AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/30/2022

Justice Department in early stages of filing an antitrust lawsuit against Apple, says report

The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had not yet been made. A 2019 deal between U.S. regulators had allowed the Justice Department to take on the investigations of Apple and Google, while the Federal Trade Commission was to take the reins of other Big Tech investigations, like Amazon and Facebook. In Apple’s case, the DoJ has been examining whether or not Apple abused its market power to dominate smaller tech companies, including both hardware and software makers.

 

Elon Musk says Tesla cars will connect to Starlink’s new cellular-broadcasting satellites

Elon Musk just announced that the upcoming second-generation Starlink internet satellites include cellular antennas for connections with phones from T-Mobile in the US and potentially other operators as well. Following the event, he responded to tweets asking whether the connections will work with Tesla’s electric cars, which currently connect to AT&T’s LTE network. According to Musk, the answer is yes. He didn’t go into detail about how it will all work or how much data owners could expect to access from the connections when they’re somewhere out of reach by terrestrial cellphone towers. Musk said during the event that the satellite-to-cellular coverage from Starlink will be capable of providing a 2–4Mbps link, which is shared by everyone in the satellite’s coverage area. That likely won’t be enough for some Premium Connectivity features, like livestreaming video from your car’s cameras. Still, a connection that works at all, “anywhere you have a view of the sky,” is better than no connection, potentially.

 

US FTC sued US data broker Kochava for selling sensitive and geolocation data

The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, or other atrisk populations, and addiction recovery.” reads the complaint. Collected data could allow Kochava’s clients to identify and monitor the movements of mobile users through a data feed available via online data marketplaces (i.e. AWS Marketplace) after paying for a $25,000 subscription. 

 

Crooks are increasingly targeting DeFi platforms to steal cryptocurrency

The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency. Threat actors are exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. Smart contracts are self-executing contracts with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Crooks are attempting to exploit vulnerabilities in protocols implemented by cross-chain bridges and DeFi platforms.

 

Google Play to ban Android VPN apps from interfering with ads

Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications. The updated Google Play policy, announced last month, will take effect on November 1. It states that only apps using the Android VPNService base class, and that function primarily as VPNs, can open a secure device-level tunnel to a remote service. Such VPNs, however, cannot “manipulate ads that can impact apps monetization.”

 

CISA: Prepare now for quantum computers, not when hackers use them

Although quantum computing is not commercially available, CISA (Cybersecurity and Infrastructure Security Agency) urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets. The agency published a paper earlier in the week, calling for leaders to start preparing for the migration to stronger secret guarding systems, exploring risk mitigation methods, and participating in developing new standards. Quantum computers are systems that harness quantum mechanics to perform much more powerful computations than are available today on systems that rely on binary (0, 1) computations.

Related Posts