AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/03/2023

Italian regulators order ChatGPT ban over alleged violation of data privacy laws 

Italy’s national privacy regulator has ordered an effective ban of AI chatbot ChatGPT, accusing creators OpenAI of “unlawful collection of personal data.” It’s ordered OpenAI to stop collecting Italian users’ data immediately until it amends its data collection practices. The country’s Data Protection Authority, the GPDP, issued a press release this morning saying that the company lacks lawful justification for the collection of users’ personal information. The GPDP says that OpenAI also has no mechanism in place to stop underage users accessing the service, which “exposes minors to absolutely unsuitable answers compared to their degree of development and self-awareness” (translation via Google). 

 

Meta wants EU users to apply for permission to opt out of data collection 

Meta announced that starting next Wednesday, some Facebook and Instagram users in the European Union will for the first time be able to opt out of sharing first-party data used to serve highly personalized ads, The Wall Street Journal reported. The move marks a big change from Meta’s current business model, where every video and piece of content clicked on its platforms provides a data point for its online advertisers. People “familiar with the matter” told the Journal that Facebook and Instagram users will soon be able to access a form that can be submitted to Meta to object to sweeping data collection. If those requests are approved, those users will only allow Meta to target ads based on broader categories of data collection, like age range or general location. 

 

Hack the Pentagon website promotes the benefits of bug bounties to US Military 

My guess is that if you stumbled across a website that called itself “Hack the Pentagon” and was decorated with a grisly-looking skull, you would probably think that you might be somewhere less than legitimate. After all, normally if you hacked The Pentagon you would find yourself in heaps of trouble. But that’s not the case if you’re an “ethical hacker” who has been vetted by the US Department of Defense, and a signed-up participant to the “Hack the Pentagon” scheme that the Directorate for Digital Services (DDS) has been running since 2016The initiative, which initially offered rewards of up to US $150,000 for security researchers who uncovered security holes on Pentagon websites, eventually resulted in the DDS running over 40 bug bounty programs which have flagged more than 2,100 vulnerabilities. 

 

Lewis & Clark College cyberattack claimed by notorious ransomware gang 

A cyberattack on Lewis & Clark College announced earlier this month has been claimed by a ransomware gang implicated in several attacks on K-12 schools and colleges over the last year. The Vice Society cybercrime group took credit for the attack on Friday, posting samples of passports as well as documents that included Social Security numbers, insurance files, W-9 forms, contracts and more. The Portland, Oregon, liberal arts college did not respond to requests for comment about whether a ransom was demanded or will be paid. 

 

Twitter reveals some of its source code, including its recommendation algorithm 

As repeatedly promised by Twitter CEO Elon Musk, Twitter has opened a portion of its source code to public inspection, including the algorithm it uses to recommend tweets in users’ timelines. On GitHub, Twitter published two repositories containing code for many parts that make the social network tick, including the mechanism Twitter uses to control the tweets users see on the For You timeline. In a blog post, Twitter characterized the move as a “first step to be[ing] more transparent” while at the same time “[preventing] risk” to Twitter itself and people on the platform. 

 

German Police Raid DDoS-Friendly Host ‘FlyHosting’ 

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating “an internet service” since mid-2021. The German authorities did not name the suspects or the Internet service in question. 

Related Posts