AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/10/2020

Vatican enlists bots to protect library from onslaught of hackers

Ancient intellects are now being guarded by artificial intelligence following moves to protect one of the most extraordinary collections of historical manuscripts and documents in the world from cyber-attacks. The Vatican Apostolic Library, which holds 80,000 documents of immense importance and immeasurable value, including the oldest surviving copy of the Bible and drawings and writings from Michelangelo and Galileo, has partnered with a cyber-security firm to defend its ambitious digitisation project against criminals. The library has faced an average of 100 threats a month since it started digitising its collection of historical treasures in 2012, according to Manlio Miceli, its chief information officer. “We cannot ignore that our digital infrastructure is of interest to hackers. A successful attack could see the collection stolen, manipulated or deleted altogether,” Miceli told the Observer.


China sends satellite in space to test 6G spectrum

China has launched what it claims is the world’s first 6G satellite into space in order to test new spectrum bands that will be used to power future networks. The development of 6G is still at a very early stage and it is still unclear what network technologies will form a commercial standard and what use cases will emerge. This means the satellite will contain very little ‘6G technology’. There is a consensus however that the addition of integrated intelligence and new spectrum will deliver superior speeds, capacity, and latency. These characteristics, it is argued, will overcome current technological limitations – such as the limited processing capability of mobile devices – to enable truly immersive extended reality (XR), high-fidelity mobile hologram and digital twin applications.


Zoom promises security improvements to end federal investigation

Zoom’s security practices came under scrutiny by federal and state officials as its use exploded during the coronavirus pandemic. The settlement is aimed at better locking down Zoom meetings and user data against intruders. The FTC voted 3-2 along party lines to approve the settlement, which requires Zoom to: Establish a comprehensive security program that includes assessing potential risks and developing safeguards against those risks on an annual basis. Protect against unauthorized access to its network through safeguards such as ensuring its users can access multi-factor authentication. Review software updates for security flaws.


See an elephant-inspired robotic gripper pick up a single grape like a pro

Elephants have amazing trunks. They can pick up small sticks and giant logs with dexterity and ease. That same curling design inspired researchers at the University of New South Wales in Sydney to create a robotic gripper that can grasp everything from a syringe to a hammer. “Our new soft fabric gripper is thin, flat, lightweight and can grip and retrieve various objects – even from confined hollow spaces – for example, a pen inside a tube,” said medical robotics expert Thanh Nho Do in a UNSW statement on Monday. Do is co-author of a paper on the gripper published in the Advanced Materials Technologies journal last week. While the robotic gadget looks simple, there’s a lot of technology packed into the little device. The gripper uses a force sensor to apply just the right amount of pressure to an object. 


Twitter may slow down users’ ability to ‘like’ tweets containing misinformation

Twitter  is working to expand the use of its “misinformation” labels on misleading tweets. The company has developed a new feature, not yet live, that would pop up a “misleading information” label when a user tries to “Like” a tweet that’s been labeled as misinformation. The feature was discovered by reverse engineer Jane Manchun Wong in the Twitter app code. She confirms the addition doesn’t prevent a user from continuing to “Like” the tweet, however — it just slows you down. A similar warning appears today when users attempt to retweet posts labeled as containing misinformation. This new feature would fall in line with other measures Twitter has been taking to slow the spread of misinformation on its service, including a recent change to how retweets work. On October 20, 2020, Twitter began to prompt anyone who goes to retweet something to share a quote tweet instead.


This One Time on a Pen Test: How I Hacked a Self-Driving Car

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. An organization hired us to perform a penetration test on a self-driving car—as it turns out, there are several self-driving projects available on the market today, so we were tasked with assessing  the attack surface of the vehicle to enumerate vulnerabilities that could lead to remote control of the vehicle. This included testing a somewhat broad scope of the vehicle, including its CAN Bus and TCP/IP networking. I was responsible for testing the TCP/IP portion of the assessment. Through testing, we followed a similar methodology to an internal penetration test. We connected to the network using an ethernet cable, scanned the vehicle’s Local Area Network identifying alive hosts, port scanned to fingerprint for services, etc.

Related Posts