AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/13/2020

Japan’s creepy robot wolf scares away crop-raiding deer, bears

A Japanese town has deployed robot wolves in the hopes of scaring away bears and other wildlife that can damage crops — or potentially injure residents. The robot, simply named “Monster Wolf,” is being tested in a town called Takikawa, located on the Hokkaido island in Northern Japan.  As reported by JAPANkyo, the ‘scarecrow’ has been created by Ohta Seiki and measures roughly 24-inches long, sporting a furry body, four legs, red, glowing eyes, and inbuilt speakers. Motion-based infrared sensors are embedded in the wolf, and when triggered, Monster Wolf will scream out one of 40 different sounds, including howls and growls. As shown in the video below, the sounds are certainly enough to scare off any wildlife — and potentially people, too. 


Amazon Launches Care Hub and Alexa Starts Asking Follow-Up Questions

Ideally, interacting with Alexa would be “as natural as interacting with another human being,” according to Amazon, which previously integrated sophisticated conversational experiences into the AI. Well on its way to reaching the Holy Grail, Amazon this week introduced a skill that lets Alexa infer customers “latent goals”—requests you didn’t even know you wanted to make. For instance, ask how long it takes to steep tea, and the latent goal could be setting a timer for steeping a cup of tea; Alexa might suggest “Five minutes is a good place to start,” then follow up by asking if you want to set a five-minute timer. “Transitions like this appear simple,” Amazon AI scientists Anjishnu Kumar and Anand Rathi wrote in a blog post. “But under the hood a number of sophisticated algorithms are running to detect latent goals, formulate them into actions that frequently span different skills, and surface them to customers in a way that doesn’t feel disruptive.”


2020’s biggest innovators? Hackers and cyber-criminals, again, says Darktrace

This year has turned corporate IT upside down, scuppering digital transformation plans as tech teams struggle to keep the lights on and support a suddenly remote workforce. The one comforting thought is “at least everyone else is in the same boat.” Well, not quite. One group has taken full advantage of this year of chaos and confusion to unleash a tidal wave of innovation. Unfortunately, that group is the hacker and cyber attacker fraternity, which has spotted that the sudden switch to remote working arrangements has delivered them a much wider attack surface to target, while security pros are stretched thinner than ever. At the same time as they have stepped into the breaches opened up by an increasingly diffused and corporate workforce, the bad guys have taken advantage of an almost universal thirst for information and reassurance with ever more creative spear phishing and whaling attacks.


Blackberry identifies mystery APT, calls upon researchers to start ‘picking up breadcrumbs’

Researchers at Blackberry have identified a new global campaign that the company believes shows the hallmarks of an as-a-service attack campaign: it uses a mixture of complex, bespoke malware and inconsistent, yet deliberate, choices of targets. “We’re hoping by publishing, the community can help us pick up the breadcrumbs,” said Tom Bonner, distinguished threat researcher at Blackberry. “We’re not sure what the endgames are.” CostaRicto, a name Blackberry derived from a project title in the malware, has attacked countries in every continent, save South America and Antartica. While, the full array of industries involved in the attacks are being kept secret for client protection reasons, Bonner says they’ve hit targets ranging from banking to retail. Based on targeting alone, it might seem like a traditional crime operation. State groups tend to focus on specific industries, locations and targets of particular value.


The North Face resets passwords after credential-stuffing attack

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts. In a data breach notification sent to affected customers, The North Face explained that the hackers may have gained access to account information – including products previously purchased on its website, products that have been saved to “favorites”, billing and shipping addresses, names, birthdays, telephone numbers, email preferences, and loyalty point totals. Fortunately, The North Face does not store payment card details and so the firm is confident that that credit card information is not at risk.


PSA: macOS is a little broken this morning, with many non-Apple apps hanging at launch

If you’re on a Mac running a relatively new version of macOS (Catalina or Big Sur, seemingly) and it’s having all sorts of weird issues right now: you’re not alone. We’re seeing a flood of reports from both users and developers of an issue preventing apps — particularly those not made by Apple  — from properly launching. Most are reporting that apps they already had open are fine, but attempts to open any new apps will result in it just bouncing around in the dock for minutes at a time. The issue first popped up this morning (curiously coinciding with the launch of macOS Big Sur) and seems to be improving for some… but for the time being, be aware your apps might not work as expected.

Related Posts