Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/02/2021

1 – Hackers are targeting employees returning to the post-COVID office

With COVID-19 restrictions lifting and employees starting to make their way back into offices, hackers are being forced to change tack. While remote workers have been scammers’ main target for the past 18 months due to the mass shift to home working necessitated by the pandemic, a new phishing campaign is attempting to exploit those who have started to return to the physical workplace. The email-based campaign, observed by Cofense, is targeting employees with emails purporting to come from their CIO welcoming them back into offices. The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.

 

2 – Firefox now blocks cross-site tracking by default in private browsing

Mozilla says that Firefox users will be protected against cross-site tracking automatically while browsing the Internet in Private Browsing mode. This is because, starting with the Firefox 89 version released today, Total Cookie Protection will be enabled by default in Private Browsing windows. Total Cookie Protection is designed to force all websites to keep their cookies in separate “jars,” thus preventing them from tracking you across the web and building browsing profiles. First introduced in Firefox 86 in February 2021, this privacy feature was only active until now when users would manually toggle on ETP Strict Mode in the web browser’s settings.

 

3 – The slow trend away from facial recognition technology

It’s been a busy few weeks for facial recognition technology. Its oft-maligned abilities frequently wind up in tales of privacy invasion, or false positives, or dubious data retention. In fact, it’s not uncommon to see big organizations backing away from how they expect to use it, or indeed deploy it already.  It’s such a hot-button issue that Amazon, already having called time on their tech being used by law enforcement, have recently extended their time-out from that field. It will still apparently be used for cases of trafficking, but more general use is a no-go for the immediate future. Elsewhere, tools which allow anyone to search and make connections between different images are stirring up more privacy issues.

 

4 – WhatsApp reverses course, now won’t limit functionality if you don’t accept its new privacy policy

Earlier this month, Facebook-owned WhatsApp said that users would lose functionality over time if they didn’t accept its new privacy policy by May 15th. In a reversal, Facebook now says that plan has changed, and users who don’t accept the updated policy actually won’t see limited functionality (via TNW). “Given recent discussions with various authorities and privacy experts, we want to make clear that we will not limit the functionality of how WhatsApp works for those who have not yet accepted the update,” a WhatsApp spokesperson said in a statement to The Verge. WhatsApp tells The Verge that this is the plan moving forward indefinitely. The rollout of the policy has been a confusing mess, and raised concerns that WhatsApp would begin sharing more of users’ personal data with Facebook. (Some WhatsApp user data, such as users’ phone numbers, is already shared with Facebook, a policy that went into place in 2016.) WhatsApp has stressed this is not the case, though — the policy update is regarding messages sent to businesses via WhatsApp, which may be stored on Facebook’s servers.

 

5 – The Top Unsolved Questions in Mathematics Remain Mostly Mysterious

Twenty-one years ago this week, mathematicians released a list of the top seven unsolved problems in the field. Answering them would offer major new insights in fundamental mathematics and might even have real-world consequences for technologies such as cryptography. But big questions in math have not often attracted the same level of outside interest that mysteries in other scientific areas have. When it comes to understanding what math research looks like or what the point of it is, many folks are still stumped, says Wei Ho, a mathematician at the University of Michigan. Although people often misunderstand the nature of her work, Ho says it does not have to be difficult to explain. “My cocktail party spiel is always about elliptic curves,” she adds. Ho often asks partygoers, “You know middle school parabolas and circles? Once you start making a cubic equation, things get really hard…. There are so many open questions about them.”

 

6 – White House Puts Russia on Notice Over JBS Ransomware Hit

The White House says on Tuesday it has contacted Russia regarding the ransomware attack against JBS SA, the multinational meat producer. It’s a positive sign of more forward action by the U.S. government after Colonial Pipeline, but experts say the ransomware scourge is clearly still business as usual. JBS informed the White House that it believes the ransom demand is likely coming from Russia, says Karine Jean-Pierre, principal deputy press secretary, during a press briefing on Air Force One. “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre says according to a transcript. “The FBI is investigating the incident and CISA [Cybersecurity and Infrastructure Security Agency] is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack.”

Related Posts