AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 27, 2019

1 How blockchain is becoming the 5G of the payment industry

As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry. "I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients… the banks, are inherently conservative – at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."


2 McDonald's adds tech to the menu

McDonald’s is set to announce that it has reached an agreement to acquire Dynamic Yield, a startup based in Tel Aviv that provides retailers with algorithmically driven "decision logic" technology. When you add an item to an online shopping cart, it’s the tech that nudges you about what other customers bought as well. Dynamic Yield reportedly had been recently valued in the hundreds of millions of dollars; people familiar with the details of the McDonald’s offer put it at over $300 million. That would make it the company's largest purchase since it acquired Boston Market in 1999.


3 LinkedIn is becoming China's go-to platform for recruiting foreign spies

Buried in the 41-page felony complaint charging a former U.S. intelligence operative of spying for the Chinese, FBI investigators declare that the suspect, Ron Rockwell Hansen, had been printing information from his colleagues’ LinkedIn pages. Hansen, a former Defense Intelligence Agency case officer who pleaded guilty on March 15 to attempted espionage against the U.S., took information from the professional networking site related to several former and current DIA case officers before a 2015 trip to China. The complaint does not state how that information was used, if at all, but it’s enough to raise the notion Hansen may have been passing LinkedIn data to Chinese handlers in addition to other secret DIA materials files.


4 White House Launches AI.gov

All the federal government’s initiatives and resources around artificial intelligence can now be accessed on one dedicated website, AI.gov, which the White House launched today. “It’s a real hub for all the AI projects being done across the agencies,” Michael Kratsios, the U.S. deputy chief technology officer within the White House Office of Science and Technology Policy, told attendees of The Economist’s artificial intelligence event in Washington. “It really speaks to and highlights the whole government approach we’re taking to ensure American leadership in this work.” The site features AI-focused policy initiatives and accomplishments across the federal government and also brings together governmentwide resources such as fact sheets, strategic documents, agency programs and more.


5 Supreme Court rejects Amazon-owned Zappos’ appeal in long-running data breach dispute

A lawsuit against Amazon-owned Zappos will continue after the U.S. Supreme Court shot down an appeal from the online shoe retailer in a seven-year-old data breach case. In the wake of a 2012 breach that exposed the contact information names, addresses, phone numbers and more of 24 million customers, Zappos faced several lawsuits from customers. Zappos argued unsuccessfully to the Supreme Court that customers shouldn’t be able to sue without proof they were harmed in a breach. The Supreme Court agreed with a San Francisco appeals court that had previously revived the lawsuit. Both courts sided with the Zappos customers over the company, letting the lawsuit, which is seeking class-action status, continue. The appeals court found that the stolen data left customers vulnerable to identity theft, Bloomberg reported.


6 Medical cannabis users’ suffer data breach

Natural Health Services, the operator of Canada’s largest referral network of medical cannabis patients, recently suffered a data breach that exposed customers’ personal information like medical diagnoses, referrals, encounter notes, and allergies. The Calgary-based health center stated that unknown intruders allegedly accessed personal health records between December 4, 2018, and January 7, 2019. However, the company clarified that patient prescriptions, financial, credit card or social insurance numbers weren’t compromised in the incident. “NHS identified that a number of records containing personal health information in the electronic medical record (EMR) system we use were accessed without the authorization of NHS physicians for purposes that may be unrelated to providing medical care,” the company said in a statement.


7 Takeaways From The Times’s Investigation Into Hackers for Hire

A proliferation of digital spying tools in recent years has helped generate a surge in sophisticated espionage operations, once mostly the purview of major powers like the United States and Russia. Now, small countries, corporations and even simply wealthy people looking to settle scores can all hire private firms to conduct intelligence operations. A New York Times investigation detailed this new era of digital warfare and the multibillion-dollar industry behind it. Two firms — NSO, an Israeli company, and DarkMatter, based in the United Arab Emirates — have hired former government hackers to help their government clients not only hack criminal elements like terrorist groups and drug cartels but in some cases to also act on darker impulses, targeting activists and journalists.

Related Posts