AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/09/2023

WhatsApp could disappear from UK over privacy concerns, ministers told 

The UK government risks sleepwalking into a confrontation with WhatsApp that could lead to the messaging app disappearing from Britain, ministers have been warned, with options for an amicable resolution fast running out. At the centre of the row is the online safety bill, a vast piece of legislation that will touch on almost every aspect of online life in Britain. More than four years in the making, with eight secretaries of state and five prime ministers involved in its drafting, the bill, which is progressing through the House of Lords, is more than 250 pages long. The table of contents alone spans 10 pages. 


QR codes used in fake parking tickets, surveys to steal your money 

As QR codes continue to be heavily used by legitimate organizations—from Super Bowl advertisements to enforcing parking fees and fines, scammers have crept in to abuse the very technology for their nefarious purposes. A woman in Singapore reportedly lost $20,000 after using a QR code to fill out a “survey” at a bubble tea shop, whereas cases of fake car parking citations with QR codes targeting drivers have been observed in the U.S. and the U.K. A Singapore-based woman lost $20,000 to an stealthy scam after visiting a bubble tea shop. 


Musk issues ultimatum to inactive Twitter users: Log in or be purged 

On Monday, Twitter CEO Elon Musk tweeted a warning that all inactive Twitter accounts would soon be purged, potentially impacting follower counts. “We’re purging accounts that have had no activity at all for several years, so you will probably see follower count drop,” Musk tweeted. Twitter’s official policy now considers a user inactive if they fail to log in “at least every 30 days.” An archived version of this policy shows that as recently as April 19, the policy had been to log in every six months to keep an account active. Twitter seems to have quietly updated the policy within the past few weeks. 


Spotify takes down thousands of AI-generated songs after suspected bot use to inflate streams, report says 

Spotify has taken down tens of thousands of songs which were generated by the AI startup Boomy, the Financial Times reported. Boomy lets users create tunes in different styles from rap to lo-fi, then release it to streaming services where they can be paid royalties. Despite only fully launching to the public in 2021, Boomy’s website claims it has generated 14.5 million songs or 14% of the world’s recorded music. But the tracks were removed because the number of streams had been artificially boosted, Spotify said. 


SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 

India’s prolific SideWinder advanced persistent threat group (APT) is targeting Pakistani government officials and individuals in Turkey, using polymorphism techniques that allow it to bypass traditional signature-based antivirus (AV) detection to deliver a next-stage payload. The attacks use documents with content geared toward their interests, which when opened exploit a remote template injection flaw to deliver malicious payloads, the researchers at the BlackBerry Threat Research and Intelligence team revealed in a blog post on May 8. 


Related Posts