AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/28/2019

1 – Facebook starts testing News, its new section for journalism

Facebook’s news section, which was previously reported to be imminent, is here: The company is rolling out Facebook News in a limited test in the U.S. as a home screen tab and bookmark in the main Facebook app. In a blog post, Facebook’s Campbell Brown (vice president of global news partnerships) and Mona Sarantakos (product manager, news) said that news articles will continue to appear in the main News Feed. However, they said that creating a specific tab focused on journalism “gives people more control over the stories they see, and the ability to explore a wider range of their news interests, directly within the Facebook app.”


2 – Adobe Exposed Creative Cloud Customer Information

Adobe has admitted that some Creative Cloud customer information — 7.5 million records, according to the researchers who stumbled upon the data — was exposed recently due to a misconfiguration. Researcher Bob Diachenko and Comparitech reported last week that they had identified an unprotected Elasticsearch database — the database was accessible without a password — storing Creative Cloud customer information. The database contained email addresses and other account information, including account creation date, Adobe products used, subscription status, member ID, country, payment status, and time since last login. However, passwords or payment information were not exposed.


3 – Instagram to extend its ban on images of self-harm to cover cartoons

Instagram is set to extend its ban on depictions of self-harm to cover cartoons and drawings, following an appeal from Ian Russell, whose 14-year-old daughter Molly killed herself in 2017. Molly had been looking at graphic content relating to suicide and self-harm before she died, her father discovered, prompting him to go public earlier this year and campaign against the platform’s rules that allowed that material. Instagram had already banned graphic images of self-harm in February, following Ian Russell’s protests, and now the company says it will extend that ban to unrealistic yet explicit depictions of suicide, and images that “promote” self-harm.


4 – Google Search to stop indexing Flash content in late 2019

Google has announced that it will stop indexing Flash content in Search, as the internet gears up to bid a (not so fond) farewell to the multimedia software platform next year. “In Web pages that contain Flash content, Google Search will ignore the Flash content,” noted Google engineering manager Dong-Hwi Lee in a blog post. “Google Search will stop indexing standalone SWF files.”


5 – Australia wants to use face-matching to verify people downloading porn

The UK might have ditched plans for an age filter on online porn, but Australia is going all-in with a new proposal that could require internet users to verify their identity in a face-matching database before viewing pornography. The proposal comes as Australian lawmakers consider new restrictions around age verification for online porn and gambling as part of a bipartisan parliamentary inquiry. In a submission to the inquiry, first reported by ZDNet, Australia’s Department of Home Affairs proposed using its Face Verification Service to verify internet users wanting to look at porn.


6 – Security researcher gets access to all Xiaomi pet feeders around the world

A Russian security researcher said she accidentally found a way to hack and take over all Xiaomi pet feeders located across the world. In a series of messages published on her private Telegram channel last week, Anna Prosvetova, a security researcher from Saint Petersburg, Russia, said she identified vulnerabilities in the backend API and firmware of Xiaomi FurryTail smart pet feeders. These are smart pet food containers that can be configured with the help of a mobile app to release small quantities of food at certain times of day.


7 – Migrating eagles flew to Iran and racked up huge roaming bills

Russian scientists were forced to launch a crowdfunding campaign after endangered Steppe Eagles ran up a huge data roaming bill. Equipped with SMS transmitters, they left from Southern Russia and Kazakhstan, but some went a lot farther afield than expected. One particular eagle called Min accumulated a pile of location data messages when it was off the grid in Kazakhstan. Then, it unexpectedly flew to Iran and sent them all off at 49 rubles ($.77) each, using up the team’s entire tracking budget.


8 – Google results to share stage with U.S. antitrust probe

Beyond fresh insights into Alphabet Inc’s (GOOGL.O) quarterly earnings on Monday, financial analysts could press executives for details on the U.S. antitrust probe by 48 states.  They should expect a common refrain during the company conference call: it’s deja vu all over again. Late this summer Texas announced it was leading a group of 48 state attorneys general to probe allegations of anticompetitive practices by Google, largely around its lucrative online advertising business.


9 – Remember that competition for non-hoodie hacker pics? Here’s their best entries

A competition to produce stock pictures of infosec that does not involve hoodies or waterfalls of 0s and 1s has yielded a mixed bag of images to illustrate the industry’s digital doings for the world’s consumption. Open Ideo, an American graphic design biz, ran an event co-sponsored by the Hewlett Foundation aimed at developing new imagery for infosec news. Rather than filling image slots with stereotypical pics of the type you all love to hate, they were hoping to get something a bit more inspiring and uplifting.


10 – Ransomware hit TrialWorks, law firms and lawyers were not able to access court documents

TrialWorks, a company that provides the most established and widely used legal case management software solutions, was a victim of a ransomware attack earlier this month. At result of the attack, law firms and lawyers, were not able to access the legal documents hosted on TrialWorks’ platform. On October 13, the company notified its customers of a hosting service outage at their data center. The day after the company sent to its customers informing them of a security incident caused by ransomware.

Related Posts