AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/26/2021

1 – Russia makes good on its threat to fine Google over ‘illegal’ internet content

Russian authorities on Tuesday fined Google 6 million rubles, or just under $82,000, after the company failed to comply with Moscow’s demands to delete prohibited online content. On Monday, Russia’s internet watchdog, Roskomnadzor, gave Google 24 hours to delete more than 26,000 instances of online media considered to be illegal in the country. If their demands weren’t met, authorities threatened to slow down Google’s services in Russia and levy fines of up to 10 percent of the company’s annual revenue.  Today, Roskomnadzor fined Google in three batches at 2 million rubles apiece, alleging administrative offenses in each case, according to Reuters. Much of the prohibited content involves calls for social action following the detention of high-profile Kremlin critic Alexei Navalny in January. Protests erupted across Russia early this year after Navalny’s arrest. Russian authorities subsequently sued Google, Twitter, Facebook and other sites, alleging they hosted content encouraging children to participate in the protests, which Moscow deemed illegal.


2 – How do we decide whether or not to trust AI systems?

Every time you speak to a virtual assistant on your smartphone, you are talking to an artificial intelligence — an AI that can, for example, learn your taste in music and make song recommendations that improve based on your interactions. However, AI also assists us with more risk-fraught activities, such as helping doctors diagnose cancer. These are two very different scenarios, but the same issue permeates both: How do we humans decide whether or not to trust a machine’s recommendations? This is the question that a new draft publication from the National Institute of Standards and Technology (NIST) poses, with the goal of stimulating a discussion about how humans trust AI systems. The report contributes to the broader effort to help advance trustworthy AI systems. The focus of this latest publication is to understand how humans experience trust as they use or are affected by AI systems.


3 – ‘World’s leading bank robbers’: North Korea’s hacker army

Nuclear-armed North Korea is advancing on the front lines of cyberwarfare, analysts say, stealing billions of dollars and presenting a clearer and more present danger than its banned weapons programmes. Pyongyang is under multiple international sanctions over its atomic bomb and ballistic missile programmes, which have seen rapid progress under North Korean leader Kim Jong Un. But while the world’s diplomatic focus has been on its nuclear ambitions, the North has been quietly and steadily building up its cyber capabilities, and analysts say its army of thousands of well-trained hackers are proving to be just as dangerous. “North Korea’s nuclear and military programmes are long-term threats, but its cyber threats are immediate, realistic threats,” said Oh Il-seok, a researcher at the Institute for National Security Strategy in Seoul.


4 – 8.3 million plaintext passwords exposed in DailyQuiz data breach

The personal details of 13 million DailyQuiz users have been leaked online earlier this year after a hacker breached the quiz builder’s database and stole its content, which he later put up for sale. The data, of which The Record has obtained copies from two different sources, contains details about 12.8 million users, including plaintext passwords, emails, and IP addresses for 8.3 million accounts. The stolen data has been sold on hacking forums and Telegram channels since January 2021 for a price of $2,000 paid in cryptocurrency, but leaked into the public domain this month, after it was exchanged through different data brokers, and eventually came into the hands of a security researcher, who shared it with The Record. The data has also been provided to Have I Been Pwned, a website operated by Australian security researcher Troy Hunt. DailQuiz users can visit the Have I Been Pwned website and see if their personal details were exposed in the site’s security breach.


5 – IRS Wants Tools for Cracking Crypto Wallets

As more people across the globe get into trading and purchasing goods using cryptocurrencies—even the federal government—the IRS’s Criminal Investigations division wants “reliable” tools and processes for cracking crypto wallets. Cryptocurrencies are digital assets with set or fluctuating market rates that can be traded for real currency. The rise of cryptocurrencies coincided with the invention of the distributed ledger—also known as blockchain—which allows for transparency in accounting while maintaining a user’s anonymity. For an added layer of security, some cryptocurrency traders use crypto wallets, which keep the private keys needed to access the cryptocurrency separate from the broker making the transaction. For the IRS Criminal Division’s Digital Forensics Unit, crypto wallets seized as part of investigations have been tough to crack.


6 – A Look at the Legal Consequence of a Cyber Attack

Due to the pandemic, more businesses have moved their services and information online. An unintended consequence of this is that cyber crimes are on the rise. Here’s a staggering statistic for you: of all cybersecurity breaches, 95% are caused by human error. This is very concerning given that businesses have a responsibility to protect the data of their customers. The effects of a cyber attack can be devastating for a business. Cybersecurity isn’t optional—it’s necessary in today’s online landscape. But if your customer’s information is leaked in a cyber attack, what consequences might there be for your business? Over the years, many customers have sued businesses for leaking their information due to a security breach—and many of them have done so successfully. When clients use your services and/or products, they expect that your business will do everything it can to protect their private information. But when hackers target large corporations, millions of customers may have highly sensitive data leaked.

Related Posts