AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/24/2023

FTC Accuses Defunct Edtech Company Edmodo of Violating Kids’ Privacy

The Federal Trade Commission announced a proposed $6 million settlement with education technology company Edmodo Tuesday for collecting data from kids without parental consent and using it to sell ads in violation of the Children’s Online Privacy Protection Act (COPPA). The case is unusual for several reasons, including the fact that the Edmodo went out of business while the government was still investigating. The FTC is on a tear in recent months, upending the status quo and making an example out of companies to show that you can’t, in fact, just ignore what few privacy laws exist in the United States.


Netflix begins its password sharing crackdown in the U.S.

Netflix’s crackdown on password sharing is now beginning to roll out to U.S. subscribers and other markets, after a delayed launch. The streamer had originally planned to introduce “paid sharing” to U.S. subscribers in the first quarter of this year, but pushed the start date back to the summer, after seeing cancellations in markets where it had already launched the changes. Under the new rules, U.S. subscribers will have to either kick people off their Netflix account or pay $7.99/month for an additional membership for those outside their main household. The company offers tools to make this transition easier, including a way for current subscribers to view which devices are signed into their account and remove those that shouldn’t have access, as well as tools to reset their password.


Fake CapCut Websites Spread Information Stealers

A malware campaign has been found impersonating the CapCut video editing tool to spread different stealers. CapCut is an official video editor, developed by ByteDance. It is popularly used as an editing tool for TikTok videos (also owned by ByteDance) and comes with several features. CapCut has over 500 million downloads on Google Play and its website receives over 30 million monthly hits, making it an attractive target for cyberattacks.


CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.


How Hackers Launched an Attack on European Spacecraft

Space warfare is unavoidable, and the space ecology must be ready at all times. The European Space Agency (ESA) issued a challenge to cybersecurity specialists in the space industry ecosystem to interfere with the operation of the ESA’s “OPS-SAT” demonstration nanosatellite in a capability demonstrator during an annual event on cybersecurity for the space industry. The system that controls the payload’s GPS, altitude control system, and onboard imaging sensor was to be taken over by cybersecurity specialists utilising a variety of ethical hacking techniques in this challenge. The goal was to determine how unauthorised access to these systems could result in the satellite losing control of its mission or sustaining serious harm. 


White House Unveils New Efforts to Guide Federal Research of AI

The White House on Tuesday announced new efforts to guide federally backed research on artificial intelligence as the Biden administration looks to get a firmer grip on understanding the risks and opportunities of the rapidly evolving technology. Among the moves unveiled by the administration was a tweak to the United States’ strategic plan on artificial intelligence research, which was last updated in 2019, to add greater emphasis on international collaboration with allies. White House officials on Tuesday were also hosting a listening session with workers on their firsthand experiences with employers’ use of automated technologies for surveillance, monitoring, evaluation, and management. And the U.S. Department of Education’s Office of Educational Technology issued a report focused on the risks and opportunities related to AI in education.

Related Posts