AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/16/2024

 

European Court of Human Rights declares backdoored encryption is illegal

The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that “the contested legislation providing for the retention of all internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society.”

 

US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ

The FBI announced Thursday it successfully disrupted a Russian GRU-led hacking campaign that infiltrated more than a thousand home and small business routers that were used to carry out cyber operations against countries around the world, including in the U.S. The coordinated law enforcement action with other foreign partners is said to have successfully booted the GRU operators off the routers while locking out their abilities to re-access them, the Justice Department said.

 

US military notifies 20,000 of data breach after cloud email leak

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently exposed to the Internet by a service provider,” between February 3 and February 20, 2023. TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet. The cloud email server, hosted on Microsoft’s cloud for government customers, was accessible from the internet without a password, likely due to a misconfiguration.

 

Beware, iPhone users: First-ever iOS GoldDigger trojan can steal face ID and bank accounts

Many people choose iPhones instead of Android phones because they think iPhones are more secure. But that might not be the case anymore because there is a new banking trojan out there that is specifically made to attack iPhone users. As per a detailed report by the cybersecurity company Group-IB (via Tom’s Guide), the Android trojan GoldDigger has now been effectively adapted to target iPhone and iPad users. The company asserts that this might be the first trojan crafted for iOS, posing a significant threat by gathering facial recognition data, ID documents, and even SMS.

 

FTC cracks down on AI impersonation scammers

On Thursday, the Federal Trade Commission finalized a new rule extending protections to government and business impersonations to help curb scams and put out a call for public input on a proposed rule that covers artificial intelligence-generated scams directed at individuals. The agency’s actions follow growing complaints of generative machine learning software creating synthetic content that mimics individuals. These range from image and video deepfakes to artificial audio and voice cloning, among other forms of content. The FTC is seeking feedback on how to assess liability to companies that provide tools to create and deploy this type of content. 

Related Posts