AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/27/2020

The pandemic is bringing us closer to our robot takeout future

Robot deliveries remain rare enough that it’s easy to dismiss them as curiosities. But that’s a mistake. The technology works now. Starship already has hundreds of robots in service delivering food to real customers. Spurred by demand from locked-down customers, that number could soon soar to the thousands and eventually into the millions. With lower costs and no need to tip, robots could make takeout more popular than ever as it gradually displaces human-driven food deliveries.


Apple Pushes Back Against Zero-Day Exploit Claims

Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it’s found no evidence to support such activity. Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads already had been exploited in the wild since 2018 by an “advanced threat operator.” “Both vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released,” ZecOps said in its report. However, Apple said in a statement to Bloomberg’s Apple correspondent Mark Gurman that he posted on Twitter that this is just not true.


Drones that can detect Covid-19 are being tested in the US

Last month, we reported on drone maker Draganfly, which has been working on drone tech that uses specialized onboard thermal sensors and a smart computer vision system to monitor people’s temperature, heart and respiratory rates from a distance of 190 feet. It’s even able to detect sneezing and coughing in crowds, and can measure social distancing between individuals. The drones will be used in Australia and are now being tested in the US. Digital Trends reports that the Westport Police Department in Connecticut, which has seen over 17,550 Covid-19 cases, is now trialing Draganfly’s product.


After 160,000 accounts are compromised, Nintendo shuts down NNID logins

Nintendo today confirmed earlier reports of account breaches dating back over the past few weeks.The gaming giant issued an update (via Nintendo Japan) noting that around 160,000 Nintendo Accounts were impacted, which found multiple being used to purchase digital items without the owner’s consent. Along with the purchasing powers, the offending parties may have also gained access to personal information, including D.O.B. and email addresses. The issue appears frequency of account access appears to have increased in recent weeks. To address the matter, the company is shutting down log-ins via NNID (Nintendo Network ID), an older account system that dates back to the 3DS/Wii U. Nintendo is resetting passwords for those impacted and recommending that everyone (impacted or not) enable two-factor authentication for their systems.


New York payments startup exposed millions of credit card numbers

A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet. The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions. But because there was no password on the server, anyone could access the data inside.


Internet root keymasters must think they’re cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony

Every quarter, a small group of people cram inside a secure facility in either California or Virginia in America, get locked in, and spend the next two to three hours cryptographically signing the digital key pairs used to secure the internet’s root zone, the text file that shapes the ‘net as we know it. The integrity of the digital signing process is so critical that the organization that runs it, IANA, part of DNS overlord ICANN, flies in trusted internet community representatives from across the world, out of a pool of 14, to methodically run through the steps. These representatives each possess a set of physical keys required to gain access to the necessary equipment, held in safe deposit boxes in IANA’s key-signing facilities.


FCC may halt U.S. operations of three state-controlled Chinese telecom firms

The Federal Communications Commission (FCC) on Friday said it may shut down the U.S. operations of three state-controlled Chinese telecommunications companies, citing national security risks. The FCC issued so-called show cause orders to China Telecom Americas, China Unicom Americas, Pacific Networks Corp and its wholly owned subsidiary ComNet (USA) LLC, directing them to explain why it should not start the process of revoking authorizations enabling their U.S. operations. “We simply cannot take a risk and hope for the best when it comes to the security of our networks,” FCC Chairman Ajit Pai said in a statement.


As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology

Bluetooth came to the fore in the fight against the novel coronavirus this month when Apple and Google announced a project to use the wireless technology to trace people infected with the virus. The ambitious program to build interoperable software for iPhone and Android devices inspired hope in some and privacy concerns in others. New research highlights the potential security implications of using Bluetooth to track smartphone users.vJan Ruge, a researcher at the TU Darmstadt, a university in Germany, has shown how a hacker in close proximity to an Android device could use Bluetooth to execute code on it. 

Related Posts