AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/30/2021

How to find hidden spy cameras with a smartphone

Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones’ time-of-flight (ToF) sensor to find tiny spy cameras hidden in everyday objects. The app is more successful at detecting hidden cams than existing state-of-the-art commercial hidden camera detectors (CC308+, K18) and much more successful than the human eye/brain. Tiny cameras concealed in sensitive locations – hotel rooms, bathrooms, AirBnb rentals, etc. – are becoming a significant problem. They can be bought online for a pittance, and are so small that they are difficult to spot with the naked eye, especially in cluttered rooms.


Threat actors find and compromise exposed services in 24 hours

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity. To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors’ tactics. In a new study conducted by Palo Altos Networks’ Unit 42, researchers set up 320 honeypots and found that 80% of the honeypots were compromised within the first 24 hours.


China trying to export its Great Firewall and governance model

China is actively trying to export its internal internet governance model, according to a paper from the International Cyber Policy Centre at the Australian Strategic Policy Institute. Titled “China’s cyber vision: How the Cyberspace Administration of China is building a new consensus on global internet governance”, the paper outlines how China perceives sovereignty over its internet as having equivalent importance to sovereignty over its territory. Recent data security initiatives that restrict Chinese data from going offshore, and crackdowns on tech giants, are both expressions of Beijing’s desire to ensure that the Communist Party of China (CCP) can control the internet within China’s borders.


Australia will force social networks to identify trolls, so they can be sued for defamation

Australia’s government has announced it will compel social media companies to reveal the identities of users who post material considered defamatory. Prime minister Scott Morrison phrased the planned legislation as creating a power “to unmask anonymous online trolls”. The effect of the planned law will be to put social networks in the same legal position as publishers – liable for whatever material they carry if it is defamatory, even if it was written by a third party. More on that later. “Anonymous trolls are on notice, you will be named and held to account for what you say. Big tech companies are on notice, remove the shield of anonymity or be held to account for what you publish,” states the PM’s press release. That document goes on to explain that if social media companies reveal the identity of users that have made allegedly defamatory comments, whoever posted the contested material can become the subject of a defamation action rather than the companies.


Panasonic confirms data breach after hackers access internal network

Japanese tech giant Panasonic has confirmed a data breach after hackers gained access to its internal network. Panasonic said in a press release dated November 26 that its network was “illegally accessed by a third party” on November 11 and that “some data on a file server had been accessed during the intrusion.” However, when reached, Panasonic spokesperson Dannea DeLisser confirmed that the breach began on June 22 and ended on November 3 — and that the unauthorized access was first detected on November 11. The Osaka, Japan-based company provided few other details of the breach. In its press release, the company said that in addition to conducting its own investigation, it’s “currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”


Google, Apple fined by Italian authority for aggressive data collection

Italy’s competition authority (Autorita Garante della Concorrenza e del Mercato) has announced a fine of 10 million Euros ($11.3 million) against Google and Apple. The companies were fined due to violations of the Consumer Code involving lack of information on how personal data is used and aggressive consumer data acquisition practices for commercial purposes. As the Authority explains in the relevant announcement, its investigation has found that both Google and Apple do not provide clear information on how they collect data, what data they collect, and how exactly they’re using it. The announcement claims Google omits all relevant information during the account creation phase and when people use the services themselves. While Apple does the same during the creation of the Apple ID and when accessing the App Store, iTunes, Apple Books, etc.

Related Posts