AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/15/2020

Apple’s carbon-neutral goal is a giant task, could echo through big tech

An examination into Apple’s environmentalism asks whether Apple could truly reach its pledge of making the iPhone carbon neutral, with comments from Apple’s executive leadership along with other environmentalists suggesting it is possible, but a very big task. Apple has made numerous strides in its bid to make itself more environmentally friendly, as part of an initiative to become carbon neutral across the entirety of its business by 2030. The lofty goal, which covers everything from the supply chain to the end of a product’s life, is being tackled aggressively, but the task is also massive in scale to undertake due to Apple’s size. In a profile of the initiative by British GQ, Apple’s VP of Environment, Policy and Social Initiatives Lisa Jackson and SVP of Worldwide Marketing Greg Joswiak were questioned about both the scale of the problem and how far Apple is progressing down the path. These efforts have included transitioning its facilities to run on renewable energy and using recycled materials in its products, but they are only part of the solution. “We set really big goals for ourselves. At one point we were even calling them crazy questions,” said Jackson.


TikTok taps Oracle as US partner

ByteDance has chosen Oracle to be its US partner for its popular TikTok video service, a decision that comes as a deadline for a ban of the popular app draws near. The proposed deal is expected to meet the needs of TikTok’s users, as well as satisfy American national security concerns, a person familiar with the situate said. The California-based cloud computing giant will be ByteDance’s US “technology partner,” the person said. The deal likely won’t be structured as a sale, The Wall Street Journal reported, and still needs US government approval. It may also not yet have been cleared by Beijing. “CGTN has learned from sources that ByteDance will also not sell TikTok’s U.S. operations to Oracle,” reported party-controlled TV station CGTN on Sunday. It’s unclear if this is a denial that a deal has been struck, or simply underlines that the reported “partnership” is not a sale of TikTok to Oracle.


Schools are buying up surveillance technology to fight COVID-19

Fayette County Public Schools, a 24-school district in Georgia, reopened its classroom doors last month. As at many schools around the country, officials in Fayette have concerns about safely bringing students back to school amid a pandemic — and they’re turning to surveillance technology for help. The school district recently made a deal to purchase up to 75 cameras equipped with thermal imaging. The cameras, made by Hikvision, a Chinese provider of facial recognition tools and other surveillance equipment, cost $7,000 each and rapidly estimate temperatures to monitor potential viral spread on school grounds. The ability to quickly scan for a sign of the virus is an attractive option for schools, one that’s potentially faster and safer than manually taking each visitor’s temperature.


Secretive Pentagon research program looks to replace human hackers with AI

The Joint Operations Center inside Fort Meade in Maryland is a cathedral to cyber warfare. Part of a 380,000-square-foot, $520 million complex opened in 2018, the office is the nerve center for both the U.S. Cyber Command and the National Security Agency as they do cyber battle. Clusters of civilians and military troops work behind dozens of computer monitors beneath a bank of small chiclet windows dousing the room in light. Three 20-foot-tall screens are mounted on a wall below the windows. On most days, two of them are spitting out a constant feed from a secretive program known as “Project IKE.” The room looks no different than a standard government auditorium, but IKE represents a radical leap forward. If the Joint Operations Center is the physical embodiment of a new era in cyber warfare — the art of using computer code to attack and defend targets ranging from tanks to email servers — IKE is the brains. 


Veterans’ Social Security numbers leaked in data breach

The personal information of around 46,000 veterans was exposed during a hack, the US Department of Veterans Affairs said Monday. One of the online apps for the VA Financial Services Center “was accessed by unauthorized users” who diverted payments that were meant to go to health care providers for veterans’ medical treatment. The information includes Social Security numbers. The app has been taken offline, and won’t be available again until the VA completes a security review. For now, the department is contacting those affected, including deceased veterans’ next of kin. 


Magento stores hit by largest automated hacking attack since 2015

In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards. Adobe Magento is a popular eCommerce platform that allows web sites to quickly create an online store to sell their products and accept credit cards. Due to this, Magento is commonly targeted by hackers to install JavaScript scripts that steal customers’ credit cards. These types of attacks are called MageCart and have become a large enough problem for Magento that VISA issued an advisory urging merchants to migrate e-commerce sites to the more secure Magento 2.x, Over the weekend, credit card skimming prevention firm Sanguine Security (Sansec) detected 1,904 Magento stores that were compromised over the last four days. The attack started Friday when ten stores were infected with a credit card skimming script not previously seen in other attacks. The attack ramped up on Saturday with 1,058 sites hacked, 603 more on Sunday, and an additional 233 today.

Related Posts