AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/16/2023

California AirTag Lawsuit Widened to Include Dozens More Stalking Cases

Apple is facing an expanded class action lawsuit in federal court in San Francisco by more than three dozen victims allegedly terrorized by stalkers using Apple AirTags, reports ArsTechnica. The complaint targets Apple alleged negligence in allowing ‌AirTags‌ to become “one of the most dangerous and frightening technologies employed by stalkers” since they can be easily used used to determine “real-time location information to track victims.” The complaint is a revised version that was brought before a Californian judge in December 2022 by two women, one of which claims her ex-boyfriend used an AirTag to track her without her consent. Since then, plaintiffs allege that there has been an “explosion of reporting” showing that ‌AirTags‌ are often used for stalking.


Researchers measure global consensus over the ethical use of AI

To examine the global state of AI ethics, a team of researchers from Brazil performed a systematic review and meta-analysis of global guidelines for AI use. Publishing October 13 in in the journal Patterns, the researchers found that, while most of the guidelines valued privacy, transparency, and accountability, very few valued truthfulness, intellectual property, or children’s rights. Additionally, most of the guidelines described ethical principles and values without proposing practical methods for implementing them and without pushing for legally binding regulation.


Meta says it’s stepping up misinformation enforcement during Israel-Hamas war

Meta is expanding its enforcement of its policies against violent posts and misinformation amid the Israel-Hamas war as charged images and posts balloon on social media. Meta and other social media platforms such as X, formerly known as Twitter, have faced pressure from Europe to stay vigilant on misinformation during the conflict, in light of the European Union’s Digital Services Act. The DSA requires social media platforms to monitor and remove illegal content in Europe. A Meta spokesperson said the company had responded to a letter from European commissioner for the internal market Thierry Breton about illegal content on the platform amid the conflict, but did not elaborate on what it said.


Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. “The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM),” the tech giant said. “New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos.”


Women Political Leaders Summit targeted in RomCom malware phishing

A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics. The campaign used a fake website mimicking the official WPL portal to bait people seeking to attend or simply interested in the summit. A Trend Micro report analyzing the new variant warns that its operators, tracked by the firm as ‘Void Rabisu,’ have been using a stealthier backdoor with a new TLS-enforcement technique in the C2 (command and control) communications to make discovery harder.


How hackers piled onto the Israeli-Hamas conflict

Hackers sympathetic to Hamas are working to make the Israel-Gaza conflict the next front of cyberwarfare. Hacking groups with links to countries including Iran and Russia have launched a series of cyberattacks and online campaigns against Israel over the past week, some that may have even occurred in the runup to the Oct. 7 strike by Hamas. On Telegram, hacking teams claimed they compromised websites, the Israeli electric grid, a rocket alert app and the Iron Dome missile defense system. At least one Israeli newspaper, The Jerusalem Post, acknowledged hackers took down its site temporarily.


Singapore and US sync up on AI governance and set up joint group

Singapore and the US have synced up their respective artificial intelligence (AI) frameworks to ease compliance and will continue to work together to drive “safe, trustworthy, and responsible” AI innovation.  Singapore’s Infocomm Media Development Authority (IMDA) and the US National Institute of Standards and Technology (NIST) completed the joint mapping exercise between IMDA’s AI Verify and NIST’s AI RMF. The alignment aims to harmonize international AI governance frameworks and reduce the cost of meeting multiple requirements. 

Related Posts