AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/6/2020

1 – CCPA Kickoff: What Businesses Need to Know

New year, new privacy regulations: The California Consumer Privacy Act (CCPA) went into effect on January 1, marking the start of a widespread law that will likely have implications beyond state lines. For businesses, it’s high time to think about what this means and how to get ahead. CCPA, the original version of which was passed in 2018, was introduced to protect the personal data of roughly 40 million people living in California. Under CCPA, residents have the right to know what part of their information businesses try to collect, the right to tell organizations to not share or sell their data, and the right to protect against companies that fail to protect this data.


2 – Survey about Swedish people’s attitude to the internet reveals growing distrust of social media

Public confidence in global social media operators Facebook and Google retreated in Sweden in 2019 amid growing public distrust over personal data use and online privacy. The “trust factor” contributed to a decline in Facebook’s popularity in Sweden in 2019, according to a survey conducted by Internetstiftelsen (Internet Foundation Sweden), the public service organisation tasked with ensuring the positive development of the internet in Sweden. The Internetstiftelsen survey, Swedes and the internet 2019 (in Swedish, Svenskarna och internet 2019) revealed that public confidence in social media giants Facebook and Google declined by 17% in Sweden from 2015 to 2019. The annual survey is a useful tool to measure online behaviour in Sweden as well as societal changes in the face of increasing digitalisation.


3 – Brazil fines Facebook $1.65 million for improperly sharing users’ data

Brazil has fined Facebook USD1.65 million for improperly sharing users’ data in a case linked to the global Cambridge Analytica scandal. Facebook engaged in an “abusive practice” by allowing data from 443,000 users in Brazil to be unduly available to developers of the application “This is Your Digital Life,” according to the Ministry of Justice. That application — a psychological survey — collected personal data from millions of Facebook users worldwide, which were then transferred to British consultancy Cambridge Analytica and used without consent in political campaigns, such as the one that gave Brexit a victory in Britain and Donald Trump a win in the 2016 US presidential election.


4 – Data Leak Forces Password Reset at Crypto Exchange Poloniex

A cryptocurrency exchange has been forced to reset customer passwords after a suspected data leak via social media, although its incident response efforts caused more confusion among some users. US-based exchange Poloniex informed around 1% of its customer base that they had to reset their log-ins, following a tweet claiming to contain a list of leaked email/password combos. However, customers took to Twitter warning that the email itself was a phishing scam, forcing the exchange to re-emphasize its legitimacy.


5 – Hunting the missing millions from collapsed cryptocurrency

A Russian computer programmer involved in the collapse of a big cryptocurrency exchange says he was tricked into handing over its entire assets to fraudsters posing as FSB agents, according to documents obtained by BBC Russian. Alexei Bilyuchenko was a key player in Wex, which stopped trading in 2018, leaving customers unable to access investments totalling nearly half a billion US dollars. BBC Russian has spent months investigating the murky world of Russian cryptocurrency trading, trying to find out what happened to the money. It’s a story worthy of the BBC TV drama McMafia, involving an unlikely cast of characters from computer geeks and FBI agents, to a billionaire oligarch with ties to the war in Ukraine.


6 – T-REX, Rainforest Cafe, Yak & Yeti Restaurant, and More Involved in Landry’s Credit Card Breach at Walt Disney World

In a recent report from Landry’s Inc., a number of their restaurants have been impacted by a credit card breach, and that includes two of their Disney Springs restaurants and one Disney’s Animal Kingdom restaurant. Potentially affected restaurants include the following brands: Rainforest Cafe, T-REX Cafe, Yak & Yeti Restaurant, Bubba Gump Shrimp Co., and more. The Houston-based company operates over 60 restaurant chains nationwide, and has informed customers that a credit card breach has affected cards swiped between March 13 and Oct. 17, 2019. The breach took place when waitstaff swiped cards on devices used to enter kitchen and bar orders, which are different devices than the point-of-sale terminals used for payment processing. Landry’s Select Club rewards cards were not involved in the breach.


7 – How edge computing may revamp, revitalize commercial real estate

Edge computing will be a key development in 2020, but the far more interesting trend may revolve around how real estate is retooled to enable the technology. After all, edge computing, as well as 5G, will acquire a more distributed network with various points of presence. These points are likely to be housed in existing real estate. When Amazon Web Services and Verizon outlined plans to partner on 5G, cloud, and edge computing use cases, it became one more data point in how the technology is also about real estate. The Verizon-AWS partnership revolves around connecting Verizon’s facilities to the cloud.


8 – DHS monitoring apparent hack of government library program website

The Department of Homeland Security is monitoring the apparent hack of a government website, according to a senior administration official, who called it “defacement.” The website on Saturday evening displayed an image of President Donald Trump bleeding from his mouth with an Islamic Revolutionary Guard fist in his face. The Federal Depository Library Program website, which is run by the Government Publishing Office and makes federal government documents and information available to the public, featured the image and is currently offline. The official did not comment on who could be behind the act.


9 – Apple targets jailbreaking in lawsuit against iOS virtualization company

Apple has expanded a lawsuit against an iOS virtualization company, claiming that its actions facilitate jailbreaking and violate the Digital Millennium Copyright Act (DMCA) prohibition on circumvention of copyright-protection systems. Apple sued Corellium, a company that sells access to virtual machines that run copies of the operating system used in iPhones and iPads, in August 2019. We detailed the initial allegations in a previous article; Apple said that Corellium sells “perfect replicas” of iOS without a license from Apple and markets its software as “a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software.” But instead of aiding good-faith security research, Corellium “encourages its users to sell any discovered information on the open market to the highest bidder,” Apple alleged.


10 – Colorado Town Wires Over $1 Million to BEC Scammers

Colorado Town of Erie lost more than $1 million to a business email compromise scam (BEC) that ended with the town’s employees sending the funds to a bank account controlled by scammers. BEC (otherwise known as Email Account Compromise) is a type of financial fraud through which crooks deceive an organization’s employee via computer intrusion or by using social engineering into wiring out funds to attacker-controlled bank accounts. The fraudsters used an electronic form on the town’s website to request a change to the payment information on the building contract for Erie Parkway Bridge awarded to SEMA Construction in October 2018.

Related Posts