AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/10/2019

Capital One hacker Paige Thompson pleads not guilty on all counts

The alleged Capital One hacker Paige Thompson has pleaded not guilty to all charges on her first appearance in court. Appearing at the Western District of Washington federal court late last week, Thompson pleaded not guilty to charges that included wire fraud, and computer fraud and abuse. She could be sentenced to up to 25 years in prison if convicted. A full trial is now scheduled to start on Monday 4th November. Thompson is accused of compromising Capital One’s internal systems, hosted on the Amazon cloud, taking advantage of a poorly secured firewall to gain access earlier this year.

 

Newly discovered cyber-espionage malware abuses Windows BITS service

Security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS).  The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon. The first and only report on this hacking group has been published in 2016 by Citizen Lab, a non-profit organization focusing on security and human rights.

 

Wikipedia whacked in weekend DDoS attack

Wikipedia was taken offline in parts of the world over the weekend in a distributed denial of service (DDoS) attack. The site went down at around 7pm BST on Friday, affecting millions of users throughout Europe and in parts of the Middle East. However, it returned on Saturday morning. A spokesperson from Wikipedia blamed the “malicious attack” on “bad actors” in a blog post explaining things. “As one of the world’s most popular sites, Wikipedia sometimes attracts ‘bad faith’ actors,” the post continued. “Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving.

 

Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks

Microsoft and the Hewlett Foundation are preparing to launch a nonprofit organization dedicated to exposing the details of harmful cyberattacks and providing assistance to victims in an effort to highlight their costs, CyberScoop has learned. Known to its organizers as the “Cyber Peace Institute,” the nonprofit is expected to launch in the coming weeks, according to multiple sources who have discussed the launch with the organizers.

 

Facebook warns users of iOS 13 location tracking permissions

In a post to Facebook’s official “Newsroom,” titled “Understanding Updates to Your Device’s Location Settings,” company engineering director Paul McDonald explained the app’s various location technologies in broad strokes. Claiming “Facebook is better with location,” McDonald says existing services enable functionality of popular features like check-ins, Find Wi-Fi and Nearby Friends, while keeping the user community “safe.” Location tech also improves ad targeting and personalized alerts.

 

Ring Has A ‘Head Of Face Recognition Tech,’ Says It’s Not Using Facial Recognition Tech. Yet.

Amazon has developed facial recognition tech it’s inordinately proud of. Known as “Rekognition,” it’s not nearly as accurate as its deliberately misspelled moniker suggests it is. It drew Congressional heat last year when it misidentified a number of Congress members as criminals. There has been no interplay between Amazon’s Rekognition software and the Ring doorbell cameras its subsidiary is pushing to cops (who then push them to citizens). Yet. Maybe there will never be. But it’s pretty much an inevitability that Ring cameras will, at some point, employ facial recognition tech.

 

New Hand Gesture Technology Could Wave Goodbye To Passwords

A new biometric technology that literally waves goodbye to passwords is due to be announced by Hitachi Europe Ltd. on September 10. This first-of-a-kind technology couples Hitachi’s proven secure finger vein technology with any device that has a camera. So, could this be the beginning of the end for not only passwords but fingerprint scanning and facial recognition systems? I’ve been taking an exclusive first look at the new hand gesture biometric authentication technology.

Related Posts