AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/23/2022

Denmark latest to conclude Google Analytics is unlawful

The Danish Data Protection Agency (DPA), Datatilsynet, has become the fourth national regulator to conclude that the manner in which companies are currently using Google Analytics breaches European Union regulations that demand stricter safeguards for personal data moved outside the bloc. In a judgement published on Wednesday, the regulator said that the use of Google’s popular tool is illegal because it enables companies to move users’ data outside the EU without the necessary protections.


Okta: Credential stuffing accounts for 34% of all login attempts

Credential stuffing attacks have become so prevalent in the first quarter of 2022 that traffic surpassed that of legitimate login attempts from normal users in some countries. This type of attack takes advantage of “password recycling,” which is the bad practice of using the same credential pairs (login name and password) across multiple sites. Once the credential are leaked or brute-forced from one site, threat actors perform a credential stuffing attack that attempts to use the same leaked credentials at other sites to gain access to users’ accounts.


Twitter’s Whistleblower Allegations Are a Cautionary Tale for All Businesses

Today, the mere threat of a breach can crush your business. The Twitter whistleblower saga shows that, after years of indifference, customers are sensitive to even rumors of data leaks. A few years ago, PR teams could paper over a small breach, and customers would accept it. A decade ago, massive data breaches made headlines, but customers stayed with the vendor because they believed that lightning couldn’t strike twice. Times have changed, though, so how can you protect yourself … and even turn privacy and security into an advantage? The companies that win will embrace small steps, transparency, and the right partners.


Cyber Insurers Clamp Down on Clients’ Self-Attestation of Security Controls

A voided lawsuit from a cyber insurance carrier claiming its customer misled it on its insurance application could potentially pave the way to change how underwriters evaluate self-attestation claims on insurance applications. The case — Travelers Property Casualty Company of America v. International Control Services Inc. (ICS) — hinged on ICS claiming it had multifactor authentication (MFA) in place when the electronics manufacturer applied for a policy. In May the company experienced a ransomware attack. Forensics investigators determined there was no MFA in place, so Travelers asserted it should not be liable for the claim. 


Meta Sued Over Tracking iPhone Users Despite Apple’s Privacy Features

Meta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking.In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user’s key taps, keyboard inputs, and more, when using the in-app browser. When a user clicks on a link on Instagram, for example, Meta can monitor their interactions, text selections, and even text input, such as passwords and private credit card details within that website.


Europol “Hackathon” Identifies Scores of Human Trafficking Victims

Law enforcers from over 20 European countries came together earlier this month to clamp down on human traffickers found using online platforms to exploit vulnerable people, including Ukrainian women. The EMPACT joint action day was coordinated by the Netherlands and described by Europol as the first region-wide “hackathon” against human trafficking. Some 85 experts participated in the event, designed to identify criminal networks using social media and dark web sites to exploit Ukrainian refugees and others. It focused on determining the key indicators of this activity, which can be harder to spot than other crimes such as drug trafficking, Europol claimed. “The internet and human trafficking are interlinked. Many social media platforms, dating apps and private groups online are being ‘hijacked’ by individuals involved in human trafficking for sexual or labor exploitation. These individuals are trying to mislead law enforcement and avoid detection,” Europol said.

Related Posts