AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/08/2024

Roblox is banning kids from ‘social hangout’ spaces 

Roblox is going to block kids from accessing certain types of experiences following reports alleging that the platform has enabled child abuse. One new measure will stop kids under 13 from accessing experiences with “certain types of interactive features,” Roblox says in a post on its developer forum. Those include “social hangouts,” where the primary purpose is to communicate with others over text or voice chat, and “free-form 2D user creation” experiences, where players can do things like draw on a chalkboard or whiteboard. This change goes into effect beginning November 18th. 

 

Germany drafts law to protect researchers who find security flaws 

The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution. “Those who want to close IT security gaps deserve recognition—not a letter from the prosecutor,” stated Federal Minister of Justice Dr. Marco Buschmann. 

 

Mandatory MFA is coming to Google Cloud. Here’s what you need to know 

At Google Cloud, we’re committed to providing the strongest security for our customers. As pioneers in bringing multi-factor authentication (MFA) to millions of Google users worldwide, we’ve seen firsthand how it strengthens security without sacrificing a smooth and convenient online experience. That’s why we will soon require MFA for all Google Cloud users who currently sign in with just a password. We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025. To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments. 

 

SelectBlinds says 200,000 customers impacted after hackers embed malware on site 

More than 200,000 who shopped for blinds or window dressing this year had their credit card information and other data stolen after hackers placed malware on a major retailer’s website. In breach notification documents filed this week in California and Maine, SelectBlinds said employees discovered the malware on September 28 and realized the malware had been on the company website since at least January 7. “An unauthorized third party embedded malware on the SelectBlinds website that allowed data scraping on logins on the check-out page,” the company said. “Through our investigation, we learned that your www.selectblinds.com username and password was affected if you logged in to the check-out page only on the SelectBlinds website while making or considering a purchase.” 

 

US consumer protection agency bans employee mobile calls amid Chinese hack fears 

The US Consumer Financial Protection Bureau (CFPB) has issued an urgent directive barring employees and contractors from using mobile phones for work-related calls, following a major breach in US telecommunications infrastructure attributed to Chinese-linked hackers. According to an internal memo, CFPB’s chief information officer advised staff to move sensitive discussions to secure platforms like Microsoft Teams and Cisco WebEx, reported the Wall Street Journal (WSJ). The warning, prompted by fears of eavesdropping and data theft, follows what officials describe as an extensive espionage campaign believed to be carried out by a Chinese-linked hacking group, Salt Typhoon. 

 

Related Posts