AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/24/2020

Apple accuses Facebook of ‘disregard for user privacy’

Apple has criticised Facebook for trying to “collect as much data as possible” from users, saying it will push ahead with its planned launch of a new privacy feature despite objections from the advertising industry. The company’s director of global privacy, Jane Horvath, made the criticism in a letter to a coalition of privacy groups, reassuring them that the feature, which will require users to actively allow developers to track how they use other apps, would still be launched. “We developed [App Tracking Transparency] for a single reason: because we share your concerns about users being tracked without their consent and the bundling and reselling of data by advertising networks and data brokers,” Horvath wrote. She defended Apple’s approach to targeted adverts, which she said was based on demographic details rather than user tracking.


How SpaceX could transform Starlink into an ultraprecise GPS network

For the past five years or so, SpaceX has been chipping away at a mind-bogglingly massive project: The Starlink satellite constellation. The grand plan is to ferry over 12,000 satellites (or more) into low-Earth orbit and place them in an undulating, lattice-like array that allows SpaceX to deliver high-speed broadband internet to every corner of the planet. Thus far, SpaceX has sent nearly 900 Starlink satellites into orbit, and even rolled out beta access to its fledgling satellite internet service. But internet access might not be the only trick this mega-constellation has up its sleeve. Researchers believe it could also be used for a secondary mission: Creating a next-gen navigation system that could supplant GPS.


Hoard of Spotify user data exposed by hackers’ careless security practices

A group of hackers didn’t have to breach Spotify’s systems to access as many as 350,000 accounts on the music-streaming service. All it took was a cache of login credentials stolen in other data breaches, and some patience.  The hackers were successful because Spotify account holders were reusing passwords from other accounts they had, a basic security mistake. The hackers just had to try the combinations on Spotify and look for matches, a technique known as credential stuffing. The simplicity of that technique doesn’t require genius, something the hackers proved by committing their own security blunder. The gang of criminal nonmasterminds exposed their own operation by storing the records on an unsecured cloud database. That meant anyone with a web browser could see the data without needing a password.


Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of “affordable” wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. CyberNews reached out to Walmart for comment and to understand whether they were aware of the Jetstream backdoor, and what they plan to do to protect their customers. After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: “Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it.”


This Successful Lawyer Had To Sell His House Because Of A Cyber Attack

My colleague just told me something so crazy it could be on 60 Minutes. He knows a guy who’s a partner at one of America’s leading law firms. And his son attends Miami’s top private school. When COVID was spreading like wildfire, his son was forced to attend “school from home.” That’s when it all started. The attorney happened to check his Amazon account and found someone had raked up $70,000 worth of charges. He scrambled to open his Apple Pay statement. Thousands of dollars had vanished there, too. He called the FBI and local police. They discovered a cyber hacker had gained access to all his accounts through his son’s school’s computer systems. He rushed out to buy brand new laptops and smartphones. He switched out his internet connection. Within two days, the hacker was back at work. The cybercriminal broke into the attorney’s home energy system and shut off the power. As COVID was ripping through Florida, he was forced to move his whole family to a hotel. He tried everything to retake control of his accounts. But nothing worked. No one, not even the authorities, could eject this hacker from his life. The hacker had essentially assumed his identify, taking over his primary email address and his phone number. 


US Air Force deploys robot security dogs to guard base

Tyndall Air Force Base in Florida is now guarded by robotic canines that will patrol the area before popping back to their kennels for a recharge. Over the past year the 325th Security Forces Squadron have been trialing the security robots via a so-called “3D Virtual Ops Center,” where the hardware hounds patrol the grounds and feed back data to central command. “These robot dogs will be used as a force multiplier for enhanced situational awareness by patrolling areas that aren’t desirable for human beings and vehicles,” said Major Jordan Criss, 325th Security Forces Squadron commander. “We will be able to drive them in a virtual reality headset within our Base Defense Operations Center. We will be able to see exactly what the robot dog is detecting through its mobile camera and sensor platform if desired, we will also be able to issue verbal commands to a person or people through a radio attached to the dogs.” No offensive capability has been built into these puppies, however, they’re strictly monitoring only.

Related Posts