AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/22/2021

DuckDuckGo is working on a privacy-focused desktop browser

DuckDuckGo, the company best known for its privacy-focused search engine of the same name, is working on a desktop browser that should bring the same focus on avoiding being tracked to your entire web experience. In a post on its blog, DuckDuckGo CEO Gabriel Weinberg offers a glimpse at what the upcoming browser will look like and notes that we can expect it to perform the same way its browsing app does on mobile. Weinberg explains that the desktop browser will offer “robust privacy protection” by default, without you having to toggle on any hidden security settings. Like the mobile app, the desktop equivalent will come with the same “Fire” button that instantly erases all of your browsing history, stored data, and tabs in one click. It’s also built around “OS-provided rendering engines” — like it is on mobile — which Weinberg says will create a neater interface and get rid of any clutter that comes with mainstream browsers. He also claims that early tests of the browser indicate that it’s “significantly faster” than Google Chrome.


Amazon, Meta, T-Mobile and other companies drop out of CES 2022

A handful of key tech companies has already pulled out of next year’s Consumer Electronics Show in Las Vegas. Amazon, Meta, Twitter and T-Mobile have announced that they’re no longer attending the event in person due to the threat brought about by the COVID-19 Omicron variant. The show earlier this year was a strictly online-only affair, but the Consumer Technology Association announced in April that the event is returning as an in-person affair in 2022. While the organizer requires attendees to show proof of vaccination to be able to attend the expo, the Omicron variant’s emergence prompted companies to reconsider their plans. Amazon told Bloomberg in a statement that it’ll no longer have an on-site presence at the event “due to the quickly shifting situation and uncertainty around the Omicron variant.” Its smart home subsidiary Ring will no longer be attending, as well. Meanwhile, Facebook parent company Meta said it won’t be attending the expo in person anymore “due to the evolving public health concerns related to COVID-19.” It might participate in the event in a virtual capacity, but the company has yet to release more concrete details.


How Your Kids Are Outsmarting All Your Parental Controls

This fascinating article in The Wall Street Journal details an arms-race taking place in America’s households. Concerned parents are using internet blocking and filtering techniques on their tech devices, while their children are diligently figuring out how to defeat them. Spoiler alert: The kids are winning. Consider 43-year-old Colorado real estate broker Lance Walker and his 11-year-old daughter Peyton. When Lance discovered Peyton was receiving messages from adult men on TikTok, he went to Apple’s parental-control settings and locked things down. But Peyton logged in with a new Apple ID to use TikTok, and password-locked her father out of it. “It was a nightmare,” Walker told the Journal. He is reportedly still trying to figure out how to control his daughter’s TikTok habit. It’s a particularly difficult problem because kids often know technology better than their parents, and almost always have more free time to figure out workarounds than their parents do to set up restrictions.


Belgian Defense Ministry confirms cyberattack through Log4j exploitation

The Belgian Ministry of Defense has confirmed a cyberattack on its networks that involved the Log4j vulnerability. In a statement, the Defense Ministry said it discovered an attack on its computer network with internet access on Thursday. They did not say if it was a ransomware attack but explained that “quarantine measures” were quickly put in place to “contain the infected elements.” “Priority was given to the operability of the network. Monitoring will continue. Throughout the weekend, our teams were mobilized to contain the problem, continue our operations and alert our partners,” the Defense Ministry said. “This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach. The Ministry of Defense will not provide any further information at this stage.”


T-Mobile says it blocked 21 billion scam calls this year

T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month. Furthermore, based on data through early December 2021, the carrier fund that scam call traffic has reached an all-time high, jumping over 116% from 2020 to a total of roughly 425 million scam call attempts every week. Last year, when it announced the Scam Shield service, T-Mobile said it could detect or block approximately 12 billion scam calls in 2019 and that around 30 million Americans fell victim to a phone scam within 12 months. “T-Mobile Scam Shield has identified or blocked over 21 BILLION calls for T-Mobile and Metro by T-Mobile customers through early December 2021,” the company revealed today in its 2021 Scam and Robocall Report.


Lights Out: Cyberattacks Shut Down Building Automation Systems

A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices — light switches, motion detectors, shutter controllers, and others — after a rare cyberattack locked the company out of the BAS it had constructed for an office building client. The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been mysteriously purged of their “smarts” and locked down with the system’s own digital security key, which was now under the attackers’ control. The firm had to revert to manually flipping on and off the central circuit breakers in order to power on the lights in the building.

Related Posts