AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/23/2020

Activists publish 269GB of hacked US police force data

Dubbed BlueLeaks, the group known as Distributed Denial of Secrets (DDoSecrets) has published 269GB of material providing insights into law enforcement and a wide array of US government activities. The public can also access the information in its entirety. These files include hundreds of thousands of images, as well as documents, tables, text files, videos and emails, with the complete dataset available to download by anybody through DDoSecrets’ website. DDoSecrets, founded in December 2018, is a small group of activists, journalists, and engineers committed to publishing leaked and hacked data which is in the public interest. The organisation doesn’t itself conduct any cyber activities, but rather publicises material passed to it, much in the manner of WikiLeaks.  It’s unclear how exactly the data was obtained, although social media activity from Anonymous may indicate some involvement. 


EBay’s former CEO denies any link to the cyberstalking of a blogger. But he did want to create a competitor to challenge her.

Earlier this week, reports emerged of a very strange corporate scandal: Federal authorities charged several former eBay corporate security employees for their roles in a cyberstalking campaign targeting a blogger that involved Twitter harassment and mailing insects to her house. Now, former eBay CEO Devin Wenig, who led the company at the time, tells Recode that he was shocked to hear details of the campaign this week and that he gave “no direction” nor “tacit approval” for it. But the former eBay chief executive was at times so frustrated with coverage from the news website in question that he on several occasions floated the idea internally that eBay should create its own competitor publication, multiple former eBay insiders told Recode.


Risk assessments reveal businesses remain deficient in security compliance, training

An analysis of more than 100 risk self-assessments conducted by business organizations across a cross-section of industries revealed that over 65 percent admitted to achieving zero-to-minimal compliance of U.S. state data privacy and security regulations, including myriad breach laws and the California Consumer Privacy Act. The discouraging findings show that business organizations are still playing catch-up when it comes to adhering to standards and implementing other fundamental cybersecurity protections. Another 27 percent of businesses said they had only partial compliance with privacy and security regulations.


Google employees demand the company end police contracts

Over 1,650 Google employees have signed an open letter to CEO Sundar Pichai demanding the company stop selling its technology to police forces across the US. The letter comes as protests against police brutality, spurred by the killing of George Floyd, continue to spread for the fifth straight week. “The past weeks have shown us that addressing racism is not merely an issue of words, but of actions taken to dismantle the actual structures that perpetuate it,” the letter, written by the employee group Googlers Against Racism, reads. “While we as individuals hold difficult but necessary conversations with our family, friends and peers, we are also incredibly disappointed by our company’s response.”


Apple will soon let developers challenge App Store rules

Apple  has announced an upcoming change to App Store rules that could mark a major shift in how the marketplace operates. Developers will soon be able to challenge not just the rejection of an app, but the rule that prompted that rejection. Bug fixes will also no longer be held up by rule violations. In a blog post about changes for apps and developers, Apple noted these major additions with remarkably little fanfare: First, developers will not only be able to appeal decisions about whether an app violates a given guideline of the App Store Review Guidelines, but will also have a mechanism to challenge the guideline itself. Second, for apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues.


Safari Will Now Be Able To Detect If Your Password Has Been Breached

Over the years, we’ve come across various massive hacks of customer databases. As a result, there is a good chance that one of your accounts out there might have been compromised. While this is problematic, one way you can isolate the issue would be to ensure that all your accounts use different passwords. The idea is that if you use a different password for all your accounts, it would limit how many accounts a hacker could breach. For macOS users, the good news is that if you use Safari as your browser, a change coming to Safari in the macOS Big Sur update is the ability for Safari to detect when you’re using a password that might have been breached or compromised.

Related Posts