AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/24/2021

TikTok no worse than Facebook for privacy, says Citizen Lab

TikTok is likely no more of a threat to users than Facebook, according to an analysis by academic research group Citizen Lab that analyzed the video-sharing social networking service’s app to probe for security, privacy and censorship issues. The report was published online on March 22 by the University of Toronto Lab, which focuses on civil digital threats and high-level policy engagement. The authors considered both TikTok – the app available outside China – and Douyin, the Chinese version of TikTok. TikTok has a bad reputation that saw it land in court over privacy concerns and eventually settle for under $100m to put multiple privacy-related class actions to bed.


Microsoft 365 Spoofing Campaign Targets CEOs and Decision Makers, Research Finds

Security researchers have identified a new Microsoft 365 spoofing campaign that targets specific people in companies, trying to compromise peoples’ accounts such as C-suite executives and other essential positions from the retail, insurance and financial services industries. Sweeping spoofing campaigns are an almost everyday occurrence, as companies have to deal with this threat constantly. But there’s a subgroup of this threat that’s better well-aimed and thought out to have maximum impact by targeting executives in companies, giving attacks increase leverage and access. The new Microsoft Office 365 credential harvesting campaign targeted various C-suite executives and other decision-makers in companies, but with a twist. Criminals looked for people just settling in and hit them during the transition period, relying on the target’s limited knowledge in a new company.


Quantum computing: IBM’s new tool lets users design quantum chips in minutes

Building the hardware that underpins quantum computers might not sound like everybody’s cup of tea, but IBM is determined to make the idea sound less challenging.  The company has announced the general availability of Qiskit Metal, an open-source platform that automates parts of the design process for quantum chips, and which IBM promised will now let “anyone” design quantum hardware.  Big Blue detailed the progress made with Metal since the tool was first announced late last year as part of the company’s larger Qiskit portfolio, which provides open-source tools for creating programs that can run on IBM’s cloud-based quantum devices. 


California bans ‘dark patterns’ that trick users into giving away their personal data

If you’ve ever struggled through a maze of online customer service to cancel a subscription or delete an account, you’ve likely encountered “dark patterns” — user interfaces that are designed to trick and frustrate users. The concept was coined in 2010 but is slowly being addressed in US legislation, with California this week announcing that it is banning the use of dark patterns that stop users from opting out of the sale of their personal data. The updated regulation strengthens enforcement of the 2018 California Consumer Privacy Act (CCPA), one of the toughest consumer privacy laws in the US. The CCPA gives Californians the right “to say no to the sale of personal information,” but the state government is evidently worried that these options will be buried under byzantine menus. By banning dark patterns, California will “ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights,” said the state’s Attorney General Xavier Becerra in a press statement.


7 steps to staying safe and secure on Twitter

Twitter, the popular social networking service, will celebrate its 15th anniversary this Sunday. Perhaps it’s not a stretch to say that it has been a monumental force in the lives of some of us. It’s also during these trying times that we use it to keep track of all manner of things, ranging from world affairs and sports results to new developments in the battle against COVID-19. However, as is the case with any other social media platform, it also carries various risks such as online trolls and cyberbullying. Check out these simple steps to prevent your Twitter account from being hacked and to remain safe while tweeting.


Mozilla Firefox tweaks Referrer Policy to shore up user privacy

Mozilla Firefox will soon include a revised Referrer Policy to tighten up queries and better protect user information. Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers “to prevent sites from accidentally leaking sensitive user data.” In a blog post on Monday, developer Dimi Lee and security infrastructure engineering manager Christoph Kerschbaumer said the latest browser version will include a “stricter, more privacy-preserving default Referrer Policy.” Browsers send HTTP Referrer headers to websites to indicate which location has ‘referred’ a user to a website server. Full URLs of referring documents are often sent in the HTTP Referrer header with other subresource requests, and while this may contain innocent information used for purposes including analytics, private user data may also be included. 


Lockheed Martin and Omnispace to build a space-based 5G network

Weeks after the U.S. Air Force’s Space Command issued a Request for Information (RFI) detailing its interest in using 5G for data transportation for ground- and space-based communications, Lockheed Martin, a U.S. defense contractor, announced a strategic interest agreement with satellite startup Omnispace “to explore jointly developing 5G capability from space.” Omnispace CEO Ram Viswanathan told CNBC that the partnership “stems from a common vision of a global 5G network, which enables users to seamlessly transition between the satellite [and the]terrestrial network.” Viswanathan also added that Lockheed Martin makes for a powerful partner because the company has a “depth of expertise” in a number of markets, but most critically, in serving the Department of Defense. “Their appetite never dulls and the kind of need they have for communications across the board,” Lockheed Martin Space Executive Vice President Rick Ambrose told CNBC. “Omnispace has a very powerful vision of how to offer the service … [and]how you get it down to a mobile device.” This healthy “appetite” can also been seen in the interest that the Department of Defense has cultivated regarding CBRS network implementation.

Related Posts