AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/18/2023

Capita accused of ‘unsafe storage of personal data’ following data breach 

Capita, the British outsourcing company hit by a ransomware attack in March, is facing a growing list of complaints from customers following the revelation of another data breach. Colchester City Council, which contracts Capita for financial services, has accused the company of “unsafe storage of personal data” over an historical incident that predates the ransomware attack but came to light afterwards. As first reported by TechCrunch earlier this month, Capita had for seven years left thousands of customer files exposed online in an unprotected Amazon Web Services S3 bucket that did not even require a password to access. 


FBI warns organizations of the new BianLian ransomware tactics 

A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency (CISA,) is warning organizations of the latest tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group. BianLian is a ransomware and data extortion group that has been targeting entities in the U.S. and Australian critical infrastructure since June 2022Part of the #StopRansomware effort, the advisory is based on investigations from the Federal Bureau of Investigation (FBI) and Australian Cyber Security Centre (ACSC) as of March 2023. It aims to provide defenders with information that allows them to adjust protections and strengthen their security stance against BianLian ransomware and other similar threats. 


Re-Victimization from Police-Auctioned Cell Phones 

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction. Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. 


Google sued over ‘interception’ of abortion data on Planned Parenthood website 

An anonymous complainant has filed a lawsuit against Google, claiming it unlawfully collects health data, including abortion searches, on third-party websites that use Google technology. Jane Doe, whose legal representation is looking to get the case certified as a class action, claims her private information was intercepted by Google when she used the scheduling pages on Planned Parenthood’s website in 2018 to search for an abortion provider. Doe alleges Google wrongfully collected her medical information and that of other would-be class members “without authorization and proper compensation” when its tracking tech was used by her healthcare provider. 


Ireland’s DPC set to hit Meta with record privacy fine over US data transfers 

Ireland’s Data Protection Commission (DPC) is set to hand Facebook owner Meta Platforms a record European Union privacy fine for failing to heed a top court warning aimed at protecting users’ data from the prying eyes of US security services once it’s shipped to servers across the Atlantic. The DPC, which oversees the EU operations of most Silicon Valley firms, will also order the social network to stop all data transfers to the US that rely on supposedly unsafe contractual clauses questioned by the bloc’s top court, according to people with the matter, who spoke on condition of anonymity. The Meta penalty, ahead of the fifth anniversary of the EU’s General Data Protection Regulation, will eclipse the previous record, a €746 million fine for Amazon, the people said. 


Dark Web ChatGPT Unleashed: Meet DarkBERT 

We’re still early in the snowball effect unleashed by the release of Large Language Models (LLMs) like ChatGPT into the wild. Paired with the open-sourcing of other GPT (Generative Pre-Trained Transformer) models, the number of applications employing AI is exploding; and as we know, ChatGPT itself can be used to create highly advanced malware. As time passes, applied LLMs will only increase, each specializing in their own area, trained on carefully curated data for a specific purpose. And one such application just dropped, one that was trained on data from the dark web itself. DarkBERT, as its South Korean creators called it, has arrived — follow that link for the release paper, which gives an overall introduction to the dark web itself. 

Related Posts