AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/01/2021

New Spotify Patent Involves Monitoring Users’ Speech to Recommend Music

Spotify has been granted a patent with technology that aims to use recordings of users’ speech and background noise to determine what kind of music to curate and recommend to them, Music Business Worldwide reports. The company filed for the patent in 2018; it was approved on January 12, 2021. The patent outlines potential uses of technology that involves the extraction of “intonation, stress, rhythm, and the likes of units of speech” from the user’s voice. The tech could also use speech recognition to identify metadata points such as emotional state, gender, age, accent, and even environment—i.e., whether someone is alone, or with other people—based on audio recording. The patent filing outlines how Spotify currently uses a decision tree—showing users different artists, genres, and more—to help refine its recommendation algorithm for the user. “What is needed is an entirely different approach to collecting taste attributes of a user, particularly one that is rooted in technology so that the above-described human activity (e.g., requiring a user to provide input) is at least partially eliminated and performed more efficiently,” reads the filing.


What is stalkerware?

Stalkerware is a type of applications that abusers use to monitor and track their victims. These apps are typically installed without the victim’s consent and knowledge. The apps are designed to trick the victims into thinking that nothing is off. This way abusers can keep on tracking their victims unnoticed. Stalkerware apps are used by different types of abusers. This could be the victim’s partner, their parent or a family member, a friend, or a colleague. Potential motivation to use these apps can be for example jealousy, overprotectiveness, control, abuse, and as the name suggests, stalking. The apps are installed by people with physical access to the victim’s device. This also separates these apps from other malware, such as infostealers. 


Homeland Security agency says foreign hack extended beyond SolarWinds

Authorities investigating suspected Russian hacking into the US Treasury Department report that the operation extended far beyond SolarWinds. The hacking of the National Telecommunications and Information Administration (NTIA), in late 2020, reportedly involved exploiting vulnerabilities in many systems. It was not, as previously suspected, confined to the SolarWinds networking software. According to the Wall Street Journal, almost a third of all victims of the hacking did not use SolarWinds, and had no connection with the product. Brandon Wales, acting director of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said that the hackers used far more avenues than initially believed. “[The attackers] gained access to their targets in a variety of ways,” Wales told the Wall Street Journal in an interview. “This adversary has been creative. It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”


Perl.com domain for programming language hijacked, tied to malware actors

Over the weekend, the Perl infrastructure blog, Perl NOC, reported that the perl.com was hijacked and no longer points to where it should. Instead of being a site for Perl-related news and articles, it now points to a parking site but that’s only on the surface. The more worrying discovery is that there are clues it is pointing to IP addresses that have been used to distribute malware in the past. To be clear, the Perl programming language’s official website, perl.org, remains secure and intact. Perl.com, unfortunately, is also used as a mirror or backup for distributing modules via CPAN. In other words, there is a risk that hijackers could take advantage of this connection to compromise systems using Perl and CPAN.


iPhone 13 could have an in-screen fingerprint scanner as well as Face ID

For years Apple’s iPhone range (other than the iPhone SE 2020) has done without fingerprint scanners, relying instead on Face ID, but it’s looking like Apple might bring the fingerprint scanner back for the iPhone 13. That’s something we’ve heard previously, and now most recently The Wall Street Journal has claimed that two former Apple employees have said the company “has been working on in-screen fingerprint technology and has considered including both Touch ID and Face ID on the same device.” So this wouldn’t be a return to the home button-based Touch ID fingerprint scanners of old, it would be a modern in-screen one like many Android phones now have. That too we’ve heard before, and according to this latest report it would be in addition to Face ID.


40% of boards will have dedicated cybersecurity committees by 2025 — Gartner

There will be a surge in dedicated cybersecurity committees in organisations across the world in the next few years, according to new data released today from Gartner. According to the analyst firm, 40% of boards of directors will feature such a committee, overseen by a qualified board member, by 2025. This is up from less than 10% today. It’s just one of many steps expected to be taken by organisations in response to greater risk created by the expanded digital footprint of organisations during the pandemic. The perception and acknowledgement of this risk is such that cybersecurity-related risk is rated by several boards of directors as the second-highest source of risk for the enterprise (behind regulatory compliance risk). Despite this, many executives surveyed by Gartner are not confident that their organisations are adequately secured against cyber-attacks.

Related Posts