AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/26/2019

Whoops! Google Says Mysterious Wave of Unbootable Macs Is Their Bad

A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Monday evening, Variety reported. Initially, blame for the corrupted file systems was largely directed at Avid and its Media Composer software, which was identified as a common link by film and TV editors who said they could not reboot their Mac Pros after shutdown. But on Tuesday evening, Google told users via its support forums that it had “recently discovered that a Chrome update may have shipped with a bug that damages the file system on MacOS machines” and “paused the release while we finalize a new update that addresses the problem.”


Facebook’s ambitions for the brain are coming into focus

On Monday, we saw another aspect of that ruthless / shameless dynamic playing out. As the company faces multiple antitrust investigations over competition issues, it announced it had acquired CTRL-Labs, maker of a wristband capable of transforming electrical signals from the brain into computer inputs — a so-called “brain click.” “The vision for this work is a wristband that lets people control their devices as a natural extension of movement.”


Microsoft launches its AI presentation coach for PowerPoint

A few months ago, Microsoft  announced that PowerPoint would soon get an AI-powered presentation coach that could help you prepare for that important next presentation by giving you immediate feedback. Today, the company is launching this new tool, starting with the web version of PowerPoint. The new PowerPoint Presentation Coach aims to take the hassle out of practicing. In its current version, the tool looks at three things: pace, slide reading and word choice.


Finnish Govt. Releases Guide on Securing Microsoft Office 365

The National Cyber Security Centre Finland (NCSC-FI) which acts as Finland’s National Communications Security Authority published today a detailed guide on how to secure Microsoft Office 365 against data breaches and credential phishing. NCSC-FI’s guide is focused on mitigating Microsoft Office 365 phishing which can lead to stolen credentials and to financial losses in the event of a successful Business Email Compromise (BEC) scam fraud that would use the stolen information.


‘Carpet-bombing’ DDoS attack takes down South African ISP for an entire day

Mysterious attackers have taken down a South African internet service provider over the weekend using a DDoS technique called carpet bombing, ZDNet has learned. The DDoS attacks took place on Saturday and Sunday, September 21 and 22, and have targeted Cool Ideas, one of South Africa’s largest ISPs. During the DDoS, attackers successfully managed to bring down Cool Ideas’ external connections to other ISPs, as can be seen from open-source reporting tools.


Heyyo dating app leaked users’ personal data, photos, location, more

Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, believed to be the app’s entire userbase.


Malware Attack Prompts US Transport Authority to Axe Online Store

An American transport authority has responded to a malware attack by permanently closing its online store. The Southeastern Pennsylvania Transport Authority (SEPTA) shuttered the site Shop.SEPTA.org within an hour of discovering that the personal data of 761 customers had been stolen in a data-skimming Magecart attack.  Hackers were able to steal shoppers’ credit card numbers, names, and addresses during an online crime spree thought to have begun on June 21 and ended on July 16. The store, which sold online travel tickets along with SEPTA-branded mugs and clothing, was hosted by Amazon Web Services. 


NHS staff issued with fresh cyber security guidance

NHS Digital has launched an organisation-wide cyber security campaign to provide staff with the most up-to-date guidance on how to avoid and mitigate potential cyber threats and data breaches. With the NHS being one of the biggest direct and indirect targets for cyber criminals, NHS Digital’s ‘Keep I.T. Confidential’ campaign is hoping to educate the workforce on the impact of cyber security on patient safety and care.


Animates customers’ personal information and credit card details compromised in data breach

Animates is warning customers to monitor their bank accounts after the pet retailer’s website was the target of a cyber attack. In an email sent to customers on Friday Animates NZ chief executive Rod Gibson said an unidentified third party recently gained unauthorised access to its website and may have accessed customers’ personal information and payment details entered on its website.


Amazon reveals $180 Echo Frames smart glasses with Alexa built in

Amazon is getting into the smart glasses race. Today at its Echo and Alexa-focused hardware event, VP Dave Limp gave an early look at Echo Frames. The glasses resemble traditional prescription lenses, but allow wearers to take Amazon’s Alexa smart assistant with them anywhere and everywhere. Echo Frames are part of a program that Amazon calls “Day One editions,” which are devices, aimed at enthusiasts, that aren’t quite ready for mass, widespread release. They’ll be available on an invite-only basis for $179.99.


Vimeo sued for storing faceprints of people without their say-so

You didn’t tell me that you’re collecting and storing my faceprint, you didn’t tell me why or for how long, you didn’t get my written OK to do it, and you haven’t told us how long you’re retaining our biometrics or how we can get you to nuke them, another Illinois resident has said in yet another proposed facial recognition class action lawsuit based on the state’s we’re-not-kidding-around biometrics law. This one’s against the video-sharing, face-tagging website Vimeo. The complaint was filed on 20 September on behalf of potentially thousands of plaintiffs under the Illinois Biometric Information Privacy Act (BIPA). Illinois resident Bradley Acaley is lead plaintiff.

Related Posts