AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/03/2021

Facebook strikes back against Apple privacy change, prompts users to accept tracking to get ‘better ads experience’

With a forthcoming update to iOS 14, each app that wants to use these identifiers will ask users to opt in to tracking when the app is first launched. If users opt out, it will make these ads a lot less effective. Facebook has warned investors that these looming changes could hurt its advertising business as soon as this quarter. Facebook is testing the effects of this update now, before Apple makes it mandatory for all apps early this spring. As part of this test, Facebook will begin showing some users its own prompts starting on Monday, explaining why it wants to track this activity and asking users to opt in. These prompts will appear on Apple users’ screens immediately before the Apple pop-up appears.


Apple releases Chrome extension for iCloud passwords

Apple has released an official extension for the Windows and Mac versions of Chrome that lets you use passwords stored in your iCloud Keychain. For anyone who uses Chrome as their browser and iCloud Keychain in lieu of a dedicated password manager, this could make bouncing between Windows and Mac computers much easier. The release of the extension means that if you’ve used Safari to automatically generate strong passwords on other platforms, those can now be available to you in Chrome when you’re prompted for a login. Passwords created in Chrome for Windows will also sync back to iCloud so they’ll be available on Apple devices as well.


Boston Dynamics trains Spot the robot dog to charge itself

Boston Dynamics is expanding its lineup of robotic dogs with a model that can self-charge. Spot Enterprise comes with a charging dock that allows the robot to replenish its batteries without the help of humans. As such, it can operate in remote or dangerous areas for longer. Spot Enterprise has upgraded hardware that bolsters safety and communications, according to the company. The robot can carry out actions autonomously across a wider area than the previous model and operators can quickly retrieve large data sets from it. Boston Dynamics says it expanded Spot Enterprise’s WiFi support and increased the flexibility of the robot’s payload ports. Along with Spot Enterprise, Boston Dynamics announced a browser-based system called Scout that allows users to operate Spot remotely. It allows people to control the robot manually or run pre-programmed autonomous actions with a simple user interface. 


US federal payroll agency hacked using SolarWinds software flaw

The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. The software vulnerability used to break into NFC’s systems is different than the one used by suspected Russian nation-state hackers to compromise the update mechanism of the Orion software to deploy the Sunburst backdoor on SolarWinds customers’ systems. Even though both the FBI and the USDA declined to provide further comment, the latter confirmed that it had suffered a data breach.



A cross-border operation coordinated by Europol and led by the Spanish National Police (Policía Nacional) and the US Secret Service resulted in the dismantling of an organised crime group involved in fraud and money laundering. The operation involved also police services from Austria, Denmark and Greece as well as the US Department of Justice and the US Financial Crimes Enforcement Network (FinCEN). On the coordinated from Europol action day, 6 October 2020, law enforcement offices carried out more than 40 house searches, arrested 37 suspects (2 in Austria, 11 in Greece, 23 in Spain and 1 in the UK) and seized 13 luxury cars. The follow up actions led to the freeze of 87 bank accounts worth €1.3 million.  


China Steals Personal Data of 80% of US Adults

The Chinese government may have stolen personal data from 80% of adults in the United States, according to a 60 Minutes report that aired yesterday on American television and radio network CBS. In the report, former director of the US National Counterintelligence and Security Center, Bill Evanina, warned that the PRC is actively working to gather and exploit Americans’ DNA and other health information. Evanina described how Chinese company BGI Group had approached six different states with offers to construct and operate coronavirus testing labs. The company accompanied the offers with promises to “make additional donations” to the states. Suspicious of the offer and what the data collected may be used for, the former security official warned the states not to accept the Group’s proposal.

Related Posts