AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – February 22, 2019

Samsung first teased its foldable phone back in November, and at the company’s Galaxy Unpacked event today, it’s further detailing its foldable plans. Samsung’s foldable now has a name, the Samsung Galaxy Fold, and the company is revealing more about what this unique smartphone can do. Samsung is planning to launch the Galaxy Fold on April 26th, starting at $1,980, through AT&T and T-Mobile in the US, with a free pair of Samsung’s new wireless earbuds. There will be both an LTE and 5G version of the Galaxy Fold, and Samsung is even planning on launching the device in Europe on May 3rd, starting at 2,000 euros.


2 A million StreetEasy accounts hacked

Now you can shop for StreetEasy user accounts on the dark web. In an email to users Tuesday, StreetEasy said login information for accounts on the site had been hacked by an “unauthorized party” and are currently for sale on the dark web. The company said some financial information might also have been accessed in the hack. “The stolen data includes email addresses, usernames, and encrypted passwords,” StreetEasy’s communications director, Emily Heffter, said in a statement. “In our investigation, we determined that phone numbers, the last four digits, card type, expiration dates and billing addresses of some mostly expired customer credit cards may also have been accessed.”


3 Facebook tracks users it thinks may harm its employees

Have you ever been so enraged at Facebook that you’ve messaged CEO Mark Zuckerberg and told him to buzz off? …or maybe you simply left that type of comment in a post somewhere on Facebook or one of its apps? If so, you might well have been inducted into what CNBC reports is the company’s BOLO watch list. That’s an acronym for Be On Lookout: a list of hundreds of people who have threatened Facebook or its staff, sulked over losing a contract, or gotten fired, be it with or without sulking or emotional outbursts. Keeping a list like that is not, in itself, unusual. What’s unique about Facebook’s approach to BOLOs is that it doesn’t just disseminate a list of names to security staff. Facebook also mines its platform for threatening posts. Sometimes, Facebook goes so far as to use its apps to discern the whereabouts of people whom it finds threatening, to determine whether they pose a credible threat.


4 Google claims built-in Nest mic was ‘never intended to be a secret’

Google has admitted it made an error when it didn’t disclose that its Nest Secure home security system included an on-device microphone. In a statement given to Business Insider, a spokesperson from the company said, “The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.” At the beginning of February, Google announced that it would be adding built-in Google Assistant support to the Nest Guard, which is the Nest Secure system’s hub and keypad. Before then, the security system’s product page didn’t mention that it included a microphone. In its statement, Google clarified that, “The microphone has never been on, and is only activated when users specifically enable the option.” The product page has since been updated to mention the microphone.


5 Google sets new Android API level requirements to ‘improve the security of the app ecosystem’

Google today said that it’ll require Android apps in major app stores from third-party manufacturers like Huawei, Oppo, Vivo, Xiaomi, Baidu, Alibaba, and Tencent to target API level 26 (Android 8.0) or higher in 2019, in a bid to “improve the security of the app ecosystem.” It also said it will require all new apps to target API level 28 (Android 9) or higher by August 2019, and mandate that updates to existing apps target API level 28 or higher by November 2019. The target API levels will “advance annually,” Google says, and existing apps that aren’t receiving updates won’t be affected by the changes.

Related Posts