AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/30/2024

DHS employees jailed for stealing data of 200K U.S. govt workers 

Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced to 2 years of probation; and Murali Y. Venkata, also from the IT department, sentenced to 4 months in prison. The three pleaded guilty to conspiracy to commit theft of government property and to defraud the United States and theft of government property at various times between 2019 and 2022. 


Japan will no longer require floppy disks for submitting some official documents 

Japan is an innovative country that leads the way on many technological fronts. But the wheels of bureaucracy often turn incredibly slowly there. So much so, that the government still requires businesses to provide information on floppy disks and CD-ROMs when they submit certain official documents. That’s starting to change. Back in 2022, Minister of Digital Affairs Taro Kono urged various branches of the government to stop requiring businesses to submit information on outdated forms of physical media. The Ministry of Economy, Trade and Industry (METI) is one of the first to make the switch. “Under the current law, there are many provisions stipulating the use of specific recording media such as floppy disks regarding application and notification methods,” METI said last week, according to The Register. 


SolarWinds slams SEC lawsuit against it as ‘unprecedented’ victim blaming 

SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz’s customers could be spied upon – has accused America’s financial watchdog of seeking to “revictimise the victim” after the agency sued it over the 2020 attack. In a motion to dismiss [PDF] the SEC’s lawsuit, the embattled developer described the fraud charges leveled against it, and its CISO Tim Brown, “as unfounded as they are unprecedented.” In a statement to The Register, Serrin Turner, an attorney at Latham and Watkins, which is representing SolarWinds, railed against the SEC’s charges. 


FBI: Tech support scams now use couriers to collect victims’ money 

Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. This public service announcement follows a surge of reports regarding criminals using couriers to collect cash or precious metals like gold or silver from victims (many senior citizens) whom the scammers instructed to sell their valuables. “The FBI is warning the public about scammers instructing victims, many of whom are senior citizens, to liquidate their assets into cash and/or buy gold, silver, or other precious metals to protect their funds,” the FBI said. “Criminals then arrange for couriers to meet the victims in person to pick up the cash or precious metals.” 


Nigerian ‘Yahoo Boys’ Behind Social Media Sextortion Surge in the US 

Teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, the Network Contagion Research Institute (NCRI) has found. A majority of these happen on social media platforms like TikTok, Snapchat, Instagram, and Wizz. Financial sextortion, the illegal act of adults manipulating minors, or other adults, into sharing sexually suggestive content online to extort their money, is the most rapidly growing crime targeting children in the US, Canada, and Australia, a new NCRI report said. 


Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations 

Italy’s data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. “The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation],” the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday. It also said it will “take account of the work in progress within the ad-hoc task force set up by the European Data Protection Framework (EDPB) in its final determination on the case.” 

Related Posts