AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/9/2020

The US is formalizing Team Telecom rules to restrict foreign ownership of internet and telecom assets

It has the simplest name, but the sort of shadowy overtones that national security writers lust after. Team Telecom, a mostly informal working committee of the Departments of Defense, Homeland Security and Justice (along with affiliated agencies) has for years been quietly tasked with evaluating and maintaining the security of America telecom infrastructure in concert with the FCC. Its primary objective as far as we have been able to ascertain is to monitor the ownership of key telecom assets to ensure they don’t fall into the hands of suspect nations (think China, Russia, etc).


Former Facebook CSO Alex Stamos to join Zoom as outside security consultant

Former Facebook and Yahoo Chief Security Officer (CSO) Alex Stamos is joining Zoom as an outside security consultant. In a blog post published on Medium today, Stamos said he decided to join the company after a phone call last week with Zoom founder and CEO Eric Yuan. Yuan approached Stamos for the move after the former Facebook CSO defended Zoom on Twitter after the video conferencing software was being widely criticized in the media for a series of — what Stamos described as — “shallow bugs.”


Google Rolls Back Recently Introduced Chrome CSRF Protection

Initially announced in May 2019, the protection involves Chrome enforcing a new secure-by-default cookie classification system, where cookies that haven’t declared a SameSite value being treated as SameSite=Lax cookies. As part of the change, only cookies set as SameSite=None; Secure are made available in third-party contexts, but only over secure connections. Since early February, Google has been gradually rolling out the protection to its users, while keeping an eye on ecosystem impact, and also contacting individual websites and services to ensure cookies are labeled correctly. Due to the current COVID-19 pandemic, however, the Internet search giant has decided to temporarily roll back the enforcement of SameSite cookie labeling. The rollback started on Friday, April 3.


Facial recognition is no match for face masks, but things are changing fast

In a major about-face in public health policy, the Centers for Disease Control (CDC), U.S. Surgeon General Dr. Jerome Adams, and state and local health officials around the country recently began urging people to wear homemade face masks when they’re out in public. The directive is not meant to replace social distancing, but to reduce the spread of infection and ensure the most effective personal protective equipment goes to health care workers on the front line. But it could also throw a wrench in a number of facial recognition applications, including those used to unlock smartphones.


Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions

A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity. Massachusetts-based Recorded Future on Wednesday published findings detailing how Russian-language operatives spent months using popular internet services to try to interfere in Estonia, the Republic of Georgia and the U.S. The effort appears to be a continuation of a prior Russian campaign, dubbed Operation Secondary Infektion, that utilized Facebook and dozens of online platforms to sow division in the West and discredit political efforts.


Democratic senators question Google over decision to release coronavirus location data

Sens. Richard Blumenthal (D-Conn.) and Ed Markey (D-Mass.) raised concerns on Tuesday around potential privacy violations involved in Google’s decision last week to share anonymized location data to help track movement during the ongoing coronavirus pandemic. The senators sent a letter to Google CEO Sundar Pichai questioning the company’s new COVID-19 Community Mobility Reports, which involve the publication of anonymized and aggregated location data for individuals in 131 countries and regions to show movement trends.  Blumenthal and Markey were skeptical that the program would be able to fully ensure the privacy of user data, particularly in light of location data often revealing other personal data, such as home addresses, places of work, and religious affiliations. 


3D printed ‘fake fingerprints’ bypass scanners

New research has found that it’s possible to use 3D printing technology to create “fake fingerprints” that can bypass most fingerprint scanners used by popular devices. But, creating the attack remains costly and time-consuming. Researchers with Cisco Talos created different threat models that use 3D printing technology, and then tested them on mobile devices (including the iPhone 8 and Samsung S10), laptops (including the Samsung Note 9, Lenovo Yoga and HP Pavilion X360) and smart devices (such as a smart padlock).

Related Posts