AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/12/2020

Ring doorbell security cameras recalled after some catch fire

Amazon-subsidiary Ring is recalling hundreds of thousands of video doorbells after receiving reports of them catching fire. The potential fire hazard impacts around 350,000 2nd generation Ring doorbells sold in the United States and roughly 8,700 more sold in Canada, according to a notice posted by the US Consumer Product Safety Commission (CPSC) on Tuesday. The $100 doorbells were sold on Ring’s website and on Amazon between June 2020 and October 2020, according to the CPSC. “The video doorbell’s battery can overheat when the incorrect screws are used for installation, posing fire and burn hazards,” the notice said. According to the notice, Ring has thus far received 23 reports of doorbells catching fire and causing property damage, as well as eight reports of minor burns.

 

Federal Judge Tosses Apple’s Theft Claims in Ongoing Epic Games Legal Fight

A California federal judge on Tuesday dismissed some of Apple’s counterclaims against Epic Games in its ongoing antitrust battle over Apple’s App Store fees (via Bloomberg). Apple and Epic have been in a legal fight since August, when Apple removed Fortnite from the ‌App Store‌ after ‌Epic Games‌ introduced a direct payment option in the app, defying the ‌App Store‌ rules. ‌Epic Games‌ promptly filed a lawsuit against Apple, accusing the company of anti-competitive actions.  On Tuesday, U.S. District Judge Yvonne Gonzalez Rogers granted ‌Epic Games‌’ motion for judgement, throwing out Apple’s two claims for lost ‌App Store‌ fees and other monetary damages. “This is a high-stakes breach of contract case and an antitrust case and that’s all in my view,” Gonzalez told Apple’s lawyers, according to Bloomberg. “You can’t just say it’s independently wrongful. You actually have to have facts,” the judge said, adding that the rest of the breach-of-contract case moves forward.

 

Case Highlights Growing Online Crime with Devastating Real-Life Consequences

The doors were locked, the alarm system was on, and the 13-year-old girl never left her room. But a child predator was able to reach her simply because she was tricked into connecting with him online. The link between Presley (her name has been changed to protect her identity) and someone she believed was another teenage girl named K.C. started out as a friendly exchange over a popular messaging app. They sent each other occasional messages and pictures of their outfits over a few weeks. One mildly revealing photo from Presley, however, gave K.C.—who was actually a grown man in Florida named Justin Richard Testani—an opening to begin his threats. He said he would share the photo and spread rumors about her to friends and family if she didn’t do as he asked. “She let her guard down,” her mother said. “She let her guard down because she thought it was another teenage girl.”

 

Chrome to block tab-nabbing attacks

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term “tab-nabbing” refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario. This scenario refers to situations when users click on a link, and the link opens in a new tab (via the “target=_blank” attribute). These new tabs have access to the original page that opened the new link. Via the JavaScript “window.opener” function, the newly opened tabs can modify the original page and redirect users to malicious sites.

 

Animal Jam kids’ virtual world hit by data breach, impacts 46M accounts

The immensely popular children’s online playground Animal Jam has suffered a data breach impacting 46 million accounts. Animal Jam is a virtual world created by WildWorks, where kids can play online games with other members. Geared towards children ages 7 through 11, Animal Jam has over 300 million animal avatars created by kids, with a new player registering every 1.4 seconds. Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker. The two stolen databases are titled ‘game_accounts’ and ‘users’ and contain approximately 46 million stolen user records.

 

U.S. Treasury seeks ‘resolution’ with ByteDance on security concerns

The U.S. Treasury Department said on Wednesday it wants a resolution of national security concerns it has raised over China-based ByteDance’s acquisition of U.S. social media app Musical.ly, which it then merged into video-sharing app TikTok. The statement came a day after China-based ByteDance filed a petition with the U.S. Court of Appeals in Washington challenging a Trump administration order set to take effect on Thursday requiring it to divest TikTok unless it can reach agreement with U.S. regulators or win an extension. “The Treasury Department remains focused on reaching a resolution of the national security risks arising from ByteDance’s acquisition of Musical.ly,” Treasury spokeswoman Monica Crowley said. “We have been clear with ByteDance regarding the steps necessary to achieve that resolution.”

Related Posts