AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/15/2020

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place. “We will not sell facial recognition tech to police in the U.S. until there is a national law in place… We must pursue a national law to govern facial recognition grounded in the protection of human rights,” Smith said during a virtual event hosted by the Washington Post. On Wednesday, Amazon announced a one-year ban on police departments using its facial recognition technology. In a short statement the company said it would be pushing for “stronger regulations to govern the ethical use of facial recognition technology.”

 

Researchers train drones to perform flips, rolls, and loops with AI

In a new paper published on the preprint server Arxiv.org, researchers at Intel, the University of Zurich, and ETH Zurich describe an AI system that enables autonomous drones to perform acrobatics like barrel rolls, loops, and flips with only onboard sensing and computation. By training entirely in simulation and leveraging demonstrations from a controller module, the system can deploy directly onto a real-world robot without fine-tuning, according to the coauthors. Acrobatic flight with drones is extremely challenging. Human pilots often train for years to master moves like power loops and rolls, and existing autonomous systems that perform agile maneuvers require external sensing and computation. That said, the acrobatics are worth pursuing because they represent a challenge for all of a drone’s components.

 

AWS Hit With a Record 2.3 Tbps DDoS Attack

AWS says it was hit with an record DDoS attack of 2.3 Tbps earlier this year, with the (unsuccessful) attempt to knock cloud services offline continuing for three days in February. That’s a colossal 2.3 trillion bytes of data every second being directed at AWS’s servers by an unknown attacker. To put the scale of the attempt in context, it is nearly double the 1.3 Tbps attack that blasted GitHub offline in 2018, or the circa 1 Tbps Mirai botnet DDoS that famously knocked Dyn offline in 2016. The attack on AWS was a CLDAP reflection-based attack, and was 44 percent larger than anything the cloud provider has seen before, it said in a Q1 AWS Shield threat landscape report [pdf] seen this week.

 

Web skimmers found on the websites of Intersport, Claire’s, and Icing

Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world’s biggest retail chains — accessories store Claire’s and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies’ websites and hid malicious code that would record payment card details entered in checkout forms. According to Sanguine Security’s Willem de Groot, the Claire’s website was compromised between April 25 and 30, and so was sister-site Icing. “The injected code would intercept any customer information that was entered during checkout, and send it to the claires-assets.com server,” de Groot wrote today in a report shared with ZDNet, where claires-assets.com was a domain they registered four weeks before for the special purpose of executing this attack.

 

SpaceX has a month to prove Starlink is worthy of rural broadband funding

The Federal Communications Commission (FCC) said it has “serious doubts” that SpaceX will be able to deliver internet service with latency under 100 milliseconds (via Ars Technica). That would not only be bad for users, but means that SpaceX could be at a disadvantage in an auction to distribute $16 billion in federal funds to support rural broadband access. SpaceX strongly disagrees, but it may not be able to prove its case in time. In a report on the phase I auction for the rural digital opportunity fund (RDOF), the FCC admitted that Starlink and other LEO (low-Earth orbit) providers have advantages over geostationary satellites that operate at much higher altitudes. However, it’s skeptical that latency can be determined by orbital altitude alone, saying it can also be affected by factors like “processing, routing and transporting traffic to its destination.”

Related Posts