Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office

Facebook’s software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world’s biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught by algorithms before anyone can report it, Facebook said in its latest community-standards enforcement report. The remaining 5 percent of the roughly 22 million flagged posts in the past quarter were reported by users. That report is also tracking a new hate-speech metric: prevalence. Basically, to measure prevalence, Facebook takes a sample of content, then looks for how often the thing they’re measuring—in this case, hate speech—gets seen as a percentage of viewed content. Between July and September of this year, the figure was between 0.10 percent and 0.11 percent, or about 10-11 views of every 10,000.

 

23,600 hacked databases have leaked from a defunct ‘data breach index’ site

More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee. Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites. The idea behind the site isn’t unique, and Cit0Day could be considered a reincarnation of similar “data breach index” services such as LeakedSource and WeLeakInfo, both taken down by authorities in 2018 and 2020, respectively.

 

RadioShack will live forever as a zombie brand

RadioShack’s shambling remains were given another jolt of life today when they were purchased by another company that plans to relaunch the once-great retailer as an online-focused brand. The store’s remains were purchased by Retail Ecommerce Ventures (REV), a startup founded in 2019 that’s been scooping up brands from other faded retail giants as well, including Pier 1, Modell’s Sporting Goods, Dressbarn, and more. REV says RadioShack’s website already has “strong existing sales and sales potential,” and the company is “confident” it can further raise awareness of the brand internationally. REV claims it’s successfully turned around other companies it’s launched as online brands. The Wall Street Journal reported that Dressbarn more than doubled its revenue between the first and second quarter of 2020.

 

Could Your Vacuum be Listening to You?

A team of researchers demonstrated that popular robotic household vacuum cleaners can be hacked to act as remote microphones. The researchers—including Nirupam Roy, an assistant professor in the University of Maryland’s Department of Computer Science—collected information from the laser-based navigation system in a popular vacuum robot and applied signal processing and deep learning techniques to recover speech and identify television programs playing in the same room as the device. The research demonstrates the potential for any device that uses light detection and ranging (Lidar) technology to be manipulated for collecting sound, despite not having a microphone. This work, which is a collaboration with assistant professor Jun Han at the National University of Singapore was presented at the Association for Computing Machinery’s Conference on Embedded Networked Sensor Systems (SenSys 2020) on November 18, 2020. 

 

U.S. regulators seek public input on new safety standards for self-driving cars

U.S. auto safety regulators on Thursday said they were opening a formal regulatory proceeding that could eventually result in the adoption of new safety standards for autonomous vehicles. The National Highway Traffic Safety Administration (NHTSA) said it was issuing an advance notice of proposed rulemaking to get public input on how to ensure the safety of future self-driving vehicles. Companies like General Motors, Alphabet’s Waymo and Tesla are working on vehicles that can drive themselves. “This rulemaking will help address legitimate public concerns about safety, security and privacy without hampering innovation in the development of automated driving systems,” said U.S. Secretary of Transportation Elaine Chao in a statement.

 

Advanced Threat predictions for 2021

Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in the near future.

 

Apple to Press Ahead on Mobile Privacy, Despite Facebook Protests

Apple confirmed Thursday it would press ahead with mobile software changes that limit tracking for targeted advertising — a move that has prompted complaints from Facebook and others. The iPhone maker said it was moving ahead with updates to its mobile operating system to give users more information and control on tracking by apps on Apple devices. Apple earlier this year delayed the changes to give online advertisers time to adapt. But in a letter to the nonprofit group Ranking Digital Rights, Apple said it planned to move forward next year “because we share your concerns about users being tracked without their consent and the bundling and reselling of data by advertising networks and data brokers.”

Related Posts