AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/19/2021

Nine Attention-Grabbing Inventions Unveiled at This Year’s CES

Like school, work conferences and visiting your grandparents, this year’s Consumer Electronics Show (CES) has been virtual-only. So instead of gathering in hangar-sized Las Vegas expo halls, those wishing to check out the year’s crop of tech and gadget debuts can simply tune in online. Some of these technologies will never catch on. Others may one day be as ubiquitous as the Xbox, satellite radio and 3D printers, all of which made their grand entrances at CES. While it’s hard to predict which items will stick around, we’ve picked nine of the most useful-seeming, most surprising and most fun inventions for a possible peek into our future.


The Cybersecurity 202: Sen. Mark Warner plans breach-notification debate in wake of SolarWinds hack

Incoming Senate Intelligence Chair Mark R. Warner says Congress will consider whether to require companies – or even government agencies – to disclose when they have been breached. “I think there will be a reexamination around a national breach legislation,” Warner said in an interview.  “I think there will also be a reexamination of what qualifies to fall into mandatory reporting.”  Warner is already planning hearings so members can grapple with the “thorny questions” raised by the sweeping Russian hacking campaign that compromised at least eight government agencies and a huge swath of private-sector companies that were clients of network-management company SolarWinds.  The debate over federal breach notification laws has boiled over in the aftermath of other major hacks, including the 2015 Office of Personnel Management breach and the 2017 Equifax breach. Each time the private sector fiercely lobbied against proposed legislation, experts say. 


A security researcher commandeered a country’s expired top-level domain to save it from hackers

In mid-October, a little-known but critically important domain name for one country’s internet space began to expire. The domain — scpt-network.com — was one of two nameservers for the .cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing. Clearly, a domain of such importance wasn’t supposed to expire; someone in the Congolese government probably forgot to pay for its renewal. Luckily, expired domains don’t disappear immediately. Instead, the clock started on a grace period for its government owners to buy back the domain before it was sold to someone else.


Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active. There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twitter. Over the past week, security researcher MalwareHunterTeam has seen an uptick in verified Twitter accounts hacked in a scam promoting another fake Elon Musk cryptocurrency giveaway. These accounts will reply to tweets, like Elon Musk’s below, and promote a scam where Musk is allegedly giving away free cryptocurrency.


Apple Watch could spot COVID-19 symptoms a week before it strikes

Smartwatches such as Apple Watch could detect COVID-19 infections a week before the wearer feels sick or would test positive for the novel coronavirus, two medical studies suggest. Since such devices can identify subtle changes in heart rate that might indicate an early infection, they could spot asymptomatic individuals, who make up a sizable proportion of COVID-19 cases. Researchers at Mount Sinai Health System in New York and Stanford University in California found that smartwatches could offer a type of early warning system for users during the global pandemic. If a smartwatch or other device identified certain physiological indicators, for instance, the wearer might decide to avoid contact with others or to seek a COVID-19 test. Early diagnosis likely leads to better patient outcomes.


WhatsApp delays new privacy policy as Facebook-fearing users flee

WhatsApp is pushing back its controversial privacy policy change, delaying the date by which users must agree to the new terms over what the Facebook-owned messaging platform described as “misinformation” about how it shares data. Concerns began earlier in January, after an upcoming policy update seemingly required WhatsApp users consent to some of their data being passed over to Facebook. The deadline, the policy update set out, would be February 8, 2021. After that point, users of WhatsApp would have to either agree to the new rules – including those around sharing – or find a different messaging service to use. For many, the answer was to do just that. Telegram and Signal have both reported a huge influx of new signups, believed to be disgruntled WhatsApp users looking elsewhere for their cross-platform messaging hit. WhatsApp tried to clarify the exact details of the policy and staunch the flow earlier this week, arguing that users were confused as to just what was being requested. Now, though, it’s going one step further.

Related Posts