AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/23/2022

FCC Rule for Blocking Overseas Robocalls Receives Approval

The Office of Management and Budget has signed off on a Federal Communications Commission rule requiring gateway providers to block calls on a “do-not-originate list,” part of the agency’s May report and order designed to block overseas robocalls from reaching U.S. phones, according to a Federal Register notice published on Nov. 18. The FCC’s rules—adopted on May 19—said, in part, that the new requirements extend “our protections against unlawful robocalls by placing new obligations on the gateway providers that are the entry point for foreign calls into the United States and requiring them to play a more active role in the fight.”

 

Cybersecurity incidents cost organizations $1,197 per employee, per year

Cybersecurity is an expensive business. To prepare to address sophisticated threat actors, an enterprise needs to maintain a complete security operations center (SOC) filled with state-of-the-art technologies and experienced professionals who know how to identify and mitigate threats. All of these factors add up. According to a new report released by threat prevention provider Perception Point and Osterman Research, organizations pay $1,197 per employee yearly to address cyber incidents across email services, cloud collaboration apps or services, and web browsers. 

 

DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma

The popular online betting platform DraftKings has been targeted by credential-stuffing attacks — allowing cyberthieves to make off with around $300,000 in ill-gotten funds so far. One of its rivals, FanDuel, also said this week that it’s seen an uptick in account takeover attempts against its customers. Credential stuffing is a tactic where cybercrooks try to compromise accounts by using lists of username-and-password combinations gleaned from previous breaches, often purchased on the Dark Web.

 

An iCloud Feature Is Enabling a $65 Million Scam, New Research Says

As you read this, there’s an army of bots pretending to be Apple users surfing the web and looking at ads, according to new research shared exclusively with Gizmodo. The ad fraud scheme is weaponizing a privacy feature called Private Relay, coopting a vast swath of traffic to show ads to robots and costing advertisers tens of millions of dollars in the process, researchers’ tests found. Apple has promised that the tool has “built-in fraud detection” and that advertising platforms can trust it, but the researchers say the fraud has only gotten worse in the months since they first reported it to the company.

 

Meta confirms U.S. military involvement in sprawling phony social media operation

People associated with the U.S. military were behind dozens of phony Facebook accounts, more than a dozen pages, a pair of groups and 26 Instagram accounts that pushed pro-U.S. messaging while attempting to hide their real identities, Facebook’s parent company Meta said in a report published Tuesday. After researchers first exposed the decade-long operation in August, the Pentagon ordered “a sweeping audit of how it conducts clandestine information warfare,” The Washington Post reported in September. Citing unnamed U.S. officials, the paper reported that U.S. Central Command was among the entities under scrutiny as part of their potential role in the operation.

Related Posts