AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/12/2022

The Chinese surveillance state proves that the idea of privacy is more “malleable” than you’d expect

It’s no surprise that last week, when the Biden administration updated its list of Chinese military companies blocked from accessing US technologies, it added Dahua. The second-largest surveillance camera company in the world, just after Hikvision, Dahua sells to over 180 countries. It exemplifies how Chinese companies have leapfrogged to the front of the video surveillance industry and have driven the world, especially China, to adopt more surveillance tech. Over the past decade, the US—and the world more generally—have watched with a growing sense of alarm as China has emerged as a global leader in this space. Indeed, the Chinese government has been at the forefront of exploring ways to apply cutting-edge research in computer vision, the Internet of Things, and hardware manufacturing in day-to-day governance.

White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star

The White House National Security Council will announce plans Tuesday for a consumer products cybersecurity labeling program intended to improve digital safeguards on internet-connected devices, a senior White House official told CyberScoop.  About 50 representatives from consumer product associations, manufacturing companies and technology think tanks will convene at the White House on Oct. 19 for a workshop on the voluntary effort ahead of an expected spring 2023 launch. The White House briefly described the effort in a document it released Tuesday outlining various cybersecurity initiatives. The administration plans to start with recommending three or four cybersecurity standards that manufacturers can use as the basis for labels that communicate the risks associated with using so-called internet of things devices.


Coverage of Killnet DDoS attacks plays into attackers’ hands, experts say

A notorious pro-Russian hacking group drew headlines on Monday after launching distributed denial-of-service (DDoS) attacks on the websites of airports in at least 24 different states and threatening more operations against U.S. entities. Researchers at cybersecurity firm Radware said they tracked brief outages on Chicago’s air travel website, flychicago.com, as well as the sites for Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport (ATL), and Phoenix Sky Harbor Airport (PHX).  Several other website outages were reported later on Monday thanks to the DDoS attacks, which flooded the seldom-used sites with junk traffic. Despite the scope of the attack, cybersecurity experts said the media coverage was disproportionate to the actual damage done.


Caffeine service lets anyone launch Microsoft 365 phishing attacks

A phishing-as-a-service (PhaaS) platform named ‘Caffeine’ makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. Caffeine doesn’t require invites or referrals, nor does it require wannabe threat actors to get approval from an admin on Telegram or a hacking forum. Due to this, it removes much of the friction that characterizes almost all platforms of this kind. Another distinctive characteristic of Caffeine is that its phishing templates target Russian and Chinese platforms, whereas most PhaaS platforms tend to focus on lures for Western services.


Roblox says policing virtual world is like ‘shutting down speakeasies’

As online gaming platform Roblox Corp (RBLX.N) confronts a lawsuit alleging it enabled a California girl’s exploitation, its chief scientist said finding dangerous content in the company’s virtual world is nothing like spotting it in video. “It’s such a challenge to moderate 3D,” said Morgan McGuire in an interview at the Reuters Momentum conference in Austin on Tuesday. He had no comment on the recent lawsuit but said Roblox was built with safety and civility at the forefront. San Mateo, Calif.-based Roblox is deploying bots to patrol user-generated games and press buttons to detect any dangerous content that players have disguised.

Related Posts