, the new malware campaign is a prime example of what the company calls “living off the land.” In other words, attackers are now turning to the resources already available on target machines — including legitimate tools and processes — as well as running simple scripts and shellcode in memory and performing fileless attacks. By focusing more on homegrown software and less on introducing foreign malware into target systems, threat actors can remain undetected for longer and minimize the risk of being exposed.

Government transparency site revealed Social Security numbers, other personal info

A federal government transparency website made public dozens, if not hundreds, of Social Security numbers and other personal information in a design error during a system upgrade. The error, on a Freedom of Information Act request portal, was fixed after CNN alerted the government to the situation. For weeks prior, however, individuals’ sensitive personal information was available on the public-facing database unbeknownst to them or the government. After a tip from a source who had noticed the glitch, with two quick searches, CNN discovered that the government had published at least 80 full or partial Social Security numbers. There were other instances of sensitive personal information, including dates of birth, immigrant identification numbers, addresses and contact details.

Premera Blue Cross accused of destroying evidence in data breach lawsuit

The plaintiffs of a class-action lawsuit against health insurance provider Premera Blue Cross are accusing the organization of “willfully destroying” evidence that was crucial for establishing accurate details in a security breach incident. In court documents filed last week obtained by ZDNet, plaintiffs claim that Premera intentionally destroyed a computer that was in a key position to reveal more details about the breach, but also software logs from a security product that may have shown evidence of data exfiltration. Establishing if hackers stole data from Premera’s systems is crucial for the legal case. Breach victims part of the class-action will be to claim a right for monetary compensation, while Premera may argue that since hackers did not steal data from its servers, there is no tangible harm to victims.

MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites

The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date. A whopping 7,339 (and counting) individual e-commerce sites have been infested with the MagentoCore.net payment-card skimmer in the last six months, making the malicious script one of the most successful credit-card threats out there. The infections are part of a single effort, all tied back to one well-resourced group with global reach. “Online skimming – your identity and card are stolen while you shop – has been around for a few years, but no campaign has been so prolific as the MagentoCore.net skimmer,” said independent malware hunter Willem de Groot, in a posting Thursday on the prolific nature of the script. “The group has turned [thousands] of individual stores into zombie money machines, to the benefit of their illustrious masters.”

Cracked Logins of 570,000 Mortal Online Players Sold On Forums

Account information belonging to 569,703 players of the Mortal Online massively multiplayer online role-playing game (MMORPG) has been sold online several times since it was leaked as a result of a data breach. On June 17, an unauthorized third party accessed a server holding shop and forum databases, and pilfered the data. The developers made the announcement four days after they learned about the breach, following an investigation that found evidence of an intrusion. “We do not store any credit card information on our servers so that information is still completely safe,” the developers informed.

FBI launches Protective Voices site to combat malicious foreign influence

The FBI is launching a website to help educate the public regarding on-going campaigns that spread disinformation with the goal of influencing American society and lowering citizen’s confidence in specific U.S. individuals and institutions. The Protected Voices initiative website, being operated in conjunction with the Department of Homeland Security and the Director of National Intelligence, will combat foreign influence through a series of short videos that will show basic cybersecurity tips and cover issues centered on protecting campaign computer networks.

Crypto Twitter Scams Strike Again as Fake Pope Francis Bitcoin Giveaways Populate the Platform

The next face of crypto scam on a social media platform is that of Pope Francis. As per CCN’s report, Duo Security’s researchers saw a growing number in fake accounts, which promoted a supposed giveaway of cryptocurrencies – whether it Bitcoin [BTC], Ethereum [ETH] or others. Such accounts are also referred to as “botnet”, which normally mimics profiles of experts within the field by creating fake interest from users through likes and retweets. An example of the fake Pope Francis account has been revealed and it belongs to @_Poontifex. To fool investors and followers, other dummy accounts are then established to confirm the receival of said giveaway.

Hollywood accuses itself of piracy

As Torrent Freak reports, it’s not Sony Pictures Television, National Geographic or Columbia Pictures’ copyright lawyers that have spontaneously developed dementia. Rather, it’s the armies of “largely automated” bots they deploy each day to scour the internet for references to pirated content. The result: a slew of bone-headed DMCA notices have been sent out to perfectly legitimate sites, including IMDb, which stands for Internet Movie Database and contains a wealth of information about films, TV programs, video games, and internet streams, including cast, production crew and personnel biographies, plot summaries, trivia, and fan reviews and ratings. After the bots think they’ve spotted piracy, they report the links to various online services, including Google. It works fine, except when it doesn’t.

Implications of the California Consumer Privacy Act of 2018

Going into effect January 1, 2020, the CCPA applies to businesses that collect, sell, or otherwise process information about California residents. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business that meets revenue or data collection volumes and that collects, processes or sells information about California residents. California’s privacy law is the state’s attempt to rectify the excesses revealed by Cambridge Analytica and Facebook, and other organizations in which consumer information was used, sold and frequently ravaged without consent. It imposes new measures on companies that do business in the state that will force them to dramatically change the way consumer information is handled.

How to Watch Twitter and Facebook Testify Before Congress Wednesday

In what’s threatening to become an annual tradition, executives from Twitter and Facebook will testify before Congress Tuesday. And unlike last fall’s session, this round will include the top brass, including Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg. (Facebook CEO Mark Zuckerberg presumably gets a pass, given his solo session this past April. Here’s how to watch. Wednesday will actually see two hearings. The morning session before the Senate Intelligence Committee kicks off at 9:30 am ET, featuring both Dorsey and Sandberg. Google CEO Larry Page was invited, but declined to attend; Google offered global affairs executive Kent Walker instead. Walker will provide written testimony, but won’t appear in person. You can watch that session live right here when it starts.

Uncle Sam wants tech toolkit to snoop social media stock scammers

The US Securities and Exchange Commission (SEC) has put out a call for proposals on a new system that would be able to identify possible stock scams posted on Twitter, Facebook, and other social networks. The SEC posted the call last week with a September 11 deadline for proposals from developers on an application that would be able to comb feeds on Facebook, Twitter, LinkedIn, Instagram, and Google+ for dodgy deals and alerts, and then email warnings to the regulator if any posts trigger various keywords. “The SEC requires subscription to a Commercial-Off the Shelf (COTS) social media monitoring tool that provides emailed alerts to SEC staff based on keyword searches for relevant topics,” the watchdog stated.

Google Notifies People Targeted by Secret FBI Investigation

At least dozens of people have received an email from Google informing them that the internet giant responded to a request from the FBI demanding the release of user data, according to several people who claimed to have received the email. The email did not specify whether Google released the requested data to the FBI. The unusual notice appears to be related to the case of Colton Grubbs, one of the creators of LuminosityLink, a $40 remote access tool (or RAT), that was marketed to hack and control computers remotely. Grubs pleaded guilty last year to creating and distributing the hacking tool to hundreds of people.

Related Posts