Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/29/2021

1 – Instagram rolls out new features to help prevent cyberbullying

Instagram has unveiled new tools to help combat cyberbullying and other abusive behavior on the platform – a filter that will prevent users from seeing abusive Direct Messages (DMs) and a tool to stop someone a user has blocked from contacting them from another account. “We understand the impact that abusive content – whether it’s racist, sexist, homophobic, or any other kind of abuse – can have on people. Nobody should have to experience that on Instagram. But combatting abuse is a complex challenge and there isn’t one single step we can take to eliminate it completely,” Instagram said in a blogpost introducing the tools. Indeed, cyberbullying has become a perennial problem on social media, with victims ranging from children to adults. To protect user privacy, the Facebook-owned social media network doesn’t proactively monitor users’ DMs like it would other publicly viewable content on its platform. Instead, it is debuting a tool that will filter out abusive messages. “That’s why we’re introducing a new tool which, when turned on, will automatically filter DM requests containing offensive words, phrases and emojis, so you never have to see them. This tool focuses on DM requests, because this is where people usually receive abusive messages – unlike your regular DM inbox, where you receive messages from friends,” explained the popular social network.

 

2 – Lawmakers start a push for new breach notification rules after SolarWinds attack

For more than a decade, policymakers on Capitol Hill have repeatedly tried and failed to pass meaningful federal data breach notification laws that would require companies to share details about cybersecurity incidents that they experience. As a result, organizations have to comply with a patchwork of more than 50 notification laws for each state and territory in the U.S. However, a group of lawmakers are pushing colleagues and business associations to revisit these efforts, arguing that recent incidents have highlighted how the lack of mandatory reporting rules makes it harder to detect and respond to major incidents. “There was a ‘holy heck’ moment with SolarWinds,” Sen. Mark Warner (D., Virginia) told members of the U.S. Chamber of Commerce, a major lobbying group for U.S. businesses, on Tuesday. “We need to focus on [creating] a structure that would allow some limited mandatory reporting for government contractors and critical infrastructure.”

 

3 – Microsoft mulls over tweaks to threat data, code-sharing scheme following Exchange Server debacle

Microsoft is reportedly considering revisions to a threat and vulnerability sharing program suspected of being a key factor in widespread attacks against Exchange servers. The Microsoft Active Protections Program (MAPP) is a program for security software providers and partners which gives participants early access to vulnerability and threat intelligence.  MAPP, which includes 81 organizations, was intended to give other companies the chance to develop strategies and to deploy necessary protections before vulnerabilities are made public. However, MAPP has recently come under scrutiny as the potential source of a leak of exploit code — either accidentally or deliberately — later weaponized during the Microsoft Exchange Server incident. 

 

4 – DigitalOcean says customer billing data accessed in data breach

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22. The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date and the name of the card-issuing bank. The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach. “To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.

 

5 – Government and industry to combat ransomware with Bitcoin regulation

Government and industry officials confronting an epidemic of ransomware, where hackers freeze the computers of a target and demand a payoff, are zeroing in on cryptocurrency regulation as the key to combating the scourge, sources familiar with the work of a public-private task force said. In a report on Thursday, the panel of experts is expected to call for far more aggressive tracking of bitcoin and other cryptocurrencies. While those have won greater acceptance among investors over the past year, they remain the lifeblood of ransomware operators and other criminals who face little risk of prosecution in much of the world. Ransomware gangs collected almost $350 million last year, up threefold from 2019, two members of the task force wrote this week. Companies, government agencies, hospitals and school systems are among the victims of ransomware groups, some of which U.S. officials say have friendly relations with nation-states including North Korea and Russia.

Related Posts