AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/31/2019

1 – Apple Patches Tens of Vulnerabilities in macOS Catalina, iOS 13

Security updates released by Apple this week for iOS 13 and macOS Catalina 10.15 address roughly 40 vulnerabilities, including issues that affect both operating systems. macOS Catalina 10.15.1, the first security update for the latest major version of the operating system, fixes 33 vulnerabilities, including flaws that can be exploited through malicious applications or by getting the targeted user to process a specially crafted file. The security holes can be exploited to obtain information, bypass authentication, execute arbitrary code with elevated privileges, exfiltrate data, elevate privileges, or launch denial-of-service (DoS) attacks.


2 – Snapchat now lets you 3D Paint faces and pretty much anything else

Today, Snapchat is introducing a new 3D Paint feature that lets you draw in augmented reality. You can use it to draw on your own face using your phone’s front-facing camera, and it’ll also work with your rear-facing camera to let you to draw on objects in the environment. One video produced by Snap shows the feature being used to draw a pair of eyes and a mustache on the front of a van. The functionality looks similar to Samsung’s “AR Doodle” feature which it introduced with the Galaxy Note 10. However, Samsung’s feature has the added benefit of using the phone’s S Pen stylus, which should be more precise than drawing with your finger on the screen.


3 – Bed Bath & Beyond discloses breach

Home retailer Bed Bath & Beyond is the latest company to be hacked. Late Tuesday, the company said email and password information were acquired by an outside source and that less than 1 percent of online customer accounts were compromised. Additionally, no online customers’ payment cards were impacted and notifications have been to select customers. The date of the breach was not disclosed. Because of the breach the company has hired what it described as “a leading security forensics firm and has implemented remedial measures.”


4 – Q. Who’s triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

2019 has been a bad year for NordVPN on the security front. And so, in full damage limitation mode, the private networking biz has outlined steps it is taking to improve its defenses. Steps, we note, that should have been in place to begin with, but hey, hindsight is 20-20. The VPN provider says it will undertake five different projects, each aimed at helping it to beef up security protections of its network and the application code. The plan calls for a number of collaborations with outside researchers and companies.


5 – Spain and GitHub Are Blocking an App That Helped Protesters Organize

People are rioting in the streets of Barcelona. For the last month, hundreds of thousands of people have joined demonstrations in Spain to voice their objection to the jailing of Catalan separatist leaders and support Catalonian independence. According to Spanish news outlet El Confidencial, last week the government ordered takedowns of websites and app made by Tsunami Democrátic, an activist group organizing protests in the region. To try to keep access to the app download alive, Tsunami Democrátic moved the .apk file to Github. But the government shut that down, too, blocking the site in Spain.


6 – Hackers breached some of the web’s most popular domain registrars

Attackers have breached Web.com and two top domain name registrars that it owns, NetworkSolutions.com and Register.com, according to Krebs on Security. Web.com issued a security notice advising customers that they will be forced to reset their passwords the next time they log on. Such breaches are particularly worrying, because domain name registrar customers are website owners, and around 8.7 million of them are registered with those companies, according to Krebs.

Related Posts