AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/10/2020

MIT develops privacy-preserving COVID-19 contact tracing inspired by Apple’s ‘Find My’ feature

One of the efforts that’s been proposed to contain the spread of COVID-19 is a contact trace and track program, that would allow health officials to keep better tabs on individuals who have been infected, and alert them to potential spread. Contract tracing has already seemingly proven effective in some parts of the world that have managed to curb the coronavirus spread, but privacy advocates have big reservations about any such system’s implementation in the U.S. There are a number of proposals of how to implement a contact tracing system that preserves privacy, including a decentralization proposal for a group of European experts. In the U.S., MIT researchers have devised a new method to would provide automated contact tracing that taps into the Bluetooth signals sent out by everyone’s mobile devices, tying contacts to random numbers that aren’t linked to an individual’s identity in any way.


‘Worrying signs’: UNICEF says online child predators increasing amid coronavirus

The COVID-19 outbreak has sparked an increase in online child sexual predators that organizations, governments and parents need to take more seriously, says the head of the United Nations children’s agency. “We’ve got a couple of worrying signs, which is that the online predators are really — they’re multiplying,” Henrietta Fore, UNICEF’s executive director, said in a wide-ranging interview with The Canadian Press this week. With half the planet’s children now out of school because of the pandemic, Fore said that has created new risks for kids who are now spending more time on the internet. “Because children are online more, they are vulnerable. And often they haven’t been taught about how to think about being online, how to have a video chat and what you do and do not do,” she said.


‘Unbreakable’ Smart Lock Draws FTC Ire for Deceptive Security Claims

Tapplock catches heat for patched vulnerabilities — because of its claims that its smart locks can’t be hacked. The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as “unbreakable,” with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock was shown to be hackable. The $100 Tapplock smart locks are internet-connected and use fingerprint biometrics for security. The company also offers a companion mobile app that allows users to lock and unlock their smart locks with Bluetooth.



MicrosoftMicrosoft is revealing more about how people are using its Teams app, and it predicts the novel coronavirus pandemic will be a turning point that will change how we work and learn forever. Demand for Microsoft Teams surged worldwide last month, jumping from 32 million daily active users to 44 million in just a week. While usage continues to rise, Microsoft is releasing a new remote work trend report to highlight how work habits are changing.


Drug testing firm sends data breach alerts after ransomware attack

Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. This attack occurred on March 14th, 2020, when the Maze Ransomware operators stole data hosted on HMR’s network and then began to encrypt their computers. After the ransom was not paid, the Maze operators published some of the stolen data on their “News” site on March 21st to further extort HMR into making a payment.


Zoom Working on Security Improvements Amid More Bans

While Zoom has promised to improve things in terms of security and privacy, an increasing number of organizations have announced that they are banning the app over security concerns. Google has told employees that they cannot use Zoom on corporate computers as it does not meet its security standards. SpaceX, whose employees have been using the tool for conferences and meeting support, has also banned Zoom. The use of Zoom has also been banned entirely or in certain agencies by the governments of Taiwan, Germany and Australia. In the United States, the New York City Department of Education has already prohibited the use of Zoom in schools, and other school districts are likely to follow suit.


GDPR penalties deferred as Covid-19 takes hold

It has been reported that the Information Commissioner’s Office (ICO) has once again deferred massive GDPR fines issued to British Airways and Marriott International nine months ago. The fines, relating to data breaches that occurred during 2018, are not insignificant in nature: £183 million for British Airways and £99 million for Marriott International. Given that the ICO has a six-month period following a statement of intent to actually issue the penalty notice to demand payment, and there has already been a three-month deferment in January, this might seem like odd behaviour. However, investigations by the ICO are still ongoing and the current Covid-19 pandemic has certainly added fuel to the regulatory process.


Emails Impersonating Trump, White House Seek to Exploit Pandemic Fears

Online scammers have begun impersonating President Donald Trump and the White House in phishing emails designed to lure recipients to websites for downloading malware on their systems. The emails are the latest from attackers trying to take advantage of global concerns over the COVID-19 pandemic. Anti-phishing service provider INKY recently spotted the scam emails and described the campaign in a report this week. One of the emails is supposedly from someone in the White House named Valentina Robinson and is titled “The White House Instruction for coronavirus.” The contents of the email are brief and urge recipients to click on an embedded link to a document purportedly containing new guidelines for Americans related to the pandemic.


Report: Apple’s iOS 14 contains code that would let you sample apps before download

Apple has under development a feature that would allow iOS users to interact with a third-party app, even if the app wasn’t yet installed on your device, according to a report from 9to5Mac. The report is based on information discovered in the iOS 14 code, which is not necessarily an indication of launch plans on Apple’s part — but rather an insight into some of Apple’s work in progress. The feature is referenced internally as the “Clips” API — not to be confused with Apple’s video editing app of the same name. Based on 9to5Mac’s analysis, the new API works in conjunction with the QR Code reader, allowing a user to scan a code linked to an app, then interact with that app from a card that appears on their screen.

Related Posts