Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/24/2020

1 – Soft robotic hands may soon have a firm grip on the industry

Soft Robotics, a company that develops enterprise level soft robotic grippers for a variety of materials handling and pick and place applications, is on a roll. After securing a high level strategic partnership in 2019, the company has announced an oversubscribed Series B worth $23M. Back in December, Soft Robotics rolled out an innovative adaptable gripper system designed especially to work with FANUC robots via a new controller. The combined product debuted at IREX in Tokyo in December. Unlike robotic end effectors made of rigid materials that only flex via built-in joints, soft end effectors conform to the objects they pick up, allowing for a wider variety of applications with a single unit.

 

2 – Microsoft to force Chrome default search to Bing using Office 365 installer

Microsoft is planning to use the Office 365 installer to forcibly switch Chrome users over to the company’s Bing search engine. Microsoft’s Office 365 ProPlus installer, used by businesses, will include a new Chrome extension next month that switches the default search engine to Bing. New installations of Office 365 ProPlus and updated installs will include the extension, as long as the default search engine in Chrome is not set to Bing. Microsoft is clearly marketing this to IT admins as enabling its Microsoft Search functionality in Chrome, but it also looks like a stealthy way of pushing people over to using Bing. If Bing is already set as the default search engine in Chrome, then the extension never gets installed. Microsoft is planning to roll this out in the US, UK, Australia, Canada, France, Germany, and India next month.

 

3 – Seattle-Area Voters To Vote By Smartphone In 1st For U.S. Elections

A district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone — a historic moment for American democracy. The King Conservation District, a state environmental agency that encompasses Seattle and more than 30 other cities, is scheduled to detail the plan at a news conference on Wednesday. About 1.2 million eligible voters could take part. NPR is first to report the story. The new technology will be used for a board of supervisors election, and ballots will be accepted from Wednesday through election day on Feb. 11.

 

4 – Thousands of WordPress Sites Hacked to Fuel Scam Campaign

Over 2,000 WordPress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. This hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in WordPress plugins during the third week of January 2020. Sucuri researcher Luke Leak told BleepingComputer that some of the vulnerable plugins seen being exploited are the “CP Contact Form with PayPal” and the “Simple Fields” plugins, but we were told that other plugins are likely being targeted as well.

 

5 – Google found vulnerabilities in Apple’s Safari that allowed user tracking

In December, Apple fixed multiple bugs found in its Safari browser that allowed third-party websites to track users’ browsing habits. According to a paper published by Google‘s security team, the company notified Apple of various flaws in its anti-tracking technology, Intelligent Tracking Prevention (ITP), in August. In the paper, Google‘s team noted that these vulnerabilities would’ve resulted in the third-party company getting hold of sensitive and private browsing information. The flaw even allowed a site to carry out a cross-site attack and introduce another domain into the ITP list.

 

6 – Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone

A report investigating the potential hack of Jeff Bezos’ iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone. It also says that investigators had to reset Bezos’s iTunes backup password because investigators didn’t have it to access the backup of his phone. The latter suggests that Bezos may have forgotten his password. The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”

 

7 – 18-Year-Old Hacker Stole Crypto Worth $50 Mn In Sim Swapping Scam

What happens when an 18-year old guy with a passion for hacking takes his passion too far? He earns $50 million worth cryptocurrency by organizing a SIM Swapping scam. Samy Bensaci, a Montreal based 18-year old was charged with the theft of cryptocurrency worth $50 million in a well-organized SIM swapping scam. In a SIM Swapping scam, a hacker takes over your phone number by convincing customer support staff that he’s the real owner of it or by finding and exploiting vulnerabilities in the customer management system of your cellular network. Once he takes over the control, he swaps it with the SIM card in his possession. Then, the fraudster can hijack your email account, bank account and other accounts linked to your mobile number.

 

8 – India Plans to Mandate Cybersecurity Measures for Power Grids

India’s electricity grid operators will have to install firewalls and other measures used by companies to avert an attack on their information technology systems and check rising hacking incidents of power networks across the world. Grid operators and regulatory agencies will need to have a continuity plan handy in the event of a cyber attack, according to draft rules published by the Central Electricity Regulatory Commission. The move is part of an overhaul of the decade-old guidelines.

 

9 – Nobody boogies quite like you

That spasmodic jerking around that some of us refer to as “dancing?” It’s the latest biometric: we can be identified by our twerking, our salsa, our rumba or our House moves with an impressive 94% accuracy rate, according to scientists at Finland’s University of Jyväskylä. To be specific, the researchers asked 73 volunteers to dance to eight music styles: Blues, Country, Dance/Electronica, Jazz, Metal, Pop, Reggae and Rap. The dancers weren’t taught any steps; rather, they were simply told to “move any way that felt natural.” Their study, described in a paper titled Dance to your own drum, was published in the Journal of New Music Research last week. Identifying people by their dance moves is not what the researchers were after. They had set out to determine how music styles affect how we move.

 

10 – NIST’s new privacy rules – what you need to know

The brand new Privacy Framework 1.0 is the equivalent document for protecting peoples’ personal privacy. As NIST points out, cybersecurity and privacy are connected, but different. Some privacy events aren’t related to cybersecurity incidents, but stem from other issues like over-aggressive data collection, poorly thought-out marketing practices, or manual mishandling of data. You can use the Privacy Framework when developing new products and services to ensure that they tick all your privacy boxes. It’s a good tool when conducting the privacy impact assessments that regulations like GDPR demand. It isn’t a compliance toolkit for meeting the requirements of specific regulations. Instead, it’s a voluntary toolkit that you can use to think about your approach to privacy. You can use bits of or all of it – NIST isn’t prescriptive.

Related Posts