AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/30/2019

1 – A Twitter app bug was used to match 17 million phone numbers to user accounts

A security researcher said he has matched 17 million phone numbers to Twitter  user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. He said Twitter’s contact upload feature doesn’t accept lists of phone numbers in sequential format — likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app. (Balic said the bug did not exist in the web-based upload feature.)


2 – CCPA: Everything you need to know about California’s new privacy law

The most sweeping data-privacy law in the country kicks in Jan. 1. The CCPA, short for the California Consumer Privacy Act, gives residents of the Golden State the right to learn what data companies collect about them. It also lets Californians ask companies to delete their data and not to sell it. The full impact of these new rights isn’t entirely clear because the regulations used to enforce the law are still being finalized. Still, companies inside and outside California are already scrambling to become compliant so that they can continue to do business in the country’s most populous state.


3 – Why you’re suddenly getting spammed with privacy emails

Does this look familiar? “We’ve updated our privacy notice to provide additional transparency on our information practices as well as to comply with the CCPA.” This holiday season, inboxes have been filled not only with promotional emails but also dozens of privacy notes. California’s new privacy law — the California Consumer Privacy Act (CCPA) — goes into effect January 1, 2020. That’s why Postmates, Condé Nast, Hulu, and many more businesses have emailed customers over the past few weeks with new terms of service.


4 – Report alleges massive Wyze data breach, but many questions remain

Budget smart home company Wyze is the subject of a new security report alleging massive user data loss in what is described as a huge security breach. Wyze has acknowledged the report but has said that it hasn’t yet been able to confirm whether the claims are true. The company was only made aware of the report earlier today from a second party, which claims on its own website that it verified the leak by reviewing ‘the records.’ The initial security breach claim was published by ‘Twelve Security,’ a website that describes itself as a ’boutique consulting firm.’ The report claims that Wyze’s production databases ‘were left entirely open’ for anyone to access, exposing data from 2.4 million users. The report claims the exposed data includes email addresses, lists of cameras with their nicknames, WiFi SSID, API tokens, Alexa tokens, and more.


5 – Wawa facing lawsuits over data breach at all of its stores

The Wawa convenience store chain is facing a wave of lawsuits over a data breach that affected its 850 locations along the East Coast. Wawa Inc. discovered malware on its payment processing servers this month before stopping the breach Dec. 12, the company has said. Officials with the company, based in Wawa, Pennsylvania, believe the malware had been collecting card numbers, customer names and other data since as early as March. The Philadelphia Inquirer reported Friday that at least six lawsuits seeking class-action status have been filed in federal court in Philadelphia.


6 – Ransomware Hits Maastricht University, All Systems Taken Down

Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two years. “Maastricht University (UM) has been hit by a serious cyber attack,” the university announced on Christmas Eve, December 24.


7 – UN to form cybercrime committee in move opposed by US, EU

The United Nations General Assembly on Friday approved a resolution that aims to create a new international convention on cybercrime. The Russian-sponsored resolution was approved by a 79-60 vote with 33 abstentions, according to The Associated Press. The resolution was approved over objections from both the European Union and the United States, as many fear language in the resolution will allow for crackdowns on expression. U.S. Deputy Ambassador Cherith Norman Chalet said before the vote that “this resolution will undermine international cooperation to combat cyber-crime at a time when enhanced coordination is essential,” the AP reported.


8 – Volkswagen built a robot that can find your electric car in a parking lot and charge it

Finding that one free charging spot in a parking garage can be a chore, but if Volkswagen’s new project catches on, the charging spot might come to you instead. On Thursday, the company announced a concept for a mobile charging robot that comes to electric cars and charges them on its own. The robot would be able to communicate with the car, open the charging socket flap and plug in with no human interaction. It’s fitted with cameras, laser scanners and ultrasonic sensor, which would allow it to move freely and go around obstacles.


9 – ‘We have a huge problem’: European tech regulator despairs over lack of enforcement

More than 18 months after the European Union began implementing the world’s toughest privacy law, the bloc’s ability to rein in Big Tech is increasingly in doubt amid growing frustration over a lack of enforcement actions and weak cooperation on investigations. Passed in May 2018, the General Data Protection Regulation (GDPR) was largely viewed as a model for the United States and other nations struggling to find effective limits on data collection by technology companies. And there was little doubt that, given the breadth of the law and the many suspected violations by global tech firms, there would soon be heavy fines or, at least, sanctions that would force Big Tech to change its operating methods.


10 – How 3D Printing is Transforming Healthcare One Layer at a Time

Of all the technologies in the digital age, 3D printing is arguably one of the most revolutionary. It has helped to transform product development by optimizing the design and manufacturing process. Product manufacturers can quickly and inexpensively design, produce, and modify their prototypes and then expedite many of the complicated tooling processes needed for mass production. 3D printing has also democratized product design with inexpensive tools and materials that allow just about anyone to print their own creations. 3D printing plays an important role in maker culture, and it has greatly accelerated the rise of the hacker movement responsible for consumers modifying and repairing their own gadgets.


11 – 2019 was the year Chinese artificial intelligence clashed with US

In 2017, China told the world it planned to become a world leader in artificial intelligence (AI). Two years later, that promise came to dominate the Chinese, if not the global, conversation about technology. At a conference this past May, John Kerry, the former US secretary of state, said Chinese President Xi Jinping’s announcement was not the “wisest” move. “It would have probably been smart to go try to do it and not announce [the plan], because the announcement was heard in Washington and elsewhere,” he said. His words foreboded a storm approaching Chinese AI firms.


12 – Attack of the terrifying robot vacuum

Earlier this week, alarmed in the middle of the night by a noise downstairs, a North Carolina man named Thomas sent his wife to “a safe place” and then grabbed his phone to flip on some smart lights in the kitchen. He picked up his gun and joined his wife, who called the police. As they were waiting, the couple listened to the intruder below. “We heard more noises downstairs and were increasingly alarmed,” wrote Thomas on social media the next day. “All my military training came back to me, I started analyzing the path the intruder would take, their line of fire if they entered the room in certain ways, and where we should be to decrease our risk of getting hurt. All I kept thinking about and listening for was my little 2 year old next door to us, alone, and sound asleep. I was ready to do whatever I needed to do if I heard her door open.”


13 – Massive Apple Maps rebuild of the US complete as changes roll out to the Southeast

Apple has been working on a huge rebuild of Apple Maps in the US over the last year and a half. Now that the updates are rolled out across the country, Apple Maps uses only data it’s collected itself, can push updates in realtime, and features much more detail for users. Over the previous months, we’ve been seeing more and more regions gain the new Apple Maps data. Now the rollout is complete as the Southeast has received the changes.


14 – Apple Sued by New York Doctor Over Watch’s Heart Technology

A New York University cardiologist claims Apple Inc.’s Watch uses his patented heartbeat-monitoring invention and he wants compensation. Dr. Joseph Wiesel, who teaches at NYU School of Medicine, filed a suit Friday against the tech giant, in federal court in Brooklyn. Wiesel claims the Apple Watch infringes his patent for a method to detect an irregular heartbeat. Apple promotes a feature in the watch that can measure the wearer’s heart rate and can provide notifications of an irregular pulse. The business segment that includes the Apple Watch, Apple TV and Beats headphones is the company’s fastest-growing category and generated more than $24 billion in sales in the fiscal year that ended in September.

Related Posts