AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/25/2020

Top Biden adviser seen as making tech regulation more likely

President-elect Joe Biden’s top technology adviser helped craft California’s landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two key tech policy issues.  Bruce Reed, a former Biden chief of staff who is expected to take a major role in the new administration, helped negotiate with the tech industry and legislators on behalf of backers of a ballot initiative that led to the 2018 California Consumer Privacy Act. Privacy advocates see that law as a possible model for a national law. Reed also co-authored a chapter in a book published last month denouncing the federal law known as Section 230, which makes it impossible to sue internet companies over the content of user postings. Both Republicans and Democrats have called for reforming or abolishing 230, which critics say has allowed abuse to flourish on social media.

 

FBI warns of recently registered domains spoofing its sites

The U.S. Federal Bureau of Investigation (FBI) is warning the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency’s official websites. The warning comes in the form of a public service announcement issued through the FBI’s Internet Crime Complaint Center (IC3) earlier today. “The Federal Bureau of Investigation (FBI) is issuing this announcement to help the public recognize and avoid spoofed FBI-related Internet domains,” the IC3 PSA reads. “The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity.”

 

New US IoT law aims to improve edge device security

As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia’s most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections. This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs [edge access Trojans] and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.”

 

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

The Home Depot on Tuesday reached a $17.5 million settlement in a class-action lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million of the retailer’s customers, according to the South Carolina Attorney General’s Office. The settlement includes 46 states and Washington, D.C., and stems from an incident that happened between April 10 and Sept. 13, 2014, when fraudsters planted credit card skimming malware with Home Depot’s network to steal customer payment data, according to the South Carolina officials. In addition to the financial component of the settlement, the company agreed to implement specific cybersecurity measures to safeguard the personal information of its customers. “This settlement serves to promote fair but rigorous compliance with state laws, which require businesses that collect or maintain sensitive personal information to implement and adhere to reasonable procedures to protect consumers’ information from unlawful use or disclosure,” South Carolina Attorney General Alan Wilson says.

 

Why Better Password Hygiene Should Be Part of Your New Year’s Resolutions

The world has been faced with numerous life lessons in 2020, but it’s clear that millions of people still haven’t learned one of the most basic when it comes to security. A new reportt from NordPass has revealed that millions of people still haven’t broken the habit of using easy-to-remember, but easy-to-hack passwords. Of the 200 most common passwords, ‘123456’ took the number one spot again, but unfortunately for the more than two million people using it, it can be broken in less than a second. Other popular passwords included ‘iloveyou’ and the ever-so-creative ‘password’. When it comes to breaches, all roads still lead to identity. Hackers don’t hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s critical that everyone put password hygiene at the top of their New Year’s resolutions list. 

Related Posts