AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/08/2020

China bans encryption exports – including quantum and key management tech

China has restricted export of encryption technologies in the first list on new items published under new export control laws.

The list, which The Register has passed through two machine translation services, restricts exports of VPNs, chips with encryption functions used in finance industry applications, key management products and cryptanalysis equipment. Dedicated password-generating hardware also cannot leave the Middle Kingdom without approval. Quantum cryptographic equipment is also barred from leaving China without permission, a notable inclusion as China has demonstrated quantum key distribution in space and operates a satellite that uses entangled photons and spooky action at a distance to share keys. The list also bars exports of all software and other technology that could be used to make, design, or test the abovementioned items. The ban on quantum crypto, however, suggests China may be attempting to preserve a strategic lead in the field.


Scammers step up efforts to target older Americans during pandemic

Older adults have faced a barrage of online scams during the COVID-19 pandemic, with the upcoming holiday season and increased consumer spending likely to intensify the problem. Older people have long been viewed as easy targets by malicious actors looking to make money and have increasingly become victims of scams aimed at everything from COVID-19 stimulus checks to other financial information over the course of 2020. “Senior citizens have always remained a primary target for cyber criminals and bad actors due to their inexperience with technology,” Kelvin Coleman, the executive director of the National Cyber Security Alliance, told The Hill.  “The pandemic has exacerbated the target on seniors as so many essential services, such as health care and banking, were forced to become digital.” 


Cyber scammers target people trying to buy puppies during pandemic

The Better Business Bureau warns that scammers are cashing in on a COVID trend – more people buying dogs – to rip them off.

The non-profit says it has seen an explosion in puppy scams, receiving 337 complaints from consumers last month compared to 77 in November of last year.  The BBB estimates pet scams in the U.S. and Canada will top 4,300 cases by the end of this year, costing victims more than $3 million. Jeff Mason was ripped off in August by scammers. He says they sent him pictures and videos of what they claimed would be his mini-Dachshund puppy. The Seneca man says the sellers disappeared after he sent $700 through Zelle and asked them more questions about surprise additional charges. The BBB warns that form of payment isn’t protected. Con artists are using COVID as an excuse, but buyers should try to arrange in-person meetings or set up Zoom calls to see the animals and make sure they’re not just photos stolen from the web.  


Users will revolt over smart device privacy says WatchGuard

2021 will mark a tipping point when consumers will begin to fully-understand and revolt against the privacy concerns associated with smart and connected devices, says WatchGuard Technologies. Security analysts at WatchGuard believe that users will start to push back against vendors of IoT devices that collect personal data and will pressure governments to regulate the capabilities of these devices to protect their privacy. The last few years have seen a rapid increase in the use of digital assistances such as Alexa, Google Assistant and Siri, along with smart home systems to automatically control lights, room temperatures and access, while wearable devices track and sense critical health parameters. Behind the scenes, machine learning algorithms harness and correlate data to document user activities, behaviours, connections and interests. “While smart and connected device technologies deliver real benefits, society is starting to realise that giving corporations too much insight into our lives is not healthy,” says Corey Nachreiner, CTO at WatchGuard.


3 Million Pluto TV Users’ Data Was Hacked, But the Company Isn’t Telling Them

Low-level hackers are trading a database of user information stolen from Pluto TV, a popular American internet television service. But Pluto TV has decided not to proactively inform users of the breach. The move is somewhat unusual in a space where companies increasingly inform their customers of data breaches, even regarding breaches that do not include passwords themselves, but other information such as email addresses. “I have received password reset requests about it,” one Pluto TV user, who has not received any communication from the company despite contacting Pluto TV, told Motherboard. Motherboard granted the user anonymity so as to avoid bringing more attention to their potentially breached data in particular. The user said they reviewed the breached data and that it includes their email address.


Related Posts