AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/03/2021

Facebook to Shut Down Face-Recognition System, Delete Data

Facebook said it will shut down its face-recognition system and delete the faceprints of more than 1 billion people.“This change will represent one of the largest shifts in facial recognition usage in the technology’s history,” said a blog post Tuesday from Jerome Pesenti, vice president of artificial intelligence for Facebook’s new parent company, Meta. “More than a third of Facebook’s daily active users have opted in to our Face Recognition setting and are able to be recognized, and its removal will result in the deletion of more than a billion people’s individual facial recognition templates.” He said the company was trying to weigh the positive use cases for the technology “against growing societal concerns, especially as regulators have yet to provide clear rules.”

 

Hackers are stealing data today so quantum computers can crack it in a decade

While they wrestle with the immediate danger posed by hackers today, US government officials are preparing for another, longer-term threat: attackers who are collecting sensitive, encrypted data now in the hope that they’ll be able to unlock it at some point in the future. The threat comes from quantum computers, which work very differently from the classical computers we use today. Instead of the traditional bits made of 1s and 0s, they use quantum bits that can represent different values at the same time. The complexity of quantum computers could make them much faster at certain tasks, allowing them to solve problems that remain practically impossible for modern machines—including breaking many of the encryption algorithms currently used to protect sensitive data such as personal, trade, and state secrets. While quantum computers are still in their infancy, incredibly expensive and fraught with problems, officials say efforts to protect the country from this long-term danger need to begin right now. 

 

Holiday shopping season set to be disrupted by cybercrime

A new report from Imperva suggests that the 2021 holiday shopping season faces disruption by cybercriminals looking to create chaos and take advantage of the global supply chain crisis. Bot attacks against retail sites have risen by 13 percent in 2021, with 57 percent of attacks recorded on eCommerce websites this year carried out by bots. In comparison, bad bots made up just 33 percent of the total attacks on websites in all other industries in 2021. Online retailers also experienced a higher volume of account takeover logins (32.8 percent) in 2021, compared to the average logins (25.5 percent) across all other industries. DDoS attacks against retailers are higher than for other sectors too, with application layer (L7) DDoS incidents growing nearly 200 percent in September 2021.

 

The Booming Underground Market for Bots That Steal Your 2FA Codes

The call came from PayPal’s fraud prevention system. Someone had tried to use my PayPal account to spend $58.82, according to the automated voice on the line. PayPal needed to verify my identity to block the transfer. “In order to secure your account, please enter the code we have sent your mobile device now,” the voice said. PayPal sometimes texts users a code in order to protect their account. After entering a string of six digits, the voice said, “Thank you, your account has been secured and this request has been blocked.” “Don’t worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up,” the voice said. But this call was actually from a hacker. The fraudster used a type of bot that drastically streamlines the process for hackers to trick victims into giving up their multi-factor authentication codes or one-time passwords (OTPs) for all sorts of services, letting them log in or authorize cash transfers. 

 

U.S. federal agencies told to patch hundreds of security bugs

The Biden administration has ordered nearly all federal agencies to patch hundreds of security bugs, some that were first found the best part of a decade ago. The new binding operational directive, issued by the Cybersecurity and Infrastructure Security Agency on Wednesday, gives federal agencies six months to fix more than 300 security vulnerabilities that it has identified as carrying “significant risk” to their networks. Agencies have just two weeks to fix the more recent bugs from 2021, the directive said. CISA said these security bugs, some of which date back to 2014 and 2015, are a “frequent attack vector” for cybercriminals targeting federal agencies.

Related Posts