AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/29/2021

In the middle of a crisis, Facebook Inc. renames itself Meta

Facebook Inc. is now called Meta Platforms Inc., or Meta for short, to reflect what CEO Mark Zuckerberg said Thursday is its commitment to developing the new surround-yourself technology known as the “ metaverse.” But the social network itself will still be called Facebook. Also unchanged, at least for now, are its chief executive and senior leadership, its corporate structure and the crisis that has enveloped the company. Skeptics immediately accused the company of trying to change the subject from the Facebook Papers, the trove of leaked documents that have plunged it into the biggest crisis since it was founded in Zuckerberg’s Harvard dorm room 17 years ago. The documents portray Facebook as putting profits ahead of ridding its platform of hate, political strife and misinformation around the world. The move reminded marketing consultant Laura Ries of when energy company BP rebranded itself to “Beyond Petroleum” to escape criticism that the oil giant harmed the environment.


FTC wants to know when financial data is compromised, will require encryption

The Federal Trade Commission is weighing updating its rules to require financial institutions to report within 30 days any security incidents in which misuse of customer data of at least 1,000 customers likely occurred. The information requested by the FTC under a proposal published Wednesday would include the name and contact information of an affected institution, the type of data involved in the event and the timeframe of the incident. The FTC notes that similar information is required under many state breach reporting laws, and that the FTC does not consider the information requested to be “confidential or proprietary.” The proposal adds to a list of agency actions putting privacy at the center of its enforcement agenda. Requiring breach notifications from financial institutions would give the lead consumer protection agency in the U.S. more information to bolster its oversight of an industry that increasingly is vacuuming up more consumer data.


CIA sought revenge against Julian Assange over hacking tool leaks, court hears

The CIA wanted revenge against WikiLeaks founder Julian Assange after WikiLeaks published documents about the CIA’s surveillance tools, a court heard today.  Lawyers for Assange told court judges that the Vault 7 leak – which disclosed the CIA’s hacking capabilities – provoked a desire for blood and vengeance from the US intelligence community. They told the court that US agents discussed plans to forcibly remove Assange from the Ecuadorian embassy by kidnapping him and had discussed the idea of poisoning him. The claims were made on the second day of an appeal by the US government against a UK court’s decision not to extradite Assange to face charges in the US. The US has offered the court diplomatic assurances that Assange would not be subject to Special Administrative Measures, a form of solitary confinement in the US. He could apply to serve his sentence in his native country of Australia.


Twitter employees required to use security keys after 2020 hack

Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack. The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter’s Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap. “Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks,” they said. “We’ve also implemented security keys internally across our workforce to help prevent security incidents like the one Twitter suffered last year.” After the July 2020 hack, Twitter revealed that the attackers took control of dozens of high-profile accounts after stealing Twitter employees’ credentials following a phone spear-phishing attack on July 15, 2020.


Ransomware gangs use SEO poisoning to infect visitors

Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets. SEO poisoning, also known as “search poisoning,” is an attack method that relies on optimizing websites using ‘black hat’ SEO techniques to rank higher in Google search results. Due to their high ranking, victims who land on these sites believe they are legitimate, and actors enjoy a heavy influx of visitors who look for specific keywords. According to the findings of the Menlo Security team, SEO poisoning by malware distributors is on the rise, with two notable examples being the Gootloader and SolarMarket campaigns.


India’s Top Court Orders Probe Into Pegasus Snooping

India’s Supreme Court on Wednesday ordered an independent investigation into the alleged government use of Pegasus spyware on journalists, opposition politicians and activists with the chief justice calling the implications “Orwellian”. India was one of 45 countries where tens of thousands of numbers were targeted by the spyware made by Israeli firm NSO, according to leaked documents released this year. More than 1,000 of the numbers were Indian and the Supreme Court order followed petitions from individuals that the chief justice N.V. Ramana said “raise an Orwellian concern”. He added that the court had accepted the petitions because “there has been no specific denial” by the government. The state cannot be given a “free pass every time the spectre of national security is raised,” the court said as it named cyber and computer science experts to look into the allegations.

Related Posts