AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/30/2021

Microsoft warns thousands of cloud customers of exposed databases -emails

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure’s flagship Cosmos database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft’s Cloud Security Group. Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

 

Chinese Developer Exposes Data on Over One Million Gamers

A Chinese game developer has unwittingly exposed the personal and device details of over a million players after leaving an internet-facing server unsecured, according to researchers. A team at vpnMentor led by Noam Rotem and Ran Locar, discovered the unprotected Elasticsearch server on July 5. After no reply from its owner, EskyFun Entertainment Network Limited, they contacted the Hong Kong CERT, and the next day, July 28, the database was secured. The 134GB trove contained an estimated 365 million records linked to players of the firm’s fantasy games: Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok. This giant collection of user records is even more noteworthy given the firm collected only a rolling log of the previous seven days’ records, with anything older deleted to make way for fresh data. “The reason for the sheer size of the data exposed appears to be EskyFun’s aggressive and deeply troubling tracking, analytics, and permissions settings,” vpnMentor claimed. “EskyFun gains access and control to almost every aspect of a person’s device and even their private networks. Most of [the data] is totally unnecessary for the games to function.”

 

Apple launches service program for iPhone 12 no sound issues

Apple has announced a new free-of-charge service program for iPhone 12 and iPhone 12 Pro devices experiencing sound issues caused by a receiver module component. According to the company, the sound problems impact a low percentage of iPhone 12 models that were made over six months between October 2020 and April 2021. “Apple has determined that a very small percentage of iPhone 12 and iPhone 12 Pro devices may experience sound issues due to a component that might fail on the receiver module,” the company said in a new support document. “Affected devices were manufactured between October 2020 and April 2021. If your iPhone 12 or iPhone 12 Pro does not emit sound from the receiver when you make or receive calls, it may be eligible for service.”

 

T-Mobile Retail Stores Are Downplaying Its Massive Data Breach

I wrote last week about T-Mobile’s response to the breach that affected more than 50 million people. My point was that the company’s response left many questions unanswered, and led to confusion among many T-Mobile customers who are concerned about whether their personal information is at risk. More than a few T-Mobile customers reached out to share their stories of trying to get more information, either by calling customer support or visiting a retail store. In most cases, the stories were similar. Their attempts to better understand what personal information was at risk ended up with retail employees seeking to downplay the event while failing to provide much information. These exchanges made me think more about T-Mobile’s response, so I started looking into how the company’s retail employees were handling the breach. For example, one customer shared their experience of walking into a T-Mobile retail store and being told that the breach was “probably just some kids messing around.” To find out whether these responses were typical, I visited a half dozen T-Mobile retail stores. I am, after all, a T-Mobile customer, although–to my knowledge–my information was not included in the breach. 

 

iPhone 13 could use low earth satellites to make calls and texts

With the iPhone 13 release getting closer and closer, speculation is heating up about the features of the new phone. The latest comes from analyst Ming-Chi Kuo, who states in an investor’s note that the iPhone 13 could have low earth orbit satellite connectivity, which would allow users to make phone calls when cellular coverage is unavailable. According to Kuo (who has a record of reliable reports), the iPhone 13 will be equipped with a custom Qualcomm X60 modem that works with low earth satellites. Kuo also says that Qualcomm has been working with Globalstar to use the company’s satellite communications service.  However, it’s unclear as to how the user can get access to a satellite service. Kuo explains one “scenario” in which the user’s network operator has a partnership with Globalstar, and connecting to the satellites would be done through the carrier. Also, in this scenario, the user doesn’t have to sign up for another phone plan.

Related Posts