Inside | Real news, curated by real humans
Inside Security

Inside Security (Aug 14th, 2017)

David’s Take

This week we learned how law enforcement works using certain cyber tracking tools. In a new case revolving around someone blackmailing children, FBI agents sent the suspect a digitally-poisoned movie file that obtained the target's real IP address. Last week prosecutors announced charges against Buster Hernandez, 26, of Bakersfield, California. Hernandez is charged with threats to use an explosive device and sexual exploitation of a child. Since 2015, he has used social media, email, and VoIP to communicate with a number of underage female victims and extort sexual photos from them. The FBI was authorized to add a small piece of extra code to a video file produced by one of the victims. Posing as the victim, the FBI then sent the booby-trapped file to the suspect via Dropbox. -- MOTHERBOARD

 -- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top story: New Android spyware

Lookout researchers have identified over a thousand spyware mobile apps related to a threat actor likely based in Iraq. Belonging to the family "SonicSpy," these samples have been aggressively deployed since February 2017, with several making their way onto the Google Play Store. Google removed at least one of the apps after Lookout alerted the company. The messaging app contains malicious capabilities that provide an attacker with significant control over a target device. This includes the ability to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts, and information about Wi-Fi access points. – LOOKOUT BLOG

  • Email gray
  • Permalink gray

Acquisitions and Startups

WatchGuard Technologies announced they have acquired Datablink, a leading provider of advanced authentication solutions. WatchGuard plans to bring Datablink’s authentication to its SMB and distributed enterprise customers as a fully cloud-based service. Terms weren’t disclosed.

There is a new organization whose mission is to eliminate the ambiguity around data sanitization terms, standards and guidelines. Its goal is to ensure organizations are adhering to, and receive best practices in data sanitization. In support of this mission is this recent survey of IT professionals, which found when asked to identify the correct definition of data sanitization, 64 percent failed to choose the correct answer. Long time security expert and colleague Richard Stiennon is its director.

  • Email gray
  • Permalink gray

Attacks

FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. They believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from open Wi-Fi traffic and poisoning the NetBIOS Name Service. APT28 is also using the EternalBlue exploit and the open source tool Responder. – FIREEYE BLOG

  • Email gray
  • Permalink gray

K-12 schools and districts are reporting heightened DDoS attacks over time. From hack-savvy students who want to avoid classes or tests to cyber criminals who want to steal data, DDoS is a standard tool for making sure school is out while unauthorized parties get in. – IBOSS BLOG

  • Email gray
  • Permalink gray

Tools and methods
 

Here are the top 11 open source server and network monitoring tools for Linux, at least according to one researcher. These include Nagios, Zabbix (shown above), and Zenoss. Features of each tool are presented. -- LINUX TECHI

  • Email gray
  • Permalink gray

If you are looking for ways to harden your Macs, here are some very solid methods, most of which involve using the command line SUDO, to strengthen your defenses. There are instructions for disabling particular certificate authorities, changing DNS defaults, and using Web proxies to filter your traffic.  – OSS BLOG

  • Email gray
  • Permalink gray

Reports

Last week smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users. Only one LockState product was affected, which is the LockState RemoteLock 6i (also known as 6000i). The device costs $469 and is sold mainly to Airbnb hosts who use them to set up the entry for their new guests. On Twitter, LockState said that only 500 devices were affected. The company immediately sent out a letter to its customers. – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

In its survey of 950 IT professionals from SMBs to large enterprises, Pwnie Express found SMBs check their wireless devices for malicious infections and their employees' BYOD devices with greater frequency than larger enterprises. – DARK READING

  • Email gray
  • Permalink gray

Bug bounty

A 17-year old participant was paid for more than two dozen bounties he submitted as part of the Air Force bounty program conducted earlier this year. Payouts ranged from $100 to $5,000 per bug, and hackers received more than $130,000 in total rewards. Hackers reported the first vulnerability less than a minute after the program was launched. – HACKER ONE

  • Email gray
  • Permalink gray

The docket

The Israeli police have arrested individuals involved in a DDOS-for-hire criminal ring. They managed a website called vdos-s.com which has been documented in more than two million attacks last year. – ISRAEL DEFENSE (in Hebrew)

  • Email gray
  • Permalink gray

Nationwide has agreed to pay $5.5M  and take other steps to protect customers' identity as part of a settlement reached last week with New Jersey and 31 other states, officials said. The deal is the outcome from a security breach in October 2012 that resulted in the loss of personal data belonging to 1.27 million consumers. – APP.COM

  • Email gray
  • Permalink gray

Just for fun

One of my favorite pictures of the very young Bill Gates. (from Instagram)

  • Email gray
  • Permalink gray

How likely are you to recommend Inside Security to a friend or colleague?

          

Subscribe to Inside Security