21-01-202123-01-2021

Security daily (22-01-2021)

DIA uses purchased phone location data without warrants

The Defense Intelligence Agency has been using smartphone location data purchased from commercially available databases, according to an intelligence memo obtained by CyberScoop. The DIA, which primarily provides intelligence to support U.S. military operations, has been gathering the location data on both Americans and non-U.S. citizens dating back two-and-a-half years, according to the memo, which was drafted by the DIA for the offices of Sen. Ron Wyden, D-Ore., states. The DIA has sought to access Americans’ data and their past movements a total of five times in that time period, according to the memo. The memo did not state the number of times non-citizens’ data was queried. While the agency did not describe what the searches encompassed, the memo makes clear that the agency is obtaining sensitive location data without a warrant. The Department of Homeland Security’s Immigration and Customs Enforcement previously suggested in a legal memo that government officials […] The post DIA uses purchased phone location data without warrants appeared first on CyberScoop. (CyberScoop)

Russian man tied to illicit hosting service Deer.io pleads guilty

A Russian computer security researcher has pleaded guilty to hacking-related charges in connection with U.S. law enforcement action against an internet marketplace where buyers purchased access to stolen personal data.  Kirill Firsov, a Russian national, acknowledged his involvement with Deer.io, an illicit web hosting service that enabled scammers to operate independent web stores where they sold access to hacked web accounts and other services. The U.S. Department of Justice shuttered the website in March 2020, weeks after Firsov was arrested at John F. Kennedy airport in New York City.  Firsov admitted his role in running Deer.io when he was apprehended at the airport, the plea deal states. He now faces up to 10 years in prison. Deer.io claimed to have more than 24,000 active websites with sales exceeding $17 million, the Justice Department said last year. Various sites hosted through the Deer.io platform offered Americans’ personal information, access to breached […] The post Russian man tied to illicit hosting service Deer.io pleads guilty appeared first on CyberScoop. (CyberScoop)

Home security technician pleads guilty to spying on women, couples

A former ADT home security technician pleaded guilty on Thursday to logging into customers’ video feeds to watch naked women and couples having sex. Telesfloro Aviles faces up to five years in prison. Aviles’ Dallas-area snooping stretched over nearly five years and involved him accessing approximately 200 customer accounts more than 9,600 times, he admitted. “This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said the acting U.S. Attorney for the Northern District of Texas, Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.” ADT still faces civil suits over an incident it first disclosed in April, 2020. Aviles would gain improper access by claiming he needed to temporarily add himself to customers’ “ADT Pulse” accounts to conduct system tests. Other times he would add himself without permission, according to federal prosecutors. ADT says it fired Aviles after discovering […] The post Home security technician pleads guilty to spying on women, couples appeared first on CyberScoop. (CyberScoop)

White House plans to select Rob Silvers, a Mayorkas ally, to lead DHS's cyber outfit

The Biden administration plans to select Rob Silvers, a lawyer and former Department of Homeland Security official, to run the federal agency in charge of election security and stopping hacking threats to government networks, according to two people familiar with the matter. The choice of Silvers, who is close with Homeland Security secretary nominee Alejandro Mayorkas, to lead DHS’s Cybersecurity and Infrastructure Security Agency signals the new administration’s intent to strengthen CISA’s role in cyber-defense. Biden advisers have proposed hundreds of millions of dollars in additional funding for the two-year-old agency, and providing more security tools to defend civilian-government networks. Silvers’ selection won’t be official until all of the requisite paperwork is complete, people familiar with the process said. If confirmed by the Senate, Silvers would assume the position previously held by Christopher Krebs, whom former President Donald Trump fired via Twitter for declaring the 2020 election was secure. CISA […] The post White House plans to select Rob Silvers, a Mayorkas ally, to lead DHS's cyber outfit appeared first on CyberScoop. (CyberScoop)

Intel says financial graphic was 'hacked,' forcing early release of 2020 report

Even the leak of a single infographic can be a big deal for a major corporation. Intel Corp. had to act fast Thursday afternoon when it discovered that an infographic from its unpublished quarterly report had been circulating outside the company. As a result, the chipmaker posted those fourth quarter 2020 financial results a few minutes before the stock market closed at 4 p.m., instead of afterward. Chief Financial Officer George Davis told the Financial Times that the graphic had been “hacked” from the company’s public relations newsroom website. Intel has not specified who the thief might be, or where the graphic had been illicitly shared online. As financial cybercrime goes, the incident appears to be small and isolated, but it highlights the appeal of financial data — even a single page from a slide deck — to anyone inclined to use illicitly acquired information to get a leg up […] The post Intel says financial graphic was 'hacked,' forcing early release of 2020 report appeared first on CyberScoop. (CyberScoop)

US administration adds “subliminal” ad to White House website

Hiding digital "secrets" where they're supposed to be found is good fun. Just don't hide actual secrets and hope no one will notice! (Naked Security)

Boost Your Security with a VPN & Private Email Service

Your sensitive personal data should be strongly protected, and it's never more vulnerable than when you are online. The internet connection is a prime avenue of exposure, and email is one of the least secure forms of communication. Fortunately, there is an easy solution to both of those problems.

A virtual private network (VPN) will protect your internet connection, while a private email service will allow you to rest easy about what your messages contain. Our Premium Privacy Bundle offers a one-year subscription to both, and you can get them for only $44.99, which is 60% off the normal price... more (Null Byte « WonderHowTo)

Biden Beefs Up Cybersecurity Team Post SolarWinds Hack

(News ≈ Packet Storm)

Bugs Allowed Hackers To Hijack Kindle Accounts With Malicious Ebooks

(News ≈ Packet Storm)

Hackers Publish Thousands Of Files After Govt Refuses To Pay Ransom

(News ≈ Packet Storm)

New Website Launched To Document Vulnerabilities In Malware Strains

(News ≈ Packet Storm)

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords. (Threatpost)

Amazon Kindle RCE Attack Starts with an Email

The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. (Threatpost)

ADT Tech Hacks Home-Security Cameras to Spy on Women

A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them. (Threatpost)

Discord-Stealing Malware Invades npm Packages

The CursedGrabber malware has infiltrated the open-source software code repository. (Threatpost)

Ransomware Attackers Publish 4K Private Scottish Gov Agency Files

Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve. (Threatpost)

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic. (Threatpost)

21-01-202123-01-2021

/security-daily/ 23-01-2021 23:44:27