AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/27/2020

Slack credentials abundant on cybercrime markets, but little interest from hackers

Slack credentials are abundant on hacking forums and the dark web; however, an analysis of the cybercrime underworld shows there’s little interest in the platform among hacker groups. The conclusion belongs to cybersecurity firm KELA, who scoured the cybercrime market for Slack credentials following last week’s Twitter hack and shared their findings with ZDNet this week. The credentials belonged to more than 12,000 different Slack workspaces, and prices varied from $0.50 and up to $300, depending on the workspace’s value to attackers. Some Slack workspaces couldn’t be identified, but KELA said that more than 4,300 workspaces allowed users to register using a specially-formatted email address, and were most likely government or corporate Slack channels.


Spotify Security Hole Lets Strangers Into Your Family Account

Spotify customers are complaining that strangers are breaking into their Family accounts, years after the problem was first raised with the music-streaming service. Spotify Premium Family gives up to six members of the same household Premium accounts for $14.99 per month, which is considerably cheaper than individual Premium accounts at $9.99 each. However, members of the Spotify subreddit are complaining that strangers are barging into their Family accounts, allowing them to freeload on a premium subscription. One customer claims four stranger profiles were set up on their Family account. “No clue who they were, or how they got on my plan,” he wrote on Reddit. “I found out by accident while changing my plan. Not even sure when it happened or how long this has been going on for.”


Your next smartphone will be a lot harder to scratch

It takes about two years for Corning to develop each new generation of Gorilla Glass, the resilient material that graces a critical mass of smartphones. That process has for several update cycles focused on protecting screens against drops, fending off shatters and cracks by boosting what’s known as compressive strength. The newly announced Gorilla Glass Victus, though, gives equal weight to preventing scratches. That’s harder than it sounds and more useful than you’d think. It’s not that Gorilla Glass has dismissed scratches entirely. But the last time Corning prioritized it as a threat was in Gorilla Glass 3, which came out all of seven years ago. Since then, smartphones have gotten much better about bouncing back from sidewalk run-ins, but handle an inadvertent key dig about the same as they did when the iPhone 5S came out. (Corning still provides glass for the iPhone, but a custom formulation distinct from the Gorilla Glass line.) Enter Victus, which promises double the scratch resistance of 2018’s Gorilla Glass 6. It performs better in a drop test, too, surviving a 2-meter fall compared to its predecessor’s 1.6m durability.


Antitrust hearing with CEOs of Facebook, Amazon, Google, and Apple rescheduled to Wednesday

A congressional hearing with the chief executives of Facebook, Google, Amazon, and Apple has been rescheduled for noon Eastern time on Wednesday. Originally scheduled for Monday, the hearing was bumped back a few days to allow members of Congress to pay respects to the late Rep. John Lewis, who died July 17th. Lewis will lie in state at the US Capitol next week. The House Judiciary Committee hearing with Mark Zuckerberg, Jeff Bezos, Tim Cook, and Sundar Pichai will focus on the various antitrust issues each CEO’s company is dealing with. It’s part of a yearlong investigation into the tech sector’s anti-competitive behavior. The hearing will be conducted remotely to adhere to coronavirus social distancing guidelines. Twitter CEO Jack Dorsey is not expected to testify despite a push late last week from some Republicans on the committee.


New York bans use of facial recognition in schools statewide

The New York legislature today passed a moratorium on the use of facial recognition and other forms of biometric identification in schools until 2022. The bill, which has yet to be signed by Governor Andrew Cuomo, comes in response to the launch of facial recognition by the Lockport City School District and appears to be the first in the nation to explicitly regulate or ban use of the technology in schools. In January, Lockport became one of the only U.S. school districts to adopt facial recognition in all of its K-12 buildings, which serve about 5,000 students. Proponents argued the $1.4 million system made by Canada-based SN Technologies’ Aegis kept students safe by enforcing watchlists and sending alerts when it detected someone dangerous (or otherwise unwanted). It could also detect 10 types of guns and alert select district personnel and law enforcement. But critics said it could be used to surveil students and build a database of sensitive information the school district might struggle to keep secure.

U.S. hatches plan to build a quantum Internet that might be unhackable

U.S. officials and scientists unveiled a plan Thursday to pursue what they called one of the most important technological frontiers of the 21st century: building a quantum Internet. Speaking in Chicago, one of the main hubs of the work, they set goals for forging what they called a second Internet — one that would function alongside the globe’s existing networks, using the laws of quantum mechanics to share information more securely and to connect a new generation of computers and sensors. Quantum technology seeks to harness the distinct properties of atoms, photons and electrons to build more powerful computers and other tools for processing information. A quantum Internet relies on photons exhibiting a quantum state known as entanglement, which allows them to share information over long distances without having a physical connection.

Related Posts