AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/25/2022

University can’t scan students’ rooms during remote tests, judge rules

An Ohio judge has ruled that a Cleveland State University’s virtual scan of a student’s room prior to an online test was unconstitutional. The ruling marks a victory for digital privacy advocates around the country, who have spoken loudly against the practices of online test proctoring for many years. Chemistry student Aaron Ogletree sat for an online test in the spring 2021 semester. Ogletree was asked to show the virtual proctor his bedroom through his webcam prior to the beginning of the test. A recording of the room scan as well as the testing process that followed was retained by Honorlock, the university’s third-party vendor.


Industry sets cyber standards for cars and trucks and things that go (unmanned)

A trade group representing the makers of unmanned drones, cars, airplanes, boats and other vehicles is teaming up with a cybersecurity company to develop voluntary security standards for the autonomous vehicles market. Today, representatives from the Association for Uncrewed Vehicle Systems International (AUVSI) and Fortress Security announced they are forming a working group that will develop the standards over the next year. In an interview, Tobias Whitney, vice president of strategy and policy at Fortress Security, and Michael Robbins, AUVSI executive vice president for government and public affairs, said the framework would be built around five broad use cases.


Meta offers $37.5m to settle location tracking lawsuit

Meta has offered to pay $37.5 million to settle a class-action lawsuit, which claimed its social media platform Facebook illegally harvested location data even when users explicitly denied consent. Plaintiffs said they had turned off location tracking for the Facebook app downloaded on their iOS and Android smartphones, but were shocked to find the company had repeatedly recorded their whereabouts and logged their specific latitude and longitude coordinates anyway. Brendan Lundy and Mariah Watkins, both residents of Colorado at the time the lawsuit was filed in 2018, said they discovered the data when they requested a copy of their personal records held by Facebook. The information was used to send users targeted ads, the lawsuit alleged. 


Hackers Using Fake DDoS Protection Pages to Distribute Malware

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. “A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware,” Sucuri’s Ben Martin said in a write-up published last week. Distributed denial-of-service (DDoS) protection pages are essential browser verification checks designed to deter bot-driven unwanted and malicious traffic from eating up bandwidth and taking down websites. The new attack vector involves hijacking WordPress sites to display fake DDoS protection pop-ups that, when clicked, ultimately lead to the download of a malicious ISO file (“security_install.iso”) to the victim’s systems.


Researchers warn of darkverse emerging from the metaverse

The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes. Security researchers predict that a kind of darknet structure could emerge there, similar to today’s Internet. The machinations of the cyber gangsters could even take place in protected rooms that can only be reached from a specific physical location and via valid authentication tokens. This would make their underground marketplaces inaccessible to law enforcement agencies. In fact, it could be years before the police can operate effectively in the metaverse.


SEC asked Twitter about its spam account claims in June

The Securities and Exchange Commission asked Twitter in June for additional information on how it calculates the percentage of spam accounts on its platform, new filings revealed Wednesday. Twitter’s spam account calculations have been the focal point of Tesla CEO Elon Musk’s countersuit against the company, which initially sued him for trying to get out of his $44 billion deal to buy the social media platform. Musk has questioned Twitter’s assertions that less than 5% of its monthly daily active users (mDAU) are spam accounts, as it states in its securities filings. Twitter has stood by that figure. Wednesday’s disclosure shows it’s not just Musk who sought to validate Twitter’s calculations, though nothing in the filings indicates the agency is formally disputing the numbers or pursuing legal action.


Shout-out to whoever went to Black Hat with North Korean malware on their PC

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un’s agents. In their second year of helping protect the infosec event’s Network Operations Center (NOC), IronNet’s team said it flagged 31 malicious alerts and 45 highly suspicious events, according to the team’s postmortem report. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts — some of it stems from simulated attacks in classrooms and on the show floor. So while Tor activity and DNS tunneling likely would, and should, raise alarms in an enterprise network, at the cybersecurity conference they turned out to be regular attendee behavior and vendor demos.

Related Posts