AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/04/2021

1 – NY transit officials confirm cyberattack; say harm limited

Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America’s largest transit system, MTA officials confirmed on Wednesday. The officials said in a statement that that agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk. The MTA insisted that it quickly shut down the attack. It said a follow-up forensic analysis also found that no sensitive information was stolen and that rail service for millions of riders each day and other operations were never compromised or disrupted.


2 – 5 common scams targeting teens – and how to stay safe

Most teenagers, while not as impressionable as small children, can still be subjected to various external influences. If you’re one of them, you probably haven’t experienced the many ups and downs life could throw at you, and you may be too eager to trusting and easy to manipulate. And that trusting nature, innocence, and youthful naivety may make you a prime target for scam artists, who are looking to dupe you out of your money or personal data. Let’s look at some common scams targeting teens and what to watch out for. If you’re a parent, you may want to share this advice with your children and help them – and your entire family – stay safe online.


3 – Supreme Court limits US hacking law in landmark CFAA ruling

The Supreme Court has ruled that a police officer who searched a license plate database for an acquaintance in exchange for cash did not violate U.S. hacking laws. The landmark ruling concludes a long-running case that clarifies the controversial Computer Fraud and Abuse Act, or CFAA, by putting limits on what kind of conduct can be prosecuted. The court ruled 6-3 in favor of Nathan Van Buren, a former Georgia police sergeant who brought the case. Van Buren was prosecuted on two counts, one for accepting a kickback for accessing the database as a serving police officer, and another for violating the CFAA. His first conviction was overturned, but the CFAA conviction was upheld — until today. Although Van Buren was allowed to access the license plate database, the legal question became whether or not he had exceeded his authorized access. In the ruling, the Supreme Court said that the CFAA “covers those who obtain information from particular areas in the computer — such as files, folders, or databases — to which their computer access does not extend,” and that while Van Vuren “plainly flouted” the police department’s rules for law enforcement purposes, he did not violate the CFAA, wrote Justice Amy Coney Barrett, who wrote the majority opinion.


4 – TikTok just gave itself permission to collect biometric data on US users, including ‘faceprints and voiceprints’

A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began. The biometric data collection details were introduced in the newly added section, “Image and Audio Information,” found under the heading of “Information we collect automatically” in the policy.


5 – Apple updates AirTags to fix major privacy issues

Apple announced earlier today that an important update is rolling out to its new AirTags, which is meant to address privacy concerns raised by many users soon after the gadget’s market launch. For those of you who haven’t read our previous report, it’s very easy to track someone using Apple’s AirTag, especially if they’re using an Android device, not an iPhone. It’s enough to slip an AirTag into someone’s backpack and you’ll be able to track the person for as long as it carries it. The privacy issue doesn’t affect iPhone users, since they will be notified if a stranger’s AirTag is moving with them for a certain period of time (usually several hours).

Related Posts