Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/22/2021

1 – Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’

An internal email accidentally leaked by Facebook to a journalist has revealed the firm’s intentions to frame a recent data scraping incident as “normalized” and a “broad industry issue.” Facebook has recently been at the center of a data scraping controversy. Earlier this month, Hudson Rock researchers revealed that information belonging to roughly 533 million users had been posted online, including phone numbers, Facebook IDs, full names, and dates of birth.  The social media giant confirmed the leak of the “old” data, which had been scraped in 2019. A functionality issue in the platform’s contact platform, now fixed, allowed the automatic data pillaging to take place.  

 

2 – Biden Administration Takes Bold Action to Protect Electricity Operations from Increasing Cyber Threats

As part of the Biden Administration’s effort to safeguard U.S. critical infrastructure from persistent and sophisticated threats, the U.S. Department of Energy (DOE) launched an initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain. This 100 day plan—a coordinated effort between DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA)—represents swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to U.S. national and economic security.

 

3 – Ransomware gang tries to extort Apple hours ahead of Spring Loaded event

The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web. The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.

In a message posted on a dark web portal where the ransomware gang usually threatens victims and leaks their data, the REvil gang said that Quanta refused to pay to get its stolen data back and, as a result, the REvil operators have now decided to go after the company’s primary customer instead. The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until Apple or Quanta paid the ransom demand.

 

4 – Why Apple’s latest gadget is catching the attention of antitrust regulators

On Tuesday, Apple announced the release of AirTag, a small, electronic tracker people can attach to keys, a piece of luggage, or anything, really, and then use Apple’s Find My system to find that item. For Apple fans, it’s another handy product. But for Tile, the maker of a similar tracker, the long-awaited announcement is another sign of Apple’s anticompetitive behavior. Tile is once again encouraging Congress to take a closer look at Apple ahead of a Senate antitrust hearing, where Tile’s general counsel, Kirsten Daru, will testify alongside executives from Spotify, Match, Google, and Apple. The hearing comes as Apple has repeatedly been accused of anticompetitive behavior due to its requirement for all iOS apps to be distributed through Apple’s App Store, where Apple takes a commission for sales.

 

5 – The FCC is going to hold providers accountable for anti-robocall efforts

The Federal Communications Commission (FCC) is introducing a new database all voice providers will have to use to allow the agency to track the work they’re doing to stop robocalls. Starting September 28th, 2021, phone companies will be required to block any incoming traffic from providers not listed in the Robocall Mitigation Database. In particular, any companies that got an extension to implement STIR/SHAKEN, a protocol that allows a carrier to verify a caller ID before it reaches its intended recipient, will have to file detailed reports with the agency on their progress towards putting the technology in place. “Protecting consumers from scammers that use robocall and spoofing tools is a top priority,” said Acting FCC Chair Jessica Rosenworcel. “To succeed, we not only need an all-hands-on-deck response from government, but we need industry commitment and focus. Our message to providers is clear: certify under penalty of perjury the steps you are taking to stop illegal robocalls, or we will block your calls.”

 

6 – The Postal Service is running a ‘covert operations program’ that monitors Americans’ social media posts

The law enforcement arm of the U.S. Postal Service has been quietly running a program that tracks and collects Americans’ social media posts, including those about planned protests, according to a document obtained by Yahoo News. The details of the surveillance effort, known as iCOP, or Internet Covert Operations Program, have not previously been made public. The work involves having analysts trawl through social media sites to look for what the document describes as “inflammatory” postings and then sharing that information across government agencies. “Analysts with the United States Postal Inspection Service (USPIS) Internet Covert Operations Program (iCOP) monitored significant activity regarding planned protests occurring internationally and domestically on March 20, 2021,” says the March 16 government bulletin, marked as “law enforcement sensitive” and distributed through the Department of Homeland Security’s fusion centers.

 

7 – DISH to build the nation’s first cloud-native 5G network on AWS

DISH is leveraging Amazon Web Services infrastructure and services to build a cloud-based 5G Open Radio Access Network (O-RAN), the companies announced Wednesday. The strategic partnership between DISH and AWS marks the first time a 5G network will be run in the cloud. The network, which will eventually be nationwide, is slated to go live in Las Vegas later this year.  As part of the deal, DISH is using AWS Outpostsand Local Zones to support workloads at the network edge. AWS will also power DISH’s fully automated Operation and Business Support Systems (OSS and BSS), which will enable the company to provision and operate its customers’ 5G workloads and monetize its network.

 

8 – New Rules Allowing Small Drones to Fly Over People in US Take Effect

The Federal Aviation Administration (FAA) said that final rules announced in December took effect on Wednesday allowing for small drones to fly over people and at night, a significant step toward their eventual use for widespread commercial deliveries. The effective date was delayed about a month during the change in administration. The FAA said its long-awaited rules for the drones, also known as unmanned aerial vehicles, will address security concerns by requiring remote identification technology in most cases to enable their identification from the ground. Previously, small drone operations over people were limited to operations over people who were directly participating in the operation, located under a covered structure, or inside a stationary vehicle – unless operators had obtained a waiver from the FAA.

Related Posts