AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/24/2020

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads

Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active. To prevent users from uninstalling them, the apps hid their icon, making it hard to identify where the ads were coming from. Other apps charged from $2 to $10 and generated revenue of more than $500,000, according to estimates from SensorTower, a smartphone-app intelligence service. The apps came to light after a girl found a profile on TikTok that was promoting what appeared to be an abusive app and reported it to Be Safe Online, a project in the Czech Republic that educates children about online safety. Acting on the tip, researchers from security firm Avast found 11 apps, for devices running both iOS and Android, that were engaged in similar scams.


Microsoft details its plan to become ‘water positive’ by 2030

Earlier this year, Microsoft announced plans to become carbon negative by 2030. But the company isn’t just looking at its emissions. Today, it unveiled its plan to be “water positive” by 2030, too. By that, Microsoft means it will replenish more water than it consumes. To replenish water sources, the plan includes actions like investing in wetland restoration and removing impervious surfaces like asphalt. Microsoft will focus on highly stressed water basins near its operations. Reducing water consumption is also a focus. At the company’s new Silicon Valley campus, 100 percent of the site’s non-potable water will come from onsite recycling sources like rainwater collection and waste treatment. That could save as much as 4.3 million gallons of potable water each year. At other campuses, Microsoft will use recycled water for landscaping, plumbing and tower cooling.


Strava app shows your info to nearby users unless this setting is disabled

Popular running and cycling app Strava can expose your information to nearby strangers, which has sparked privacy concerns among its users. After learning of this information sharing feature, some fear this functionality can be abused for stalking and “predatory” motives. Previously, Strava had published heatmaps generated from 13 trillion GPS coordinates from joggers’ data, which inadvertently exposed the locations of military bases around the world, including those in the U.S. This week, Andrew Seward, Head of Data Product Development at Experian, brought to light how Strava exposed sensitive information on nearby runners. “Out running this morning on a new route and a lady runs past me. Despite only passing, when I get home Strava automatically tags her in my run,” tweeted Seward.


Secret Service looks to outsiders to boost financial cybercrime probes

The U.S. Secret Service is pulling in outside expertise from the private sector and U.S. Cyber Command as it weighs changes to its investigative methods in an attempt to keep pace with international hackers. The engagement with Cyber Command, the Pentagon’s offensive cyber unit, is focused on learning from the military’s experience with transnational cybercriminals, a Secret Service official told CyberScoop. The Secret Service’s efforts to consult with private sector experts, meanwhile, is focused on specifically overhauling the agency’s investigative practices. The effort to consult with outside expertise comes as part of a recognition that the Secret Service is interested in bolstering its arsenal of tools with the latest techniques needed to root out financially motivated hackers.


YouTube adds links to fight mail-in voting misinformation ahead of Election Day

In a blog post today, the platform announced an array of new changes, including changes to the search results for presidential and congressional candidates, which will now have authoritative information panels about a candidate ahead of video search results. “As we approach November 3, we’re working hard to make YouTube a more reliable source for news and information, as well as an open platform for healthy political discourse,” said Leslie Miller, YouTube’s VP of government affairs and public policy, in a post announcing the changes. The boldest effort is a new measure specifically targeted at misinformation around mail-in voting. Starting today, videos dealing with voting by mail will include an info panel under the video directing viewers to a think tank report from the Bipartisan Policy Center, titled “Voting by Mail Counts.” The link is meant to dispel misinformation about mail-in voting leading to fraud, similar to previous YouTube information panels on the Moon landing, vaccinations, or other common conspiracy theory topics.


Justice’s moves ring Big Tech with regulatory threats

The Department of Justice proposed legislation to curb liability protections for tech platforms and moved a step closer toward an antitrust lawsuit against Google Wednesday. As President Trump faces re-election, lawmakers and regulators are hurriedly wrapping up investigations and circling Big Tech with regulatory threats. The Justice Department’s Wednesday proposal would curb protections for online platforms that host third-party content provided by Section 230 of the Communications Decency Act that have been in place for nearly a quarter century. The DOJ also briefed a group of state attorneys general on the status of its long-awaited case against Google for monopolistic behavior, sources familiar with the situation told Axios.

Related Posts