AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/15/2022

Diagnostic Robotics has AI catching health problems before they take you to the ER

A stitch in time saves nine, they say — and a blood thinner in time saves a trip to the emergency room for a heart attack, as Diagnostic Robotics hopes to show. The company’s machine learning-powered preventative care aims to predict and avoid dangerous (and costly) medical crises, saving everyone money and hopefully keeping them healthier in general —  and it’s raised $45 million to scale up. It’s important to explain at the start that this particular combination of AI, insurance, hospital bills, and “predictive medicine” isn’t some kind of technotopian nightmare. The whole company is based on the fact that it’s both better for you and cheaper if you, for example, improve your heart health rather than have a heart attack.

 

Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps

A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world. At the Black Hat cybersecurity conference in Las Vegas on Thursday, the researchers presented their findings, detailing how they could have hacked people who use Discord, Microsoft Teams, and the chat app Element by exploiting the software underlying all of them: Electron, which is a framework built on the open source Chromium and the cross-platform javascript environment Node JS. 

 

The Zoom installer let a researcher hack his way to root access on macOS

A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of the bugs involved have already been fixed by Zoom, but the researcher also presented one unpatched vulnerability that still affects systems now.

 

CISA expands efforts to fight election disinformation ahead of ‘challenging’ 2024 vote

Disinformation has become a much bigger challenge for election officials since the 2020 election, leading the Department of Homeland Security’s Cybersecurity and Infrastructure Agency to beef up its efforts to fight falsehoods that could undermine the democratic process. The danger of disinformation has become an “incredibly difficult problem,” CISA Director Jen Easterly said Friday during a press briefing at the DEF CON cybersecurity conference in Las Vegas.

 

CJ Moses might be the CISO of AWS, but service leaders own their own security

AWS customers are used to hearing about the cloud provider’s “shared responsibility” model when it comes to security, which means that while AWS promises customers it won’t allow its servers and networks to be compromised, customers still have to do the work of securing their own applications. Inside the company, however, the buck stops with the head of each service offered by AWS. “Service leaders are responsible for the profit/loss, success/failure and, most of all, the security,” said CJ Moses, AWS’ chief information security officer (CISO) since January. “There are no excuses or finger pointing, so leaders don’t leave security success to chance, but rather actively own it.”

Related Posts