Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/09/2021

Bill would allow tech companies to create local governments

If you’ve got enough money, acres upon acres of undeveloped land and an “innovative technology,” you soon could form a new local government in Nevada. When Gov. Steve Sisolak last month announced his plan to launch Innovation Zones in Nevada to jump-start the state’s economy by attracting new tech companies, the details of how those zones would operate proved scarce. According to a draft of the proposed legislation, obtained by the Review-Journal but not yet introduced in the Legislature, Innovation Zones would allow tech companies like Blockchains, LLC to effectively form separate local governments in Nevada, governments that would carry the same authority as a county, including the ability to impose taxes, form school districts and justice courts and provide government services, to name a few duties.

 

Sheryl Sandberg Downplayed Facebook’s Role In The Capitol Hill Siege—Justice Department Files Tell A Very Different Story

Forbes reviewed data from the Program on Extremism at the George Washington University, which has collated a list of more than 200 charging documents filed in relation to the siege. In total, the charging documents refer to 223 individuals in the Capitol Hill riot investigation. Of those documents, 73 reference Facebook. That’s far more references than other social networks. YouTube was the second most-referenced on 24. Instagram, a Facebook-owned company, was next on 20. Parler, the app that pledged protection for free speech rights and garnered a large far-right userbase, was mentioned in just eight. The references are a mix of public posts and private messages sent on each platform, discussing  plans to go to the Stop the Steal march, some containing threats of violence, as well as images, videos and livestreams from the breach of the Capitol building.

 

CBS All Access crashed just ahead of Super Bowl LV kickoff

CBS All Access, the streaming service from ViacomCBS, did not work for some customers Sunday night as they tried to access the service just ahead of the Super Bowl LV kickoff. The incident represents a weak spot for streaming services vying to win rights to air big games from major sports leagues. Streaming TV technology still isn’t as reliable as traditional broadcast or cable during highly-trafficked events. Roku and desktop users were the ones experiencing technical difficulties, Variety reports. This issue was shortly resolved by the time the game got underway. The incident joins a long list of crucial sports moments streamers have struggled to seamlessly deliver for big games.

 

New phishing scam uses Morse code to conceal malicious links

In a display of bewildering creativity, cybercriminals have started using Morse code to conceal password-stealing malware. The discovery of this completely novel approach was first detailed on Reddit and has since been verified by Bleeping Computer. Here’s how the attack is conducted: first the hacker sends out an email with an HTML attachment, designed to look like an Excel invoice. Most email security solutions would normally pick up on a document like this, but this time the script in the HTML file is written in Morse code. Further down, another script calls a decodeMorse() function that decodes the code into a hexadecimal string and then another script that decodes it into two JavaScript tags. These tags are injected into the HTML page and displayed on the screen. When the victim tries to open the file, it launches in an internet browser and displays something resembling Excel, with a popup across the screen that asks the victim to submit their password. This password is then sent to a CnC server, where it’s collected by the attackers.

 

Hacker tries to poison water supply of Florida city

A computer hacker gained access to the water system of a city in Florida and tried to pump in a “dangerous” amount of a chemical, officials say. The hacker briefly increased the amount of sodium hydroxide (lye) in Oldsmar’s water treatment system, but a worker spotted it and reversed the action. Lye is used in small amounts to control acidity but a large amount could have caused major problems in the water. Oldsmar Mayor Eric Seidel said: “There’s a bad actor out there.” No arrests have yet been made and it is not known if the hack was done from within the US or outside. A computer controlling Oldsmar’s water treatment system was remotely accessed on Friday.

 

DOJ drops lawsuit challenging California’s net neutrality law

The U.S. Justice Department (DoJ) dropped its lawsuit against California’s net neutrality law on Monday, reports Reuters, foreshadowing the Biden administration’s approach to internet regulation. Acting Federal Communications Commission (FCC) Chair Jessica Rosenworcel welcomed the news as a sign that open internet rules would soon be reinstated across the country. “When the FCC, over my objection, rolled back its net neutrality policies, states like California sought to fill the void with their own laws,” Rosenworcel said in a press statement. “By taking this step, Washington is listening to the American people, who overwhelmingly support an open internet, and is charting a course to once again make net neutrality the law of the land.”

Related Posts