AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/28/2022

UK to criminalize deepfake porn sharing without consent

Brace for yet another expansion to the UK’s Online Safety Bill: The Ministry of Justice has announced changes to the law which are aimed at protecting victims of revenge porn, pornographic deepfakes and other abuses related to the taking and sharing of intimate imagery without consent — in a crackdown on a type of abuse that disproportionately affects women and girls. The government says the latest amendment to the Bill will broaden the scope of current intimate image offences — “so that more perpetrators will face prosecution and potentially time in jail”.


Slippery RansomExx Malware Moves to Rust, Evading VirusTotal

The APT group DefrayX appears to have launched a new version of its RansomExx malware, rewritten in the Rust programming language — possibly to avoid detection by antivirus software. According to IBM Security X-Force Threat researchers, that evasion may be successful, at least for now. IBM reported that one sample that it analyzed “was not detected as malicious in the VirusTotal platform for at least 2 weeks after its initial submission” and that “the new sample is still only detected by 14 out of the 60+ AV providers represented in the platform.”


Massive Twitter data breach was far worse than reported, reveal security researchers

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources. It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression.


The FCC just banned these Chinese cameras and telecom hardware from reaching the US

Huawei, ZTE, Hikvision, Hytera, and Dahua all sell telecommunications equipment and video surveillance technology into the United States, but many of their future security cams and radio hardware will no longer be welcome. The Federal Communications Commission has just announced it’ll no longer authorize some of their equipment — which is a big deal, because companies can’t legally import or sell anything with a radio in the US without that authorization. But as I’ll explain, it’s not a blanket ban, either. Clearly-marked consumer products are likely going to be exempt.


Ransomware gang targets Belgian municipality, hits police instead

The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more. This type of data can potentially expose people who reported crimes or abuse and could compromise ongoing law enforcement operations and investigations.


‘Extinction is on the table’: Jaron Lanier warns of tech’s existential threat to humanity

Jaron Lanier, the eminent American computer scientist, composer and artist, is no stranger to skepticism around social media, but his current interpretations of its effects are becoming darker and his warnings more trenchant. Lanier, a dreadlocked free-thinker credited with coining the term “virtual reality”, has long sounded dire sirens about the dangers of a world over-reliant on the internet and at the increasing mercy of tech lords, their social media platforms and those who work for them.

Related Posts