AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/08/2020

Twitter is testing how its misinformation labels can be more obvious, direct

Twitter’s Yoel Roth said the company is exploring changes to the small blue notices that it attaches to certain false or misleading tweets, to make these signals more ‘overt’ and be more ‘direct’ in giving users information. But he did not say whether any new versions would be ready before the U.S. election in the next four weeks, a period that experts say could be rife with false and misleading online content. Roth said the new efforts at Twitter include testing a more visible reddish-magenta color, and working out whether to flag users who consistently post false information. “We’ve definitely heard the feedback that it would be useful to see if an account is a repeat offender or has been repeatedly labeled, and we’re thinking about the options there,” said Roth.


BBB: Scammers Are Stealing Money Via Cash App

More scams are taking place in the pandemic era, and fraudsters are now using Cash App to swindle consumers, according to a report from WPRI 12, which cited the Better Business Bureau (BBB). There are a few variations taking place through the popular payment tool, the report stated. One of them involves a person requesting payment through the app and, once it’s made, the sender is blocked immediately. In another, fake customer support phone numbers are used to dupe customers looking for the real number to discuss issues, according to the report. With the scam numbers, users turn over their login information and are tricked into giving money. WPRI 12 reported that one victim said they succumbed to scams in which fraudsters invited them to purchase bogus software via Cash App. In another scam, a user tried to buy concert tickets for $350 and then was instantly blocked.


Google Accounts get security boost with new critical alerts system

Google on Wednesday unveiled a pair of online products designed to better protect the security and privacy of Google users’ information. The company said it will soon introduce a redesigned critical alert to warn Google Account users when a serious security threat is detected, such as a suspected hack. Unlike alerts that arrive in your email or on your phone, the new alert will automatically be displayed in the Google app you’re using. To provide an additional layer of reassurance, Google says the new alert is spoof-proof, so you don’t have to worry about whether the alert is legitimate.


The IRS Is Being Investigated for Using Location Data Without a Warrant

The body tasked with oversight of the IRS announced in a letter that it will investigate the agency’s use of location data harvested from ordinary apps installed on peoples’ phones, according to a copy of the letter obtained by Motherboard. “We are going to conduct a review of this matter, and we are in the process of contacting the CI [Criminal Investigation] division about this review,” the letter, signed by J. Russell George, the Inspector General, and addressed to the Senators, reads. CI has a broad mandate to investigate abusive tax schemes, bankruptcy fraud, identity theft, and many more similar crimes. Wyden’s office provided Motherboard with a copy of the letter on Tuesday.


SEC settles with trader accused of illegal trades using hacked data

The U.S. Securities and Exchange Commission agreed to settle charges with one of the traders who relied on hacked data from an SEC company filing system to collectively make millions of dollars, the agency said in a federal court filing on Wednesday. The SEC settlement includes both Sungjin Cho, the trader, and Kyungja Cho, his mother. Sungjin Cho made 66 illegal trades under his own name relying on the hacked information, and placed or directed four more under accounts in his mother’s name, according to the original complaint. Last year, the SEC and Justice Department filed charges against alleged hackers and the group of traders whom they said benefited from the scheme dating back to 2016 to steal secrets from EDGAR. EDGAR is a filing system for public companies that sometimes contains information that has not yet been made public. The scheme netted at least $4.1 million for the traders, according to the SEC.


The single, simple rule change that could force tech platforms to compete

The Democratic leaders of the US House of Representatives Judiciary Committee released a 449-page report this week alleging a lack of competition in digital markets. The report proposes countless remedies, including specific suggestions for Google, Amazon, Apple, and Facebook. But one recommendation stands out for its simplicity and potential efficacy. The big tech companies have strengthened their positions by acquiring lots of smaller companies, the report argues, and “It is unclear whether the antitrust agencies are presently equipped to block anticompetitive mergers in digital markets.” The report suggests a simple policy change to fix that: “Subcommittee staff recommends that Congress consider shifting presumptions for future acquisitions by the dominant platforms. Under this change, any acquisition by a dominant platform would be presumed anticompetitive unless the merging parties could show that the transaction was necessary for serving the public interest and that similar benefits could not be achieved through internal growth and expansion.”

Related Posts