AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/20/2022

Fortnite video game maker to pay $520m over privacy and billing claims

The video game company Epic Games will pay a total of $520m in penalties and refunds to settle complaints involving children’s privacy and methods that tricked players into making purchases, US federal regulators said on Monday. The Federal Trade Commission (FTC) said that it had secured the record-breaking settlements for two cases from Epic Games, which makes the popular game Fortnite. “Epic used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children,” the FTC chair, Lina Khan, said in a statement.

CISA researchers: Russia’s Fancy Bear infiltrated US satellite network

Researchers at the Cybersecurity and Infrastructure Security Agency recently discovered suspected Russian hackers lurking inside a U.S. satellite network, raising fresh concerns about Moscow’s intentions to infiltrate and disrupt the rapidly expanding space economy. While details of the attack are scant, researchers blamed the incident on the Russian military group known as Fancy Bear, or APT28. It involved a satellite communications provider with customers in U.S. critical infrastructure sectors.

Lobbyists have held up nation’s first right-to-repair bill in New York

The Digital Fair Repair Act, the first right-to-repair bill to entirely pass through a state legislature, is awaiting New York Governor Kathy Hochul’s signature. But lobbying by the nation’s largest technology interests seems to have kept the bill parked on her desk for months, where it could remain until it dies early next year. Gay Gordon-Byrne, executive director of the Repair Association, said that “opposition has not backed off” despite the bill’s nearly unanimous passage in June. Gordon-Byrne has heard that industry groups are pushing for late amendments favoring tech firms but that the bill’s sponsors would have to approve—or convince the governor to sign the bill without them. “It’s up to the sponsors at this point,” she said.

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

The “Missing Cryptoqueen” saga has made long-term headlines since co-founders Ruja Ignatova and Karl Sebastian Greenwood started a cryptocurrency scam known as OneCoin, way back in 2014. Ignatova, who hails from Bulgaria, and who apparently liked to be known as The Cryptoqueen (her charge sheet even shows that name as an alias), has been wanted in the US on various wire fraud, money laundering and securities fraud charges since October 2017. According to the US Department of Justice (DOJ), about two weeks after charges were filed against her in the US, Ignatova flew from Sofia in Bulgaria to Athens in Greece…

…and hasn’t been heard of since, thus her updated nickname of Missing Cryptoqueen.

IRS mistakenly publishes 112,000 taxpayer records for the second time

The IRS accidentally republished 112,000 taxpayer data records in November after they were initially published as a result of a technical error earlier this year. Blame for the incident has reportedly fallen on an outside contractor working on behalf of the IRS and tasked with managing a database for the government department. The incident relates to the upload of 990-T forms which contain private information used by tax-exempt entities, including government entities and retirement accounts, to pay income tax on income that comes from specific investments or that which is unrelated to their exempt purpose, according to a letter sent to congressional leaders, Bloomberg Tax reported.

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

In the fall of 2020, gig workers in Venezuela posted a series of images to online forums where they gathered to talk shop. The photos were mundane, if sometimes intimate, household scenes captured from low angles—including some you really wouldn’t want shared on the Internet. In one particularly revealing shot, a young woman in a lavender T-shirt sits on the toilet, her shorts pulled down to mid-thigh. The images were not taken by a person, but by development versions of iRobot’s Roomba J7 series robot vacuum. They were then sent to Scale AI, a startup that contracts workers around the world to label audio, photo, and video data used to train artificial intelligence. 

UK Privacy Regulator Names and Shames Breached Firms

The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts. The data, available from Q4 2021 onwards, includes the organization’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome, explained Ropes & Gray associate Edward Machin. “Given the significance of this development, it’s surprising that the ICO has (1) chosen to release it with limited fanfare, and (2) buried the data sets on its website. Indeed, it seems to have flown almost entirely under the radar,” he argued.

Related Posts