AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/10/2022

GameStop reportedly has a whole unit working on NFTs and cryptocurrency

Video game retailer and memestock darling GameStop is making a big bet on NFTs and cryptocurrency technology. According to a new report from The Wall Street Journal, the company has built up an over 20-person strong team working on an online marketplace for the virtual items, which could include cosmetic skins and in-game items. The company is said to be courting game developers and publishers to list NFTs on its marketplace, and hopes to ink deals with crypto companies to develop the underlying technology and help invest in games featuring NFT and blockchain tech. In total, the WSJ reports that GameStop’s investments in crypto could stretch into the tens of millions, and involve agreements made with over a dozen other companies. A spokesperson for GameStop did not immediately respond to The Verge’s request for comment.

 

Thousands of websites taken offline in Brexit domain name change

Around 48,000 internet domain names belonging to U.K. citizens and organizations — including pro-Brexit site Leave.eu — have been indefinitely taken offline from Monday, following the revocation of their .eu domain names by the agency in charge of registrations. The move marks the final step in an ongoing process since the U.K. withdrew from the EU on January 31, 2020. U.K.-based owners of .eu domains were told that they needed to prove eligibility for an EU domain; otherwise, they would risk suspension, meaning their domains would be unable to support website-hosting or email functionality. To register a .eu domain, individuals must be either citizens or residents of the bloc, and organizations should be established within the EU.

 

At CES 2022, Nvidia sets the stage for AI everywhere

Despite the continuing COVID-19 pandemic, the Consumer Electronics Show (CES) is taking place in Las Vegas this week, returning to a live format after a year off. The live presentation is somewhat ironic in an event where virtual reality, the metaverse, autonomous vehicles, and non-fungible tokens (NFTs) are taking center stage. Like it or not, the digitization of all things physical is coming fast. Although many of the CES 2022 themes may seem unrelated, there is one underlying technology — and that’s artificial intelligence.  We are rapidly moving into a world where AI is infused in almost every aspect of our lives — from the games we play to home electronics to the cars we drive and beyond. The technology that powers AI is the graphics processing unit, also known as a GPU, for which Nvidia is far and away from the market leader and de-facto standard. At CES, the company announced a bevy of new products to bring more AI to more places.

 

Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps

Users of popular open-source libraries ‘colors’ and ‘faker’ were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there’s much more to the story. The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on ‘colors and ‘faker’. The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

 

Hackers Tried Recycled Passwords on More Than a Million Accounts

More than 1 million online accounts across 17 well-known companies were the victim of hacking attempts that reused previously stolen passwords swirling around the internet, New York’s top law enforcement officer said Wednesday. The ruse, known as a “credential stuffing attack,” involves a cyber criminal trying to repeatedly access someone’s account by deploying user names and passwords that were previously made public. User names and passwords are sometimes posted or sold on the dark web or hacking forums after being stolen in cyberattacks. Attorney General Letitia James said hackers take advantage of the fact that people tend to re-use passwords across multiple sites. In a credential-stuffing attack, the hacker may submit hundreds of thousands, or even millions of login in attempts using specialized software.

 

UK ICO wants to talk to Meta about child protection in VR

If the Oculus headset if found to break child safety rules, Meta could face a fine of up to four per cent of its annual global turnover. The UK’s Information Commissioner’s Office (ICO) is seeking to talk with Mark Zuckerberg’s Meta about the parental control features on its popular Oculus Quest 2 VR headset, looking for clarification on whether the device complies with the recently established Children’s Code. Child safety campaigners have warned that the £300 device lacks parental controls and could breach the new protection code. Research by the Center for Countering Digital Hate (CCDH), a campaign group, found multiple incidents of abuse on VRChat, a popular social tool for Oculus users. In one instance, CCDH found a young person’s avatar being followed by two heavily breathing men. In another case, a male reportedly joked in front of an under-18 that he was a “convicted sex offender.”

Related Posts