AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/07/2022

TikTok’s “secret operation” tracks you even if you don’t use it 

Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don’t even use the app itself. If this sounds familiar, it’s because it’s happened before. Meta’s near-omnipresence wherever you are online enabled it to gather data on users, even those who don’t have Facebook accounts—thanks, in part, to the Facebook “Like” button, a piece of code embedded on most websites. According to this Facebook Help Centre page, if a logged-in user visits a website with this button, the browser sends user data to Facebook so it can load content to that website. Something similar happens to users who are either logged out of Facebook or don’t have an account. The only difference is that the browser sends a limited set of data. However you look at it, Facebook gets your data. 


As ransomware attacks increase, new algorithm may help prevent power blackouts 

Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid. No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid’s utilities could fill in the most crucial security gaps if there were a map showing where to prioritize their security investments. Purdue University researchers have developed an algorithm to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked. 


Insurance giant Lloyd’s of London investigating cyberattack 

Insurance giant Lloyd’s of London said on Wednesday that it is investigating a possible cyberattack. A spokesperson for the commercial insurance market told The Record that cybersecurity experts at the company “detected unusual activity on its network.” “As a precautionary measure, we are resetting the Lloyd’s network and systems. All external connectivity has been turned off, including Lloyd’s delegated authority platforms,” the spokesperson said. “We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded.” Lloyd’s representatives would not say if it was a ransomware attack or explain who may have been behind the incident. It has been one of the most notable supporters of sanctions against Russia since the country’s government decided to invade Ukraine earlier this year.  


Meta Sues Chinese Devs Over WhatsApp Malware Plot 

WhatsApp parent company Meta is suing three Chinese developers for allegedly tricking users into downloading fake versions of the app that harvested their login details. WhatsApp and Meta are listed as plaintiffs in the case, filed in the US District Court for the Northern District of California this week, against Hong Kong’s Rockey Tech HK and Beijing Luokai Technology, and Taiwan’s ChitChat Technology. The defendants are accused of distributing at least two malicious apps, “AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and “Theme Store for Zap,” which misused WhatsApp trademarks. They were apparently promoted for download on Google Play and third-party app marketplaces. Once installed, the apps collected user credentials, then proceeded “to communicate the user’s credentials to WhatsApp’s computers and obtain the user’s account keys and authentication information.” The malware then allegedly transmitted this access information back to the developers. 


Hospital chain attack part of ongoing cybersecurity concerns 

Diverted ambulances. Cancer treatment delayed. Electronic health records offline. These are just some of ripple effects of an apparent cyberattack on a major nonprofit health system that disrupted operations throughout the U.S. While CommonSpirit Health confirmed it experienced an “IT security issue” earlier this week, the company has remained mum when pressed for more details about the scope of the attack. The health system giant has 140 hospitals in 21 states. As of Thursday, it’s still unknown how many of its 1,000 care sites that serve 20 million Americans were affected. 


Google Chrome is reportedly riddled with security issues 

Google Chrome is littered with potential security issues that could be putting millions of users at risk, a report has said. New research from Atlas VPN citing data provided by the VulDB vulnerability database(opens in new tab) claims Google’s famed browser has so far had 303 discovered vulnerabilities, and is an “all-time leader with a total of 3,159 cumulative vulnerabilities.” What’s more, of all the most commonly-used browsers(opens in new tab) around today, Chrome is the only one that already has already seen newly-discovered vulnerabilities in October 2022.  

Related Posts