AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/4/2020

1 – Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too

After a recent, extensive, and rather withering bout of bad press, the facial recognition company Clearview AI has changed its homepage, which now touts all the things it says its technology can do, and a few things it can’t. Clearview’s system, the company says, is “an after-the-fact research tool. Clearview is not a surveillance system and is not built like one. For example, analysts upload images from crime scenes and compare them to publicly available images.” In doing so, it says, it has the power to help its clients—which include police departments, ICE, Macy’s, Walmart, and the FBI, according to a recent Buzzfeed report—stop criminals: “Clearview helps to identify child molesters, murderers, suspected terrorists, and other dangerous people quickly, accurately, and reliably to keep our families and communities safe.”


2 – AI ethics backed by Pope and tech giants in new plan

The Roman Catholic Church has joined up with IBM and Microsoft to work on the ethics of artificial intelligence. Leaders from the two tech giants met senior church officials in Rome, and agreed to collaborate on “human-centred” ways of designing AI. Microsoft president Brad Smith admitted some people may “think of us as strange bedfellows” at the signing event. “But I think the world needs people from different places to come together,” he said. The call was supported by Pope Francis, in his first detailed remarks about the impact of artificial intelligence on humanity.


3 – Taiwan accuses China of waging cyber ‘war’ to disrupt virus fight

Taiwan’s foreign minister on Saturday accused giant neighbor China of waging cyber “war” on the island to disrupt its fight against the coronavirus by using fake news, as the island Beijing claims as its own reported a jump in new cases. The coronavirus outbreak has strained already poor ties between Taipei and Beijing, with Taiwan especially angry at China’s efforts to block its participation at the World Health Organization (WHO). China says Taiwan is merely one of its provinces with no right to membership of the WHO. Taiwan has called China “vile” for not allowing it real time information about the virus from the WHO. China says Taiwan gets the information it needs.


4 – T-Mobile Vows to Fight FCC Fines for Location Sharing

Federal Communications Commission enforcers told the country’s top cellphone carriers to pay more than $200 million in penalties for allegedly mishandling sensitive location data, a punishment at least one of the companies has already vowed to contest. The telecom regulator is seeking more than $91 million from T-Mobile US Inc., $57 million from AT&T Inc., $48 million from Verizon Communications Inc. and $12 million from Sprint Corp. T-Mobile said in a statement that it ended its location-sharing program in February 2019 and would fight the proposed fine. “While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine,” a T-Mobile spokeswoman said, referring to the notices of apparent liability through which the five-member commission disclosed the fines. Spokespeople for AT&T, Verizon and Sprint said they were still reviewing the notices.


5 – Telecom Sector Increasingly Targeted by Chinese Hackers: CrowdStrike

Threat actors linked to China increasingly targeted the telecommunications sector in 2019, according to endpoint security firm CrowdStrike. CrowdStrike on Tuesday published its 2020 Global Threat Report, which provides data on both state-sponsored and financially-motivated operations observed by the company last year. The report shows that the telecommunications and government sectors were the most targeted by the threat groups monitored by the cybersecurity firm. In the case of the telecom sector, many of the attacks were attributed to China-linked hacker groups, including the ones tracked as Wicked Panda (aka APT41), Emissary Panda (aka APT27, TG-3390, Bronze Union and Lucky Mouse), and Lotus Panda (aka Thrip).


6 – UK NCSC Releases Tips on Securing Smart Security Cameras

The UK National Cyber Security Centre (NCSC) has released guidance on how to correctly set up smart security cameras and baby monitors to avoid having them hacked by attackers. This new guidance was released because so-called smart security cameras and baby monitors can put your security and privacy at risk if not configured properly. Such devices make it possible to watch a live camera feed over the Internet, receive activity alerts when you’re not around the house, and even record surveillance footage for reviewing later in case of any incidents. By taking the steps detailed by the NCSC, users of such devices can avoid being the victim of threat actors looking to compromise them.


7 – Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and content management systems (CMSes). When present in real-world web apps, these types of vulnerabilities allow hackers to exploit file upload forms and plant malicious files on a victim’s servers. These files could be used to execute code on a website, weaken existing security settings, or function as backdoors, allowing hackers full control over a server.


8 – Ransomware Attackers Use Your Cloud Backups Against You

Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you. Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software. This was not meant to expose the information to others for further attacks but was used as a warning to the victim that the ransomware operators had full access to their network, including the backups. “Yes, we download them. It is very useful. No need to search for sensitive information, it is definitely contained in backups. If backups in the cloud it is even easier, you just login to cloud and download it from your server, full invisibility to “data breach detection software”. Clouds is about security, right?”


9 – An Android Security App With 1 Billion Downloads Is Recording Users’ Web Browsing

In February, Google threw 600 apps out of its Play store. Amongst those was an app called Clean Master, a security tool promising antivirus protection and private browsing. It had more than 1 billion installs before it was evicted and, despite Google’s ban, is one of Android’s most downloaded apps ever and is  likely still running on millions of phones. Whilst Google hasn’t commented on what it knew about the app, created by China’s Cheetah Mobile, Forbes has learned a security company provided the tech giant with evidence the tool was collecting all manner of private Web use data. That includes which websites users visited from the in-app “private” browser, their search engine queries and their Wi-Fi access point names, right down to more detailed information like how they scrolled on visited Web pages, according to the security company’s researcher, who also provided the information to Forbes.


10 – The Case for Limiting Your Browser Extensions

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.

Related Posts