AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/28/2020

Google adds a COVID-19 layer to Google Maps

Google continues to work on improving Google Maps and on Wednesday a “COVID-19 layer” started rolling out. With this layer, users can see areas where the virus is spreading and it is coded by color based on the number of people with the coronavirus in each region. The layer produces these color codes based on the seven-day average for the number of new COVID-19 cases per 100,000 people and even reveals whether the number of cases is trending higher or lower. Google said that over a billion people rely on Google Maps to help them safely get from point “A” to point “B.” And that includes safely navigating around the virus by using the COVID-19 layer. As Google says, “This week, we’re introducing the COVID layer in Maps, a tool that shows critical information about COVID-19 cases in an area so you can make more informed decisions about where to go and what to do.”


Activision shoots down data breach claims

Gaming company Activision, the firm behind franchises such as Call of Duty, has branded reports of a major data breach that has seen up to half a million player accounts hacked and their owners locked out, as “not accurate”. Reports of a widespread hack affecting thousands of Activision player accounts surfaced on 20 September and were traced to a – now suspended – Twitter account that claimed the cyber attack was “worse than the notorious PS3 hack”, a reference to a 2011 incident. However, in a statement circulated by Activision’s support team on Twitter, the firm said this was not the case. “Reports suggesting Activision Call of Duty accounts have been compromised are not accurate,” it said. “We investigate all privacy concerns. As always, we recommend that players take precaution [sic] to protect their Activision accounts, as well as any online accounts, at all times.


Next-generation police dogs now sniff out your electronics

Police dogs are now being trained to hunt out electronic devices that could provide key evidence in criminal cases. Sota, a black Labrador belonging to Minnesota law enforcement, is the result of such training. According to local publication the Star Tribune, Sota is able to sniff out small electronics — including smartphones, USB drives, and microSD cards — that may contain key evidence in sexual abuse and child predation cases, as well as white-collar crimes.  Two-year-old K-9 Sota made her debut this week with a public introduction organized by the state’s Department of Public Safety (DPS). So-called electronic storage detection (ESD) dogs are able to recognize a particular chemical commonly found on coatings applied to small electronics called triphenylphosphine oxide (TPPO). 


Justice Department sends its Section 230 rewrite to Congress

The Department of Justice today dropped a proposed “recalibration” of one of the most important laws governing the US Internet into Congress’ lap and urged legislators to act to remove a liability protection on which nearly every website and app currently relies. Attorney General Bill Barr sent the proposed legislation—an extension of his June wish list—to Speaker of the House Nancy Pelosi and Vice President Mike Pence (in his role as president of the Senate) this morning. “For too long Section 230 has provided a shield for online platforms to operate with impunity,” Barr said in a written statement. “Ensuring that the Internet is a safe, but also vibrant, open, and competitive environment is vitally important to America,” he added. “We therefore urge Congress to make these necessary reforms to Section 230 and begin to hold online platforms accountable both when they unlawfully censor speech and when they knowingly facilitate criminal activity online.”


When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong. Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

Related Posts