AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/1/2024

Amazon reverses course, revokes police access to Ring footage via Neighbors app 

Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly post requests onto Ring’s Neighbors app. Now, Ring hopefully will altogether be out of the business of platforming casual and warrantless police requests for footage to its users. 


OpenAI holds back wide release of voice-cloning tech due to misuse concerns 

Voice synthesis has come a long way since 1978’s Speak & Spell toy, which once wowed people with its state-of-the-art ability to read words aloud using an electronic voice. Now, using deep-learning AI models, software can create not only realistic-sounding voices, but also convincingly imitate existing voices using small samples of audio. Along those lines, OpenAI just announced Voice Engine, a text-to-speech AI model for creating synthetic voices based on a 15-second segment of recorded audio. It has provided audio samples of the Voice Engine in action on its website. 


AT&T resets account passcodes after millions of customer records leak online 

Phone giant AT&T has reset millions of customer account passcodes after a huge cache of data containing AT&T customer records was dumped online earlier this month, TechCrunch has exclusively learned. The U.S. telco giant initiated the passcode mass-reset after TechCrunch informed AT&T on Monday that the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts. A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch alerted AT&T to the security researcher’s findings. 


DinodasRAT malware targets Linux servers in espionage campaign 

Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021. Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed ‘Operation Jacana,’ that targeted government entities. 


Linux xz Backdoor Damage Could Be Greater Than Feared 

When your home has been broken into, you may not initially comprehend all that has been taken, or the damage that has been done. This is the state of apprehension the Linux community now feels with the recently-unearthed xz backdoor security vulnerability. “This upstream supply chain security attack is the kind of nightmare scenario that has gotten people describing it called hysterical for years,” Kubernetes Security Chairperson Ian Coldwater had written on X. “It’s real.” 


Related Posts