AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/09/2020

Amazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch

Project Connected Home over IP — the ambitious attempt to bring together Amazon, Apple, Google, and the Zigbee Alliance with a unified, open-source smart home platform — has just posted its latest update on the project. The group has announced (in the first major update since the standard was revealed) that work on the project is still ongoing, and it’s targeting a 2021 release, along with the first clear idea of what devices the standard is aiming to work with. The project is still on track to provide a “draft specification” for the new standard by the end of the year, with a full launch set for 2021, according to the blog post shared by the Zigbee Alliance (a group that includes Ikea, Samsung SmartThings, and Signify / Philips Hue as board members). Additionally, the announcement clarifies what sorts of smart home devices the Project Connected Home over IP is aiming to work with. 

 

The Joys of Owning an ‘OG’ Email Account

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and often for some fairly sensitive services online. About 16 years ago — back when you actually had to be invited by an existing Google Mail user in order to open a new Gmail account — I was able to get hold of a very short email address on the service that hadn’t yet been reserved. Naming the address here would only invite more spam and account hijack attempts, but let’s just say the account name has something to do with computer hacking.

 

DOJ Scam Targets Elderly Americans

Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime.  The DOJ issued a fraud alert on Friday in which it strongly encouraged the public to remain vigilant and urged them not to provide personal information over the phone to anyone claiming to be from the department. An alert was issued after the Office of Justice Programs’ Office for Victims of Crime (OVC) received multiple reports that individuals claiming to represent the Department of Justice are calling members of the public as part of an imposter scam. A DOJ spokesperson said: “Reports to the National Elder Fraud Hotline indicate these scammers falsely represent themselves as Department of Justice investigators or employees and attempt to obtain personal information from the call recipient, or they leave a voicemail with a return phone number.” 

 

The cost of an insider attack is as much as $2 million

Businesses are currently undergoing seismic shifts, including rapid migrations to the cloud and widespread adoptions of remote work and BYOD (bring your own device) policies. Along with these trends, securing against insider threats has become increasingly challenging. Most organizations cannot guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%), while 81% find it difficult to assess the impact of insider attacks. Despite these concerns, few respondents have a single platform that delivers complete, unified visibility and control for any interaction. When dealing with multiple disjointed tools that provide disparate levels of protection, security professionals spend an inordinate amount of time managing each of the solutions individually. 

 

Online-voting company pushes to make it harder for researchers to find security flaws

Cybersecurity experts and lawmakers have little faith in online voting, thanks to the high potential for hacks, as well as worries about vulnerabilities, either of which could affect an election’s outcome. Security researchers often find flaws with online-voting systems, and now an e-voting company is pushing to make it more difficult to find vulnerabilities. In a briefing filed to the Supreme Court on Thursday, Voatz, a Boston-based e-voting company, argues that security researchers shouldn’t have legal protections when looking for flaws without permission. “Allowing for unauthorized research taking the form of hacks/attacks on live systems would lead to uncertain and often faulty results and conclusions, makes distinguishing between true researchers and malicious hackers difficult, and unnecessarily burdens the mandate of the nation’s critical infrastructure,” Voatz said in a statement to CNET.

Related Posts