AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/22/2020

PayPal to support Bitcoin and other crypto — but merchants must use fiat

PayPal is ready to let users to buy, sell, and hold Bitcoin $BTC4.15% and other cryptocurrencies, according to Reuters. PayPal chief exec Dan Schulman told Reuters the company hopes this will “encourage global use of virtual coins,” and ready its network in anticipation of digital currencies issued by central banks. The US payments giant said it plans to allow users to actually spend their cryptocurrency with the 26 million merchants on its network starting early next year. PayPal reportedly boasts roughly than 346 million active accounts, and the service processed $222 billion worth of payments in 2020’s second quarter.

 

TikTok details how it’s taking further action against hateful ideologies

TikTok said on Wednesday it’s strengthening its enforcement actions against hate speech and hateful ideologies to include “neighboring ideologies,” like white nationalism and others, as well as statements that emerge from those ideologies. In a blog post, TikTok explained that it regularly evaluates its enforcement processes with the help of global experts to determine when it needed to take action against emerging risks. While the TikTok Trust & Safety teams were already working to remove neo-Nazism and white supremacy from its platform under existing policies, it’s more recently expanded enforcement will also cover related ideologies, including white nationalism, white genocide theory, as well as “statements that have their origin in these ideologies, and movements such as Identitarianism and male supremacy,” TikTok said.

 

The ‘real consequences’ of ransomware against schools

The public school system in Yazoo County, Mississippi, last week revealed that it paid a company $300,000 to help recover data that had been encrypted and stolen in a ransomware incident. In other words, the school district became the latest ransomware victim to pay its attacker’s demands. But as threat intelligence analyst Allan Liska of the security firm Recorded Future pointed out Tuesday, that $300,000 payment represents about 1.5% of the Yazoo County schools’ entire $19.5 million annual budget. “And that’s a budget that’s going down next year because of declining revenue due to the coronavirus pandemic,” Liska said while hosting an online panel about an ongoing spate of ransomware attacks against K-12 organizations.

 

Cybersecurity company finds hacker selling info on 186 million U.S. voters

A cybersecurity company says it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election. Much of the data identified by Trustwave, a global cybersecurity company, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, by sending emails designed to intimidate voters.

 

How to tell if your webcam has been hacked

There’s a good reason so many people put tape over their computer webcams or use a dedicated webcam cover to shut them off: Webcams can be hacked, which means hackers can turn them on and record you when they want, usually with a “RAT” or remote administration tool that’s been secretly uploaded. This type of attack may target anyone. Ransomware attempts generally try to take control of anything that can be used to make cash. As a result, many malware try to infect webcams so hackers can (potentially) get content suitable for extortion. To keep your webcam privacy, it’s important to have good anti-malware software — but you should also know the signs if someone has gained control of your cam. Here’s what to watch for.

 

CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros

If a person is authorized to access data for one purpose, is it a crime for them to access that data for an “improper” purpose. That question lies at the heart of a case the US Supreme Court will hear next month — the first time it will ever hear oral arguments on the Computer Fraud and Abuse Act (CFAA). The case could have serious implications for cybersecurity researchers. The CFAA, (also known as 18 US Code 1030), is the pre-eminent anti-hacking law in the United States. The CFAA was first signed into law by President Ronald Reagan in 1986 (three years after the movie WarGames spooked the White House). Since then, the CFAA — an update to 1984’s Comprehensive Crime Control Act — has been amended eight times to address newer cybersecurity threats.The broad phrasing of the statute could allow prosecutors to charge CFAA violations for just about any computer, network, or website-based research. In addition, the government can seize property used in crimes charged under the CFAA.

Related Posts