AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/26/2020

NVIDIA and Mercedes partner to create a next-gen car computer

During a joint press conference held Wednesday, NVIDIA and Mercedes Benz announced that they are teaming up to develop a “revolutionary in-vehicle computing system” for the automakers next generation of luxury automobiles in 2024. Touted as “the most sophisticated and advanced computing architecture ever deployed in an automobile,” per an NVIDIA press release, this new software system will enable Level 2 and 3 driving autonomy — that’s on par and exceeding the current abilities of Tesla’s Autopilot, respectively — and Level 4 parking autonomy. That means that the vehicle will be able to, by and large, fit itself into parking stalls without any help from the human driver. There will still need to be a human on hand in case things go catastrophically sideways, but under normal conditions, there won’t be much call for them to intercede.


There are DDoS attacks, then there’s this 809 million packet-per-second tsunami Akamai says it just caught

Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second. The content delivery network today said it successfully warded off the mammoth traffic flood, even as it was hit with a peak load of 809 million packets per second (PPS). The attack, which began on 21 June, was directed at an unspecified European bank. The security team told The Register it is the largest such attack Akamai has ever encountered, let alone blocked, and the CDN believes that it is likely the largest DDoS attack to hit any network, in terms of packets per second.


Boston votes to ban government use of facial recognition

Boston joined cities like San Francisco, Oakland, California, and Cambridge, Massachusetts, on Wednesday in passing a vote to ban facial recognition technology for municipal use. It’s the second largest city in the US to ban facial recognition, after San Francisco enacted its ban in May 2019.  The ordinance passed unanimously and will prevent the capital city from using facial recognition technology or obtaining software for conducting surveillance using the technology. “Boston should not be using racially discriminatory technology and technology that threatens our basic rights,” City Councilor Michelle Wu said at the hearing on Wednesday. 


Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.” Instead of a legitimate sign-up page, however, it instead directs users to a malicious link, where they are asked to input their credentials (at the moment that link is inactive), according to a new report from Check Point Research.


Comcast, Mozilla strike privacy deal to encrypt DNS lookups in Firefox

Comcast is partnering with Mozilla to deploy encrypted DNS lookups on the Firefox browser, the companies announced today. Comcast’s version of DNS over HTTPS (DoH) will be turned on by default for Firefox users on Comcast’s broadband network, but people will be able to switch to other options like Cloudflare and NextDNS. No availability date was announced. Comcast is the first ISP to join Firefox’s Trusted Recursive Resolver (TRR) program, Mozilla said in today’s announcement. Cloudflare and NextDNS were already in Mozilla’s program, which requires encrypted-DNS providers to meet privacy and transparency criteria and pledge not to block or filter domains by default “unless specifically required by law in the jurisdiction in which the resolver operates.”


Apple’s Latest Privacy Announcement Could Be More Impactful than CCPA or GDPR

Apple did not outright kill its key mobile advertising tool IDFA this week, meaning a $45 billion subsector of the media industry lives to see another day. But its new consent requirements present a significant hurdle. At its Worldwide Developers Conference Monday, Apple announced a series of privacy updates to its iOS ecosystem that will place further barriers in the way of companies eager to cash in on in-app advertising. The updates require app developers to seek consent from iOS device users in order for third parties, aka app monetization partners, to access their data. This, in effect, makes IDFA an opt-in feature for users, and advertisers will no longer be able to target them by default.

Related Posts