Data from smartwatch provided ‘key evidence’ against hitman

Police used data from a Garmin GPS watch to help get a man convicted for killing a crime boss known as Mr. Big.

Data from smartwatch provided ‘key evidence’ against hitman

Police have turned to using stored data from devices to help solve crimes, such as when the cops used pacemaker data to catch a perp. This time, though, the cops relied on data from a device that a hitman could have removed: a smart watch.

Mark Fellows, who was also an avid runner and cyclist, was given an indefinite life sentence after police used data from a Garmin GPS watch (a Garmin Forerunner 10) to map out Fellows’ reconnaissance of his target, the route taken to gun down his target (a “crime boss known as Mr. Big”), as well as his escape route. The cops also relied on data from a TomTom Start satellite navigation system, cell site evidence and CCTV surveillance footage, but it was the smartwatch that provided “key evidence” in the case.

Other cybersecurity and privacy news

Researchers find browser extensions bypassing Same Origin Policy to maliciously access user data

If you use browser extensions, then you might want to check out the list of extensions that are capable of accessing sensitive user data, including credentials, and downloading and saving files on a user’s device. For their report, researchers at Universite ́ Coˆte d’Azur analyzed over 78,000 Chrome, Firefox and Opera add-ons; 197 of them were malicious, with 171 of those being Chrome extensions.

3 micropatches for 3 Windows zero-days

The 0patch team released three micropatches to protect against three different Windows zero-days: the “angrypolarbearbug,” the readfile, and arbitrary code execution related to VCF and Windows Contact files.

6.2 billion devices can be pwned with zero-click interaction

Researcher Denis Selianin revealed details about a vulnerability in the firmware of Wi-Fi chipset ThreadX that could impact more than 6.2 billion devices. The “vulnerability can be triggered without user interaction during the scanning for available networks. This procedure is launched every five minutes regardless of a device being connected to some Wi-Fi network or not.”

Selianin added, “That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network).”

He gave an example of how to exploit Valve Steam Link, noting that many vulnerable devices using Marvell Wi-Fi chipsets are gaming devices such as PlayStation 4 or Xbox One, but Microsoft Surface laptops, Samsung Chromebooks and many other devices are also at risk.

Oklahoma government exposed 3TB of data, including FBI investigation details and remote logins

The Oklahoma Department of Securities admitted to an “inadvertent exposure of archived data.” That data exposure wasn’t a little “oops” either, as millions of files were leaked. According to UpGuard, 3 terabytes of data was unprotected. Among the files stored in plaintext on the public internet were Social Security numbers and other sensitive information, business information, seven years of FBI investigation details, credentials for remote access to computers — such as VNC credentials for remote access to the Oklahoma Department of Security workstations, credentials for third parties submitting security filings, and a spreadsheet of IT services with usernames and passwords.

“It represents a compromise of the entire integrity of the Oklahoma department of securities’ network,” Upguard’s Chris Vickery told Forbes. “It affects an entire state level agency. … It’s massively noteworthy.”

DNC claims Russia tried to hack it in November 2018

According to a court filing, the Democratic National Committee (DNC) believes Russia was trying to hack its computers in November 2018. Besides Russia’s military intelligence GRU and Guccifer 2.0, the DNC is also suing WikiLeaks, Julian Assange, Donald Trump, and members of the Trump campaign.

Copyright © 2019 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)