AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/29/2020

TikTok caught copying iOS users’ clipboard contents, claims it’s an anti-spam feature

As the Telegraph notes, TikTok was one of several applications discovered to be reading users’ clipboards back in March. A couple of developers found popular applications such as AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon, and Google News were all snooping on both Android and iOS. ByteDance told Forbes this was related to the use of an outdated Google advertising SDK that was being replaced. At the time, TikTok promised it would end the practice within a few weeks, but a new feature in iOS 14 showed the snooping hadn’t stopped. Apple’s latest operating system update doesn’t arrive until the fall, but those with early access got to see how it alerts users if an application is copying and pasting text from their clipboard.

 

Microsoft is closing all of its stores

Microsoft is getting out of the brick-and-mortar retail business. The company announced Friday it will close down all of its 83 physical stores and switch to online only. It will keep its London; New York City; Sydney, Australia and Redmond, Washington locations, but they will be reimagined as “experience centers,” the company stated. They will showcase Microsoft’s technology, such as Surface PCs, Xbox, “Minecraft,” Windows and Office, but they won’t necessarily sell anything. The tech giant opened a bunch of locations in high-profile areas, such as Manhattan’s Fifth Ave. But during the pandemic, many of its stores have remained closed, and Microsoft (MSFT) is abandoning ship.

 

File Your Claim in the Yahoo Data Breach Settlement by July 20

The deadline for filing for benefits in the Yahoo data breach settlement is coming up soon, on July 20. You may be eligible to collect part of a $117.5 million settlement fund — but how much and how soon is unclear. If this has a repetitive, “Groundhog Day” vibe, it might be because of the recent Equifax data breach settlement, which involved similar choices. As with Equifax, claimants in the Yahoo case can file for free credit monitoring or choose cash if they already have credit monitoring. In addition, there is the potential for reimbursement for time and money spent on security measures taken as a result of the breach.

 

A domestic violence prevention app backed by Dr. Phil exposed victims’ distress recordings

Back in 2013, Robin McGraw, wife of U.S. television personality Dr. Phil, launched an app to help domestic violence victims covertly signal for distress. It was quickly heralded as a potential lifesaver for those in harm’s way. Aspire News, which claims over 300,000 downloads, is disguised to look like an innocuous news reading app that domestic violence victims can use to alert friends and family to abuse or danger. When a victim taps the top bar of the app three times, the app can alert trusted contacts with a prewritten message, a prerecorded voice note and the victim’s precise location by text message to indicate that they need help or are in danger. But a security lapse meant that those uploaded voice recordings were left exposed on an unprotected cloud server for anyone to access.

 

Twitter promises to fine-tune its 5G coronavirus labeling after unrelated tweets were flagged

Twitter says it’s working on improving how it labels tweets with problematic 5G or coronavirus content, after users reported their tweets were being mislabeled with a COVID-19 fact-check. “In the last few weeks, you may have seen Tweets with labels linking to additional info about COVID-19,” Twitter Support tweeted. “Not all of those Tweets had potentially misleading content associating COVID-19 and 5G.” Twitter began fact-checking tweets that linked 5G and the COVID-19 pandemic earlier this month, by adding the label that reads “get the facts about COVID-19” which links to a Twitter moment with “No, 5G isn’t causing coronavirus” as its title. Part of a conspiracy theory that has been widely debunked suggested that the spread of the coronavirus was somehow linked to the installation of new 5G mobile networks.

 

Apple Called Out Google Over Privacy Concerns. The Company’s Response Shows It Misses the Point

Apple and Google, at least on the surface, appear to have a lot in common. Both are giant tech companies full of very smart people building some very innovative products. Some of those products even overlap. They both make smartphones and the operating systems that power them, and both make billions of dollars selling those products and services to businesses and consumers. Despite those similarities, the way the two companies view their relationship with their customers couldn’t be more different. And that difference couldn’t have been more clear than it was on Monday, when Apple took several not-so-veiled swipes at Google over privacy during its WWDC keynote. Google responded with a blog post from the company’s CEO, Sundar Pichai.

Related Posts