AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/26/2021

‘Conditioning an entire society’: the rise of biometric data technology

In a school canteen in Gateshead, cameras scan the faces of children, taking payment automatically after identifying them with facial recognition. More than 200 miles away in North London, staff at a care home recently took part in a trial that used facial data to verify their Covid-19 vaccine status. And in convenience stores around the country, staff are alerted to potential shoplifters by a smart CCTV system that taps into a database of individuals deemed suspect. In each case, biometric data has been harnessed to try to save time and money. But the growing use of our bodies to unlock areas of the public and private sphere has raised questions about everything from privacy to data security and racial bias.


Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

Mozilla’s Firefox browser team has cracked down on malicious add-ons, blocking software with a 455,000 user base. On October 25, the development team said that in early June, Firefox discovered add-ons that were misusing the browser’s proxy API, used by software to manage how the browser connects to the internet. Add-ons are software modules that can be installed to customize a user’s browsing experience and may include anti-tracking software, ad blockers, themes, and utilities. However, they may also become a conduit for malicious purposes, such as data theft or eavesdropping, a challenge faced by all browser developers. According to Mozilla, the add-ons removed in the sweep tampered with the browser’s update functionality; in particular, users were unable to download updates, access updated blocklists, or update remotely configured Firefox content. 


Facebook to refocus its efforts toward serving younger users

Facebook, plagued by more controversy than usual recently, has found itself knee-deep in another problem following reports that it misled investors over declining teen and young adult user numbers. Both groups are spending less time on the social network, the number of signups is falling, and people are joining at older age: around 24 or 25. The company is being accused of misrepresentation after spending years showing huge growth but leaving out details of key demographics. In a call to investors on Monday, Zuckerberg said Facebook was “retooling” to “make serving young adults their north star.” “So much of our services have gotten dialed to be the best for the most people who use them, rather than specifically for young adults,” Zuckerberg said, adding that the changes will take years rather than months and result in growth among older users slowing.


U.S. counterintel hubs warns of foreign threats to emerging technologies

The National Counterintelligence and Security Center on Friday warned that China’s goals in certain key emerging technologies could give Beijing an advantage over the U.S. and its security interests. In a new paper, the branch of the Office of the Director of National Intelligence, said that China “has a goal of achieving leadership in various emerging technology fields by 2030.” It notes the country is also the “primary strategic competitor to the United States because it has a well resourced and comprehensive strategy to acquire and use technology to advance its national goals.” The NCSC said that while technologies like quantum computing, biotechnology, semiconductors and artificial intelligence can be “beneficial” they “warrant extra attention” by the private sector and others due to “their implications for security.” The warning marks the latest attempt by the Biden administration to educate the private sector and the public about the risks of working with China — which senior officials, such as CIA Director Bill Burns, have said is the greatest strategic threat to the U.S.


SCUF Gaming store hacked to steal credit card info of 32,000 customers

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both professional and casual gamers. It has 118 granted patents and 52 other pending patent applications covering key controller areas, including the trigger control mechanism, back control functions and handle, and more. SCUF Gaming customers were the victims of a web skimming (also known as e-Skimming, digital skimming, or Magecart) attack.


Missouri Professor Wants Gov. Parson to Apologize

A cybersecurity professor who verified the vulnerability that left the Social Security numbers of upwards of 100,000 teachers accessible on a Missouri website is demanding Gov. Mike Parson apologize after he threatened those who exposed the weakness with prosecution. An attorney for University of Missouri-St. Louis Professor Shaji Khan sent a letter Thursday to Parson, the Missouri Department of Elementary and Secondary Education (DESE) and other agencies telling them to preserve records related to the episode — often a first step before a lawsuit. The letter is the first indication that Parson may face a legal challenge over his response to a St. Louis Post-Dispatch story last week detailing how Social Security numbers had been left exposed on a DESE website. The day after publication, Parson called a news conference where he threatened the newspaper, its journalists and those who helped them with prosecution — and said law enforcement would investigate.

Related Posts