AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/12/2022

Raspberry Pi just made a big change to boost security

Raspberry Pi has made a change to its operating system Raspberry Pi OS that removes the default username and password. Until now, the default username and password for the tiny computers has been respectively “pi” and “raspberry”, which made setting up a new Pi device simple but also potentially made the popular internet-connected devices easier for remote attackers to hack them through techniques like password spraying. “Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system; they would also need to know your password, and you’d need to have enabled some form of remote access in the first place,” explains Simon Long, a senior engineer for Raspberry Pi Trading.   


Senior EU officials were targeted with Israeli spyware

Senior officials at the European Commission were targeted last year with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters. Among them was Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019, according to one of the documents. At least four other commission staffers were also targeted, according to the document and another person familiar with the matter. The two EU officials confirmed that staffers at the commission had been targeted but did not provide details.


DOJ’s Sandworm operation raises questions about how far feds can go to disarm botnets

The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a search warrant before police can enter a private home and ransack it looking for evidence. In what former prosecutors and legal experts call a landmark operation, the Department of Justice has now tested that principle to disrupt a Russian botnet that was spreading malware on a far-flung network of computers. Using so-called remote access techniques, law enforcement effectively broke into infected devices from afar to destroy what the U.S. government calls the “Cyclops Blink” botnet — and did so without the owners’ permission.


Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website

Google on Monday disclosed that it’s taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. “The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with alluring photos and fake customer testimonials — in order to take advantage of people during the pandemic,” Google’s CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh said. The fraudulent scheme involved Nche Noel Ntse of Cameroon using a network of rogue websites, Google Voice phone numbers, and Gmail accounts to trick people into paying thousands of dollars online for “adorable puppies” that never arrived.


John Oliver Blackmails Congress With Their Own Digital Data

The show’s main segment concerned data brokers, the companies that collect your digital data, package it, and sell it to anyone who’s interested — sometimes in bundles based on shared characteristics. Real names of these bundles include “Ambitious Singles,” “Couples With Clout,” and “Kids and Cabernet.” Oliver pointed out that the names also sound like “immediately green-lit shows on TLC.” Thing is, brokers group people in far less fanciful ways — according to their medical ailments, for instance. Or as “Suffering Seniors” and “Help Needed—I Am 90 Days Behind With Bills.” Last year, Epsilon, one of these ghoulish companies, was forced to pay $150 million in penalties because they’d knowingly sold the data of 30 million people to scammers targeting seniors.


Fitbit cleared to launch new feature that could save lives

Fitbit has been given the green light for a new feature that will passively check for atrial fibrillation (AFib), a form of irregular heart rhythm. Clearance for Fitbit’s new PPG (photoplethysmography) algorithm was granted by the U.S. Food and Drug Administration (FDA), paving the way for a new Irregular Heart Rhythm Notifications feature for certain Fitbit devices. AFib is believed to affect around 33 million people globally, and individuals with the condition are at greater risk of suffering a potentially debilitating or life-threatening stroke. As AFib usually occurs without warning, and sometimes without any noticeable symptoms, the condition can be hard to detect. However, Fitbit’s system will function around the clock, in the background, with the device’s sensors checking for any heartbeat abnormalities throughout the day and during sleep.

Related Posts