AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/10/2020

Apple adds anonymous symptom and health info sharing to its COVID-19 app and website

Apple has updated its own COVID-19 iOS app and website with new features to allow users to anonymously share info including their age, existing health conditions, symptoms, potential exposure risks and the state in which they’re located. This info, which is not associated with any of their personal identifying data in any way according to the company, will be used in an aggregated way to help inform the Centers For Disease Control and Prevention (CDC) and improve the organization’s COVID-19 screening protocol. The app will also use the aggregated data to assist public health agencies and the CDC in their efforts to help the public with the best available information about potential risk factors around COVID-19, and around what constitutes exposure and exposure risk.

 

Facebook researchers propose using language models for fact-checking

In a paper published on the preprint server Arxiv.org, researchers at Facebook propose using natural language models as fact-checkers, inspired by the fact that models trained on documents from the web display a surprising amount of world knowledge. Their proposed approach employs a verification classifier model that when given an original claim and a generated claim determines whether the claim is supported, refuted, or the information is insufficient to make a call. According to a survey commissioned by Zignal Labs, 86% of Americans who consume news through social media don’t always fact-check the information they read, and 61% are likely to like, share, or comment on any content suggested by a friend.

 

Nintendo’s NNID hack was almost twice as big as first reported

Nintendo said 300,000 Nintendo Network ID (NNID) accounts were broken into as part of a hacking attempt in April, which is nearly twice as many as initially stated. Nintendo previously said that 160,000 accounts were broken into. NNIDs were used for the 3DS and Wii U and allowed users of either system to download content and link their systems to a shared wallet. A new account system was used for the Nintendo Switch, but 3DS and Wii U owners could link their accounts. Hackers could have spent money at the My Nintendo store or the Nintendo eShop using virtual funds or money from a linked PayPal account. Additional information such as a user’s nickname, date of birth, and email address may have also been visible.

 

Computer network ‘disruption’ forces Honda to cancel some production

A “disruption” to Japanese carmaker Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson. The incident occurred Sunday and Honda’s IT personnel are still responding to the situation, Honda spokesman Chris Abbruzzese told CyberScoop. He declined to answer questions on the cause of the incident or where it was affecting the company geographically. But another statement from Honda to the BBC said the incident has “also [had] an impact on production systems outside of Japan.” Cybersecurity researchers said that malicious software samples associated with the incident suggested a ransomware attack had occurred.

 

1 billion robocalls net $225M FCC fine that will likely never be collected

The Federal Communications Commission today proposed a $225 million fine for health-insurance telemarketers who “made approximately 1 billion spoofed robocalls across the country during the first four and a half months of 2019.” But the FCC’s track record in collecting on proposed fines is so poor that the fine is unlikely to ever be collected at anywhere close to the proposed amount. Rising Eagle, a Texas-based health insurance telemarketer, made 1 billion calls “on behalf of clients that sell short-term, limited-duration health insurance plans,” the FCC said. Here’s how the FCC described the robocalls: The robocalls falsely claimed to offer health insurance plans from well-known health insurance companies such as Aetna, Blue Cross Blue Shield, Cigna, and UnitedHealth Group.

 

Law Enforcement Is Starting to Make Criminals Doubt the Dark Web

A new study revealed that dark web marketplace users are starting to lose trust due to authorities’ crackdowns and “current volatility” within the landscape, which results in instability for the darknet sites to establish a fixed presence. According to cybersecurity company Trend Micro on Sunday, crackdowns on marketplaces Dream Market, Wall Street Market, Valhalla and DeepDotweb have generated uncertainty among users regarding the unstable security infrastructure that dark web sites have been providing.

 

Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find

New research shows that an internet voting system being used in multiple states this year is vulnerable to hacking, and could allow attackers to alter votes without detection. On Sunday, researchers published a report that details how votes in OmniBallot, a system made by Seattle-based Democracy Live, could be manipulated by malware on the voter’s computer, insiders working for Democracy Live, or external hackers. OmniBallot is currently used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Though online voting has typically been used by overseas military and civilian voters, it could expand to more voters in the future due to the pandemic.

Related Posts