Inside Security - February 18th, 2019

Inside Security (Feb 18th, 2019)

Understanding DNS hijacking / New indictments with Chinese and Iranian cyber spies

New blank template
Subscribe | View in browser

Swedish medical hotline calls, Chinese and Iranian spies trying to break into American businesses, someone trying to phish Texas transportation contracts, and overall DNS hijacking attempts. The online world is full of worry. Those of you that want to add another Inside newsletter to your collection might want to check out Inside Dev. I will be guest curating today's issue. 

-- David Strom

1. The numerous reports about DNS-based attacks last fall are collected from the US DHS, FireEye and Crowdstrike and summarized by Krebs in his post here. He has tested the rogue addresses himself and reports on his results, showing how a DNS hijacking account can occur. It is time to not take our DNS implementations for granted and understand how to protect them and operate them better, he says.

2. Chinese and Iranian state-sponsored hackers have been aggressively targeting specific American businesses such as ISPs, Boeing, GE, and T-Mobile. They were motivated by federal policy changes towards both countries and attempt to steal trade and military cyber secrets. Attackers are getting better at disguising their origins and methods too. -- NY TIMES

3. A North Carolina dance studio is hosting a phony website that appears to be the State of Texas Transportation Department online contracts page. Obviously, this is the tip of the phishing tale. The post offers tips on how to recognize these sorts of scams and ways to be more vigilant. -- ANOMALI BLOG

4. Thousands of Android apps collect both the Ad ID and other device data as a way to target their advertising messages to specific endpoints and customers. You can see a partial list of some of them below. This is in violation of Google Play guidelines and is an invasion of users’ privacy too. Researchers show how this data is collected and who is doing the more egregious snooping. -- AD CENSUS BLOG

5. Funding events of the week:

  • PerimeterX raised a $43 C funding round led by Scale Venture Partners. It is based in Silicon Valley and has an anti-botnet security tool. Its CEO is Omri Iluz.
  • C2A Security raised a $6.5 A funding round led by Maniv Mobility. It is based in Tel Aviv and has automotive security tools. Its CEO is Michael Dick.
  • NXM Labs raised a $5.5 seed round led by Cedarpoint Investments. It is based in San Francisco and has a self-management tool for smart IoT devices. Its CEO is Scott Rankine.
  • ShiftLeft raised a $20M B funding round led by Thomvest Ventures. It is based in Silicon Valley and has app security tools. Its CEO is Manish Gupta.
  • Axonius raised $13M A funding round led by Bessemer Ventures. It is based in NYC and has cyber asset management tools. Its CEO is Dean Sysman.
  • Elevate raised an $8M A funding round led by Defy Partners. It is based in Berkeley and has behavioral science cyber security solutions. Its CEO is Robert Fly

6. High school students applying for college admissions have found a leaky database on Noliq Web containing their applications data. The cause is assigning sequential application numbers that can be easily guessed to obtain other student’s data. Fixes are in the works. -- STANFORD (UNIV.) DAILY

7. A specially crafted Facebook URL can be used for cross-site forgery attacks and obtain complete control over a user’s private data. A researcher discovered the bug, was rewarded a bounty and it was subsequently fixed last month. -- THE HACKER NEWS

8. CracksNow has been banned from numerous Torrent sites when it was found that many of its files purposely contained malware. There is some honor among thieves, it appears. -- HOT FOR SECURITY

9. My colleague Zack Whittaker has covered cyber for decades. His latest piece is to scrape all the breach notification letters sent to the California AG for the words “we take the privacy of our customers’ data seriously.” A third of them had some variation of that phrase. But “It doesn’t show that companies care about your data. It shows that they don’t know what to do next.” He mentions how some companies, such as OKCupid, tend to deflect, defend and deny anything bad happened. -- TECHCRUNCH

10. Millions of calls to a health hotline in Sweden have been digitally recorded since 2013 and stored on an open website. The calls contain all sorts of sensitive information, including phone numbers, and symptoms. -- COMPUTER SWEDEN (IN SWEDISH)

This post documents how a GranCrab ransomware attack on an Indian hospital plays out: how it entered their network (by finding open RDP ports through Shodan and then brute-force guessing their credentials), scanning the internal network for likely targets, finding admin access and then launching their attacks to compromise specific machines. Here are some suggestion on how to better protect yourself. -- NAKED SECURITY (SOPHOS)

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at, game-master at Screen Junkies) and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.