AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/21/2022

FBI Warns Students Against Loan Forgiveness Scammers 

The Federal Bureau of Investigation (FBI) has released a new public service announcement warning against fraudulent websites, emails, texts or phone scams aiming to defraud individuals seeking federal student loan forgiveness. According to the document, scammers are attempting to solicit personally identifiable information (PII), financial information or payment from potential victims. The warning comes amidst the backdrop of the recently released Student Loan Debt Relief Plan, which will provide targeted student debt cancellation to borrowers with incomes below $125,000 (or joint filers with incomes below $250,000) with loans held by the US Department of Education. The loan forgiveness will deliver up to $20,000 of debt cancellation for Pell Grant recipients and up to $10,000 for other borrowers. 

 

TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens 

China-based team at TikTok’s parent company, ByteDance, planned to use the TikTok app to monitor the personal location of some specific American citizens, according to materials reviewed by ForbesThe team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang. The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices. 

 

Microsoft data breach exposes customers’ contact info, emails 

Microsoft said today that some of its customers’ sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. The company secured the server after being notified of the leak on September 24, 2022 by security researchers at threat intelligence firm SOCRadar. “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” the company revealed. 

 

Twitter shares slump after report that the U.S. mulls national-security reviews for some of Elon Musk’s ventures 

Shares of Twitter plunged in premarket trade on Friday after a report Biden administration officials are considering subjecting some of Elon Musk’s ventures to national-security reviews. Twitter TWTR, +1.18% shares plunged 9% to $47.64 in premarket trade, below the $54.20 per share buyout price. Bloomberg News reported late Thursday that some U.S. officials have become concerned in recent weeks by Musk’s Russia-friendly tweets and his threat to cut off Starlink satellite internet service to Ukraine. The Tesla TSLA, -6.65% and SpaceX CEO’s pending $44 billion acquisition of Twitter has also reportedly drawn concerns because of its foreign investors, including a Saudi prince, Binance Holdings — a crypto exchange that was initially based in China — and Qatar’s sovereign wealth fund. 

 

France Slaps Fine on Face Recognition Firm Clearview AI 

France on Thursday slapped a 20-million-euro fine on US firm Clearview AI for breaching privacy laws, as pressure mounts on the controversial facial-recognition platform. The company collects images of faces from websites and social media feeds without seeking permission and sells access to its vast database — reportedly around 20 billion pictures — to clients including law enforcement agencies. Privacy activists around the world have raised objections to the business model, already winning a case in the United States that has forced the firm to stop selling its main database to private clients. The French complaint to French privacy watchdog CNIL is one of a slew filed by activists across Europe that has already resulted in fines in Italy and Britain. 

 
Texas sues Google for allegedly capturing biometric data of millions without consent 

Texas has filed a lawsuit against Alphabet’s (GOOGL.O) Google for allegedly collecting biometric data of millions of Texans without obtaining proper consent, the attorney general’s office said in a statement on Thursday. The complaint says that companies operating in Texas have been barred for more than a decade from collecting people’s faces, voices or other biometric data without advanced, informed consent. “In blatant defiance of that law, Google has, since at least 2015, collected biometric data from innumerable Texans and used their faces and their voices to serve Google’s commercial ends,” the complaint said. “Indeed, all across the state, everyday Texans have become unwitting cash cows being milked by Google for profits.” 

Related Posts