Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/10/2020

TikTok threatens to sue the Trump administration over the executive order barring US firms from doing business with its parent

TikTok has threatened to sue the Trump administration over Thursday’s executive order that bans US citizens and companies from doing business with its Chinese parent company ByteDance. TikTok responded to the order on Friday, saying it was issued “without any due process.” The executive order prohibits US individuals and companies from making “any transactions” with TikTok’s parent company ByteDance. Another order on Thursday targets Tencent-owned WeChat.

 

Here’s how to make a claim in the $7.5M Google Plus security flaw settlement

Anyone in the United States who held a Google Plus account between January 1, 2015 and April 2, 2019, and believes they were impacted by a security flaw that Google disclosed in 2018 can now register for a payout from a class action settlement. The lawsuit has settled for a total of $7.5 million. Each class action member is eligible for a payout of up to $12 after attorney fees and other costs are accounted for, although this could vary depending on the number of people who submit a claim. You have until October 8 to register. Although Google said at the time that there was no evidence the exposed data was ever accessed, the company wasted no time in announcing that it would shut down its social network after publicly admitting the lapse.

 

Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors (Intel Responds)

Till Kottmann, a Swiss IT consultant, posted on Twitter a link to a file sharing service today that contains what an anonymous source claims is a portion of Intel’s crown jewels: A 20GB folder of confidential Intel intellectual property. The leaker dubbed the release the “Intel exconfidential Lake Platform Release ;).”  Intel has responded to Tom’s Hardware with an official statement: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

 

Black Hat: How your pacemaker could become an insider threat to national security

When we think of pacemakers, insulin pumps, and other implanted medical devices (IMDs), what comes to mind is their benefit to users that rely on them to cope with various medical conditions or impairments. Over time, IMDs have evolved to become more refined and smarter with the introduction of wireless connectivity — linking themselves to online platforms, the cloud, and mobile apps with connections made via Bluetooth for maintenance, updates, and monitoring, all in order to improve patient care. However, the moment you introduce such a connection into a device, whether external or internal, this also creates a potential avenue for exploit.

 

Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers 

Voting machine-maker Election Systems & Software (ES&S) has formally announced a vulnerability disclosure policy, Wednesday, during a Black Hat USA 2020 session. The move, which comes with the U.S. presidential elections looming in November, shows that voting-machine vendors are beginning to take the role of the security research community seriously in helping to secure critical election infrastructure. On Wednesday, ES&S said that its formally released policy applies to all digital assets owned and operated by ES&S – including corporate IT networks and public-facing websites. “We’re publishing this policy today to formalize how we’re going to work with security researchers to improve election security going forward,” said Chris Wlaschin, vice president of Systems Security and CISO, ES&S.

 

Scientists rename human genes to stop Microsoft Excel from misreading them as dates

There are tens of thousands of genes in the human genome: minuscule twists of DNA and RNA that combine to express all of the traits and characteristics that make each of us unique. Each gene is given a name and alphanumeric code, known as a symbol, which scientists use to coordinate research. But over the past year or so, some 27 human genes have been renamed, all because Microsoft Excel kept misreading their symbols as dates. The problem isn’t as unexpected as it first sounds. Excel is a behemoth in the spreadsheet world and is regularly used by scientists to track their work and even conduct clinical trials. But its default settings were designed with more mundane applications in mind, so when a user inputs a gene’s alphanumeric symbol into a spreadsheet, like MARCH1 — short for “Membrane Associated Ring-CH-Type Finger 1” — Excel converts that into a date: 1-Mar.

Related Posts