AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/13/2020

1 – Robot with coronavirus advice hits Times Square

Worried about the spread of coronavirus? A five-foot tall (1.5 meter) Promobot might have your answer. The robot with a friendly face rolled into Times Square on Monday to help provide information about the new virus. Curious passersby stopped, filled out a short questionnaire on an iPad-like touch screen attached to the robot’s chest, and even had a conversation with the machine. Promobot was created by a Philadelphia-based startup that makes autonomous service robots for businesses and is run by a group of Russians. “We did a special software to detect coronavirus symptoms,” the company’s chief business development officer, Oleg Kivorkutsev, told Reuters.


2 – China launches coronavirus ‘close contact detector’ app

China has launched an app that allows people to check whether they have been at risk of catching the coronavirus. The ‘close contact detector’ tells users if they have been near a person who has been confirmed or suspected of having the virus. People identified as being at risk are advised to stay at home and inform local health authorities. The technology shines a light on the Chinese government’s close surveillance of its population. To make an inquiry users scan a Quick Response (QR) code on their smartphones using apps like the payment service Alipay or social media platform WeChat.


3 – Phil Goff’s emails hacked – 15,000 emails over 12 years offered for sale

Emails apparently sent and received by Auckland mayor Phil Goff over a 12-year period have been offered with a $20,000 price tag and appear to contain deeply personal information alongside council and Parliamentary work. Communications sent to the Herald suggest there has been a complete grab of Goff’s inbox and sent folders. Among many other topics, they appear to include fundraising plans for Goff’s mayoral bid, “confidential” polling data during last year’s campaign and sensitive business information. The seller claims to have more than 15,000 emails from an Xtra account in Goff’s name with the database spanning from 2007 to 2019.


4 – Employers Using AI in Hiring Take Note: Illinois’ Artificial Intelligence Video Interview Act Is Now in Effect

On January 1, 2020, Illinois’ new Artificial Intelligence Video Interview Act (AIVIA) went into effect, meaning Illinois employers must now comply with the law if they use artificial intelligence (AI) to analyze video interviews by job candidates. As we outlined in a prior post, the AIVIA imposes duties of transparency, consent and data destruction on organizations using AI to evaluate interviewees for jobs that are “based” in Illinois. While these concepts may be clear in the abstract, the Illinois law is a lesson in brevity and leaves several key terms undefined (including, for example, the term “artificial intelligence”). Nor is it clear what it means for a position to be “based” in Illinois. As a result, employers using AI-enabled analytics in interview videos must sort through these questions and take other affirmative steps to ensure compliance with the new law.


5 – China denies it was behind the Equifax hack, as four men charged for data breach

A Chinese spokesperson has strongly denied that his government was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens. Chinese foreign ministry spokesperson Geng Shuang was reacting to news that the US Department of Justice had charged four men, allegedly members of China’s People’s Liberation Army (PLA), with orchestrating what the FBI has described as the “largest theft of sensitive personally identifiable information by state-sponsored hackers ever recorded.” “The Chinese government, military and relevant personnel never engage in cyber theft of trade secrets,” Shuang was reported as saying. 


6 – Man who refused to decrypt hard drives is free after four years in jail

A Philadelphia man has been freed after a federal appeals court ruled that his continued detention was violating federal law. Francis Rawls, a former police officer, had been in jail since 2015, when a federal judge held him in contempt for failing to decrypt two hard drives taken from his home. The government believes they contain child pornography. In 2015, law enforcement raided Rawls’ home and seized two smartphones, a Mac laptop, and two hard drives. Prosecutors were able to gain access to the laptop, and police say forensic analysis showed Rawls downloading child pornography and saving it to the external hard drives. But the drives themselves were encrypted, preventing the police from accessing the downloaded files.


7 – New ‘One-Stop Shop’ Site Helps K-12 Schools Make Campuses Safer

A new collaborative federal government website launched Monday as a home base of information to help school administrators as well as students, parents and teachers make K-12 campuses more secure. SchoolSafety.gov was launched by the departments of Homeland Security, Justice, Education, and Health and Human Services, and includes resources on topics ranging from threat assessment and physical security to cyberbullying and training exercises. “All children deserve to go to schools free from harm, and all parents deserve to have confidence that their children will return home from school unharmed each and every day,” Assistant Director Brian Harrell at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) told HSToday. “The safety and security of our nation’s schools is a top priority for this administration and the Department of Homeland Security, and we are committed to supporting our communities prepare for, respond to, and prevent tragedies from occurring.”


8 – Leaky Estée Lauder database exposes 440M records

The Estée Lauder Companies Inc. accidentally left over 440 million records publicly exposed after failing to password-protect a corporate database, according to a researcher who spotted the oversight. The misconfigured database was found to contain emails in plain text, including those sent from internal email addresses; references to reports and internal documents; and IP addresses, ports, pathways and storage information. Additionally, it stored Production, Audit, Error, CMS and Middleware logs. All in all, a grand total of 440,336,852 was left open for public discovery. Estée Lauder has stated publicly that consumer information was not stored in the database.


9 – U.S. House bill offers $400M for state and local cybersecurity

A bill being introduced this week in the U.S. House Homeland Security Committee would create a new grant program awarding $400 million annually to states to improve the cybersecurity of their networks as well as those of their local governments. The State and Local Cybersecurity Improvement Act is designed to provide a steady source of federal cybersecurity funding to states, which could then be redistributed at the local level, as public-sector entities face a growing array of cyberthreats that could disrupt critical infrastructure including utilities, transportation and elections. Along with the grant program, it would also establish a 15-member “State and Local Cybersecurity Resiliency Committee” to advise the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.


10 – MWC 2020: Smartphone showcase cancelled over coronavirus fears

The world’s largest mobile phone showcase, Mobile World Congress (MWC), has been cancelled over coronavirus concerns, organisers have confirmed. The GSM Association (GSMA) said it had become “impossible” for the event to go ahead as planned in Barcelona. BT, Facebook, LG, Nokia, Sony and Vodafone were among the high-profile exhibitors to have pulled out of the annual event, citing coronavirus fears. But Spain’s health minister, Salvador Illa, urged people to remain calm. Earlier on Wednesday, Mr Illa said people should “trust in the Spanish health system” and “take decisions based on scientific evidence”. MWC was due to be held in Barcelona on 24-27 February. More than 100,000 people usually attend the annual event, about 6,000 of whom travel from China.

Related Posts