AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/15/2019

Apple Shares Some Browsing History with Chinese Company

Apple is sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. The data shared is tied to the Safari Safe Browsing technology. Revelations of the relationship have drawn criticism from security and privacy experts. Apple’s Safari Browser on iOS has a “Fraudulent Website Warning” feature set as a default that has used Google Safe Browsing technology as a back-end. But Safari users noticed recently information provided by Apple about this feature on iOS that acknowledges the company sends “information calculated from a website address” not only to Google Safe Browsing, but also to “safe browsing” technology from Tencent.


Iranian Hackers Create Credible Phishing to Steal Library Access

The Silent Librarian threat group is constantly updating its tactics and techniques, to the point of using on its login phishing pages info and alerts that is accurate and relevant to potential victims. Security researchers track this group under different names (TA407, Cobalt Dickes, Mabna Institute). They all agree on its connection with the Iranian government and that its purpose is to steal intellectual property from universities across the globe. Its phishing campaigns are more frequent from June through October and primary targets are universities in North America, many of them in the United States, and Europe.


Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges

A Michigan man appeared in federal court on Friday on charges related to his involvement in a scheme aimed at defrauding victims of at least $1.4 million in cryptocurrency. The man, Anthony Tyler Nashatka, also known as “psycho,” is charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, aggravated identity theft and other crimes. On August 13, 2019, Nashatka was indicted along with United Kingdom resident Elliott Gunton, also known as “planet” or “Glubz,” with conspiring to target a cryptocurrency exchange platform to steal the information of hundreds of users.


Senator: U.S. companies can’t stand up to China without cybersecurity assurances

If American businesses want to stop “playing by China’s rules” and challenge its anti-democratic actions, they will need firm support from the federal agencies charged with protecting them from Chinese hackers, Sen. Ben Sasse says. In an op-ed for the Washington Post, the Nebraska Republican says the U.S. is “not fated to lose the war” against the Chinese government, which has successfully pressured some of the most influential American brands — from Apple to the National Basketball Association — into stifling criticism of Beijing.


‘Ignorance is not an excuse’: California draft rules on data privacy released

California Attorney General Xavier Becerra released a series of draft regulations Thursday aimed at getting businesses to comply with the state’s landmark data privacy law, scheduled to take effect Jan. 1. Under the California Consumer Privacy Act, signed into law in June 2018, businesses must disclose to consumers the various kinds of data they collect about them. Companies must stop selling consumer data to third parties if customers ask them to, delete personal data on request, and explicitly seek consent from consumers aged 16 or younger to sell personal information.


Libra claims 180 potential replacements for 7 mutineers

Attempting to signal its popularity despite high-profile defections from Visa, Stripe, and more, the Facebook-led cryptocurrency Libra Assocation announced that 1,500 organizations have expressed interest in joining the Libra project. 180 of those meet eligibility requirements to become members, which could replace the 7 companies that dropped out of the Association this month including Kayak owner Bookings Holdings today. This new crop of potential recruits could help the Libra Association reach its 100-member goal ahead of a scheduled 2020 launch that looks likely to be delayed by intense regulator pushback.


Samsung Galaxy S10 Fingerprint Reader Defeated by Silicon Case

Lisa got the phone as a gift from her husband and decided to put it in a protective case. She soon discovered that even if only her own fingerprint was registered in the biometric settings of the device, the phone unlocked no matter what finger was used for the process. Apparently, the same results were obtained with her husband and her sister said ;both, users whose fingerprint information had never been registered on the phone. The culprit seems to be the the silicon case, which somehow confuses Samsung Galaxy S10’s fingerprint reader and allows any fingerprint to unlock the device.

Related Posts