Skip to content Skip to navigation

Friday Cyber News, November 30 2018

Cyber technology-related news and links from around the web, for the week of 11/24 - 11/30:

1. Heavy-hitting lineup of breaches this week: breaches this week, data on 2.65M patients of the Atrium Health system was accessed after a breach at third-party billing vendor AccuDoc. This aligns with a recent study finding that more than half of hospital data breaches were the result of internal negligence, rather than hackers. The USPS just fixed a vulnerability that allowed users to view and in some cases modify account details for other users, after knowing about the problem for more than a year. The Starwood hotels guest reservation database was breached, compromising the information of 500M hotel guests. [Reuters; Helpnet Security; Krebs; NBC] 

2. England was dissatisfied with Mark Zuckerberg's refusal to answer lawmakers' questions, and has taken the step of having Parliament seize internal Facebook documents relating to data usage, monetization, and privacy. The documents were obtained from Six4Three, an app developer that obtained them during legal discovery related to their court case against Facebook for allegedly allowing developers unequal access to user data. [Guardian]

3. Yachts, luxury cars, and French villas: the $100M profits from Evgeniy Bogachev's botnet have benefitted him personally, but his willingness to use the botnet for Russian governmental aims has also kept him safe from extradition. Among several innovations that allowed the botnet to be so successful, to avoid shutdown attempts it was programmed to automatically contact a new set of 1,000 domains every week, so that any command-and-control domains that were disabled the previous week could be replaced. [Nautilus]

4. Ransomware perpetrators Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were charged by a Federal grand jury this week for their role in the SamSam hacking campaign, which targeted hospitals, local governments, state agencies, and other public institutions. [The Hill]

5. Amending their state motto to "with bitcoin, all things are possible," Ohio became the first to allow businesses to pay their taxes with cryptocurrency. [The Hill]

6.​ Law enforcement investigating cyber criminals attempting extortion have expanded their capabilities to include a new NIT, or network investigative technique: a spoofed FedEx page and backdoored Word documents that report the IP addresses of those who download them from the fake shipping site. [Motherboard]

7. EternalBlue and EternalRed, NSA hacking tools leaked last year, are still being used to attack computers using the UPnProxy protocol. [Techcrunch]

8. In case you doubted the intricacies of the series of tubes, this investigation of shady Amazon drop-shipping clones run out of a fraudulent clickbait-farm university leads to furniture and bookshop storefronts that all tie back--via fake Yelp reviews and YouTube videos--to a conglomerate of e-businesses that demonstrate the complications of online investigation. [NY Times]

9. Getting tired of Facebook Kremlinology? The latest report is that the FB war room, which must have been heavily sold to press outlets to feature in two stories in the lead-up to the midterms, has been disbanded (all those monitors...gone?) but Facebook denies that this implies anything about their focus on election security. [The Hill]

10. Ham radio enthusiasts are raising concerns that a proposed FCC rule change to remove baud limits would allow ham radio operators to send encoded messages, which is against the rules. The ham rules. [Hackaday]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at