AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/18/2020

Privacy-focused search engine DuckDuckGo is growing fast

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues. Even though DuckDuckGo is growing rapidly, it still controls less than 2 percent of all search volume in the United States. However, DuckDuckGo’s growth trend has continued throughout the year, mainly due to Google and other companies’ privacy scandal.


How does encryption affect Network Defenders ability to do their jobs? 

Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus and leaflets that could accelerate the spread of COVID-19. Instead they are turning to QR codes as an alternative. MobileIron warns that these QR codes can be malicious. In a study released Tuesday, the mobile device management firms found that 71 percent of survey respondents said they cannot distinguish between a legitimate and malicious QR code. QR codes – the “QR” is short for “quick response” – allows a user to scan a special code with their phone’s camera, to automatically perform an action. 


Mozilla wants to understand your weird YouTube recommendations

From cute cat videos to sourdough bread recipes: sometimes, it feels like the algorithm behind YouTube’s “Up Next” section knows the user better than the user knows themselves. Often, that same algorithm leads the viewer down a rabbit hole. How many times have you spent countless hours clicking through the next suggested video, each time promising yourself that this one would be the last one? The scenario gets thorny when the system somehow steers the user towards conspiracy theory videos and other forms of extreme content, as some have complained. To get an idea of how often this happens and how, the non-profit Mozilla Foundation has launched a new browser extension that lets users take action when they are recommended videos on YouTube that they then wish they hadn’t ended up watching.


Here are the browsers iOS 14 now lets you set as default

With iOS 14, Apple finally lets you choose which browser you want to use as your default, letting you switch away from Safari if you’d rather use a third-party alternative like Chrome or Edge. Apple is also letting iPhone users change their default email app in the updated OS. To be a candidate for the default browser, developers have had to update their apps. All browsers are still required to use WebKit as their underlying browsing engine, meaning that the main differences between them will come down to their user interfaces and how they sync with other platforms, rather than how they fundamentally render web pages. At the moment there’s only a limited selection of browsers that can be set as the default on iPhone. Here’s a list of alternative default browsers we can confirm: Chrome, DuckDuckGo, Edge, and Firefox.


Accidental Airbnb account takeover linked to recycled phone numbers

It’s a flaw that can result in account takeover, credit card theft and privacy leaks, and yet it has gone unaddressed for years on certain websites and online apps. The scenario works like this: A mobile device owner attempts to register an account on a website or web app, using a phone number that was recently assigned to him by a telecom carrier. But that phone number previously belonged to a different phone owner who at one time also signed up for the same web service. Instead of creating a new account, the new device owner instead is logged into the account of the phone number’s original owner. “It’s probably one of the oldest vulnerabilities with regards to mobile phone numbers… and identity,” said Marc Rogers, executive director of cybersecurity at Okta. It’s almost as if the new device owner has pulled off a SIM swap scam – only there was no intent of deception. Nobody tricked the wireless carrier into reassigning a victim’s phone number to another device. It just happened by chance.


Dunkin’ Data Breach Settlement Paves the Way for More Suits

Dunkin’ Brands’ settlement with the New York state attorney general of a lawsuit tied to a five-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states – as well as customers.  There could be a “pile on” effect as the Federal Trade Commission and other attorneys general take legal action against the popular donut and coffee chain, says attorney Mark Rasch, of the law firm of Kohrman, Jackson & Krantz, who is not involved in the case. “More significantly, we likely will see class action lawsuits alleging specific damages to the class of Dunkin’ customers or others,” he says. Under the New York settlement with Dunkin’ Brands, which is the franchiser of 12,900 Dunkin’ outlets and 8,000 Baskin-Robbins stores worldwide, the company must refund money to about 20,000 New York customers affected by a 2015 data breach and also pay $650,000 in fines, according to a settlement document.

Related Posts