AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/9/2020

Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says

Authorities in Germany have seized a server used by the organization that published a trove of US police internal documents commonly known as BlueLeaks, according to the organization’s founder. On Tuesday, Emma Best, the founder of Distributed Denial of Secrets or DDoSecrets, a WikiLeaks-like website that has published the police data, said that prosecutors in the German town of Zwickau seized the organization’s “primary public download server.” “We are working to obtain additional information, but presume it is [regarding] #BlueLeaks,” Best added on Twitter. “The server was used ONLY to distribute data to the public. It had no contact with sources and was involved in nothing more than enlightening the public through journalistic publishing.”


Programming language rankings: R makes a comeback but there’s debate about its rise

Statistical programming language R has climbed back up to 8th place in Tiobe’s latest programming language popularity index, just behind JavaScript and up from 20th position last July. In May, when R crashed out of the top 20 for the first time in three years, Tiobe speculated that the language could be a victim of consolidation in statistical programming, with more developers in the field gravitating towards Python. “A possible reason for this is that statistical programming is finding its way from university to industry nowadays, and Python is more accepted by the industry,” Tiobe said at the time. Paul Jansen, CEO of Tiobe Software, now reckons R and Python have benefited from demand in universities and from global efforts to find a vaccine for the COVID-19 virus.  


US Secret Service reports an increase in hacked managed service providers (MSPs)

The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs). MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer’s entire computer fleet. Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a cloud infrastructure, or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients.


How to manage your new Slack notification schedules

Slack is now letting you choose when you get notifications on a per-day basis, meaning you can finally stop getting Slack pings over the weekend. Previously, Slack let you set when you were “available” to receive notifications, but those preferences would also roll over to the weekends. That meant you could get Slack distracting and unnecessary notifications on your computer or phone while you were enjoying an otherwise lazy Sunday. Now, you’ll be able to set when you are comfortable getting notifications but turn on a blanket no-notification policy for weekends (or whichever days / times work best for your schedule) if you want.


Security cameras can tell burglars when you’re not home, study shows

Researchers found they could tell if someone was in, and even what they were doing in the home, just by looking at data uploaded by the camera and without monitoring the video footage itself. The international study was carried out by researchers from Queen Mary University of London (QMUL) and the Chinese Academy of Science, using data provided by a large Chinese manufacturer of Internet Protocol (IP) security cameras. Cameras like these allow users to monitor their homes remotely via a video feed on the internet, but the researchers say the traffic generated by the devices can reveal privacy-compromising information.


U.S. probing allegations TikTok violated children’s privacy

The Federal Trade Commission and the U.S. Justice Department are looking into allegations that popular app TikTok failed to live up to a 2019 agreement aimed at protecting children’s privacy, according to two people interviewed by the agencies. The development is the latest bump in the road for the short video company, which is popular with teens. TikTok has seen scrutiny, including from the national security-focused Committee on Foreign Investment in the United States, rise sharply because of its Chinese parent corporation. U.S. Secretary of State Mike Pompeo said on Monday that the United States is “certainly looking at” banning TikTok, suggesting it shared information with the Chinese government, a charge it denied. A staffer in a Massachusetts tech policy group and another source said they took part in separate conference calls with FTC and Justice Department officials to discuss accusations that TikTok had failed to live up to an agreement announced in February 2019.


Another Former eBay Worker Is Accused of Cyberstalking

A retired police captain who oversaw security operations at eBay Inc.’s EBAY +1.75% European and Asian offices has been charged in a cyberstalking campaign that targeted a couple whom eBay executives viewed as critical of the company, the Justice Department said Tuesday. Philip Cooke, 55 years old, is the seventh former eBay employee charged in the alleged cyberstalking campaign against a Massachusetts couple who publish an e-commerce blog, EcommerceBytes. Mr. Cooke was charged in Boston federal court with conspiracy to commit cyberstalking and conspiracy to tamper with witnesses to hinder the local police investigation. A lawyer for Mr. Cooke declined to comment.

Related Posts