AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/14/2022

Woman whose rape kit DNA was used against her in separate crime sues San Francisco

A woman whose rape kit DNA was used to link her to an unrelated property crime has filed a lawsuit against the city of San Francisco over the incident, which sparked a national outcry earlier this year. It was revealed in February that the San Francisco police department used the DNA and later dropped the charges against her. Her DNA had been collected and stored in the system as part of a 2016 domestic violence and sexual assault case, then district attorney Chesa Boudin said in February in a shocking revelation that raised privacy concerns. The revelation prompted a backlash from advocates, law enforcement, legal experts and lawmakers, many of whom warned the practice could affect victims’ willingness to come forward to law enforcement authorities.


Montenegro and its allies are working to recover from the massive cyber attack

A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from the Internet. The attack started on August 20 and impacted online government information platforms. According to the media, the critical infrastructure of the country, including banking, water and electrical power systems are at high risk. Government officials attribute the attack to pro-Russian hackers and to Russian security services. The National Security Agency said that Montenegro was “under a hybrid war at the moment.” The state has been a Russian ally since 2017 when it joined NATO despite strong opposition from Russia, it also expressed support to Ukraine after its invasion. Now Moscow has added the state to its list of “enemy states” for this reason it is suspected to be the source of the attacks.


China Accuses NSA’s TAO Unit of Hacking its Military Research University

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO), a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA), of orchestrating thousands of attacks against the entities located within the country. “The U.S. NSA’s TAO has carried out tens of thousands of malicious cyber attacks on China’s domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data,” the NCVERC said.


What we learned when Twitter whistleblower Mudge testified to Congress

A ticking bomb of security vulnerabilities. Covering up security failures. Duping regulators and misleading lawmakers. These are just some of the allegations when Twitter’s ex-security lead turned whistleblower, Peiter Zatko, testified to the Senate Judiciary Committee on Tuesday, less than a month after the release of his explosive whistleblower complaint filed with federal regulators. Zatko, better known as Mudge, made his first comments since the public release of his complaint. Twitter did not respond to a request for comment.


Got Backups?

If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. At times like these, backups are often the only way you can rebuild your digital life. Backups are copies of your information stored somewhere other than on your computer or mobile device. When you lose, or cannot access, valuable data on your device, you can recover your data from backups. Many of the files we create today are already automatically stored and backed-up in the cloud, such as Microsoft Word documents stored in Microsoft OneDrive, Dropbox, or Google Drive, or personal photos stored in Apple iCloud. But there may be files you create that are not automatically stored in the cloud; or perhaps you want additional backups for personal use.


Google and Meta fined over $70m for privacy violations in Korea

South Korea’s Personal Information Protection Commission (PIPC) has issued two large fines for privacy violations: a $50 million penalty for Google and $22 million for Meta. The PIPC’s beef is that neither Google nor Meta properly obtain consent or inform users on how they collect and use data, particularly with regards to behavioral information used to predict interests for marketing and advertising purposes. The data watchdog claims Google hides the setting screen to agree or disagree to collection methods and sets the default to “agree” while Meta only asks for agreement when a user creates an account and does so in unclear ways.

Related Posts