AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/08/2021

Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That?

On Wednesday, hundreds of Donald Trump supporters rioted and stormed the Capitol, getting into the Senate and the offices of some lawmakers, who were hastily evacuated. Given how quickly some staffers and lawmakers had to leave, some of them left their computers unlocked and unattended, and some of the terrorists were photographed in front of them. Cybersecurity experts now worry that the rioters had a chance to get their hands on sensitive data, and more importantly, compromise the security of the whole IT system at the Capitol.”The terrorists/rioters would have easily gained access to congressional files, shared calendars, and emails (including potentially email lists of  constituents and supporters for any given congressman),” Ashkan Soltani, a security researcher and the former chief technology officer at the FTC, told Motherboard in an online chat. “The terrorists/rioters would have easily gained access to congressional files, shared calendars, and emails (including potentially email lists of  constituents and supporters for any given congressman),” Ashkan Soltani, a security researcher and the former chief technology officer at the FTC, told Motherboard in an online chat. 

 

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

2020 was a year many of us would like to forget, and as 2021 entered with little of the fanfare usually associated with New Year’s Eve celebrations, the challenge of the COVID-19 pandemic, still, is far from over. Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months. 

“Criminal networks will also be targeting unsuspecting members of the public via fake websites and false cures, which could pose a significant risk to their health, even their lives,” commented Jürgen Stock, Interpol Secretary-General. “It is essential that law enforcement is as prepared as possible for what will be an onslaught of all types of criminal activity linked to the COVID-19 vaccine, which is why Interpol has issued this global warning.” Only four weeks after this alert was issued, Interpol’s scenarios have already come to pass, with both the general public and vaccine supply chains as top targets. 

 

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020. “The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings,” the agency said in a statement published Jan. 6.

 

How startups are using XR to disrupt how we work, learn, and play

Emerging tech like AI, robotics, IoT, blockchain, and machine learning are kicking our organizations into high gear by catapulting our ability to process data, build products, and automate repetitive tasks. Andy Lurling, Founding Partner of impact-driven VC firm, LUMO Labs believes this shift will pave the way for us to find new and better solutions to some of society’s biggest problems. “If you want to create social impact fast, technology is the way. For example, with AI and data, you can find patterns so much faster and come up with a thousand alternatives that would take people years to work on.” But in our ‘data-driven’ era, there is one fledgling technology that could (ironically) help us humanize the future of tech. XR technology is based on enhancing the human experience by bringing our senses into the mix. This helps, not only to make the experience more realistic, but also makes it more personalized and emotional. 

 

This Simple Tool Will Help You See What Websites Know About You

Big tech knows a lot about us, and finding out exactly what it knows and downloading a copy of it can be a chore. JustGetMyData is a website that helps users navigate sites like Facebook and Twitter so they can download a copy of their data and see what, exactly, our favorite websites know about us. JustGetMyData is a fork of JustDeleteMe—a website that helps users navigate the often complicated process of scrubbing themselves from sites like Instagram.. Amazon makes it easy to return a defective product through a series of menus, but if you want to delete your account you’ll have to call someone, for example. Retrieving a copy of your personal data can be a similarly complicated process, but JustGetMyData makes it a little easier. And, if you’re planning to delete these accounts, it’s a good idea to get a copy of your data first.

Related Posts