AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/26/2024

Meta announces steps to protect teens from unwanted contact on Instagram and Facebook 

On Thursday (Jan. 25), Meta detailed a few new ways parents can better safeguard their teens on Instagram and Facebook. Adam Mosseri, Head of Instagram, shared a quick video on the platform explaining that a new set of “stricter messaging” settings are arriving. These settings for children under 16 and under 18 in other regions will help parents ensure they don’t receive messages from people they don’t know. In a subsequent Meta post, this new default setting allows a teen to be privately messaged or added to a group chat by users they follow or “are connected to.” 


Using Google Search to Find Software Can Be Risky 

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to create and enforce their abuse policies. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. 


23andMe data breach: Hackers stole raw genotype data, health reports 

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers’ accounts were stolen in other data breaches or used on previously compromised online platforms. As the genomics and biotechnology company disclosed in data breach notification letters sent to those impacted in the incident, some of the stolen data was posted on the BreachForums hacking forum and the unofficial 23andMe subreddit site. 


Privacy predictions for 2024 

In our previous privacy predictions piece, we outlined trends for 2023. As expected, there was a notable increase in the adoption of digital IDs to replace paper documents. For example, California expanded a pilot program for digital driver’s licenses, and Russia introduced laws enabling biometrics-based purchases of alcohol and tobacco. This trend is set to continue, with the European Commission finalizing the EU Digital Identity Wallet agreement. Australia has also unveiled a national strategy for digital identity resilience, aiming for mainstream use in 2024. We expected organizations to try to reduce the impact of the human factor on data security, so as to bring down the number of insider threats and social engineering attacks. The issue intensified with the widespread use of chatbots for work, leading employees to inadvertently share sensitive data. Notably, major companies like Amazon, Apple, and Spotify are taking measures to prevent data leaks by limiting engagement with such tools. 


The Cost of Avast’s Free Antivirus: Companies Can Spy on Your Clicks 

Your antivirus should protect you, but what if it’s handing over your browser history to a major marketing company? Relax. That’s what Avast told the public after its browser extensions were found harvesting users’ data to supply to marketers. Last month, the antivirus company tried to justify the practice by claiming the collected web histories were stripped of users’ personal details before being handed off. “The data is fully de-identified and aggregated and cannot be used to personally identify or target you,” Avast told users, who opt in to the data sharing. In return, your privacy is preserved, Avast gets paid, and online marketers get a trove of “aggregate” consumer data to help them sell more products. 


Russian Developer Of Trickbot Malware Sentenced To Five Years In U.S. 

A Russian national has been sentenced to five years and four months in prison for his involvement in malicious software known as Trickbot used in ransomware attacks on U.S. hospitals, schools, and businesses, the U.S. Justice Department said on January 25. The department said the sentence was handed down on January 24 to Vladimir Dunayev, 40, who has been in U.S. custody since 2021 after being extradited from South Korea. Dunayev pleaded guilty in November to conspiracy to commit computer fraud, identity theft, and other charges. 

Related Posts