AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/25/2020

Shopify discloses security incident caused by two rogue employees

Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees. The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants). Shopify estimated the number of stores that might be affected by the employees’ actions at less than 200. The company boasted more than one million registered merchants in its latest quarterly filings. The e-commerce giant said the incident is not the result of a vulnerability in its platform but the actions of rogue employees. The transaction data that the rogue employees might have gained access to includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.


Facebook takes down Chinese-run accounts that posted about US elections

Facebook has taken down a network of fake accounts that were run out of China and posted about US politics, the company disclosed Tuesday.

As CNET points out, Facebook has found fake accounts from China in the past, but the latest takedowns are the first time it’s found Chinese-run accounts posting about US politics. The company detailed its investigation in a report that identified two separate networks that coordinated with one another.  One network originated in China, and was made up of more than 155 accounts that had amassed a following of 133,000 and group membership of 61,000. Though Facebook says the group “focused most of its activity” in Southeast Asia, some of the accounts also posted about US politics “both in support of and against presidential candidates Pete Buttigieg, Joe Biden and Donald Trump.” The US-focused accounts “gained almost no following,” but the takedowns were significant enough the company opted to disclose the move ahead of its monthly report on coordinated inauthentic behavior, CNN reported. 


CISA says a hacker breached a federal agency

A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday. The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed. CISA officials revealed the hack after publishing an in-depth incident response (IR) report detailing the intruder’s every step. The report, which ZDNet analyzed today, reveals how the intruder gained access to the federal agency’s internal networks through different channels, such as leveraging compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server.


Teaching offshore robots to speak our language

A team of researchers led from Edinburgh have unveiled a new system that allows humans and robots to speak the same language. The system is called MIRIAM – Multimodal Intelligent inteRactIon for Autonomous systeMs. It allows users to ask robots questions and understand their actions in real time. The researchers have been working from the Offshore Robotics for the Certification of Assets (ORCA) Hub, a consortium led by Heriot-Watt and Edinburgh universities. MIRIAM uses natural language. That allows users to speak or text queries and receive clear explanations from the robot about what it is doing. The initial applications will be in the energy industry, underwater and onshore.


Ring’s new Always Home Cam is a surveillance drone for your home

We’ve all heard about surveillance drones, but those are usually matters of international espionage, not security for your home. Amazon‘s Ring wants to change that: the company today announced the Always Home Cam, a drone that helps you keep an eye on your home while you’re gone. It sounds like something out of a futuristic sci-fi movie, but it’s arriving next year for $250. The drone is able to operate autonomously, though users can direct it to different rooms and paths. Like vacuum robots, it maps your home so you can tell it where to go without it bumping into too many things(the propellers are enclosed for protection, too). The device is meant to allow you to survey your entire home without needing multiple cameras — something that could be particularly useful for people with large homes; suburban America comes to mind.

Related Posts