AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/25/2024

Senators push to declassify TikTok briefings

Democratic Senator Richard Blumenthal and Republican Senator Marsha Blackburn are calling for TikTok briefings to be declassified so the government can “better educate the public on the need for urgent action.” The briefings come as support grows for a forced sale of TikTok due to national security concerns around ByteDance, the Chinese company that owns the app. “We are deeply troubled by the information and concerns raised by the intelligence community in recent classified briefings to Congress. TikTok is a weapon in the hands of the Chinese government, and poses an active risk to our democratic institutions and national security,” Blumenthal and Blackburn wrote.

 

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches.

 

GM stops sharing driver data with brokers amid backlash

After public outcry, General Motors has decided to stop sharing driving data from its connected cars with data brokers. Last week, news broke that customers enrolled in GM’s OnStar Smart Driver app have had their data shared with LexisNexis and Verisk. Those data brokers in turn shared the information with insurance companies, resulting in some drivers finding it much harder or more expensive to obtain insurance. To make matters much worse, customers allege they never signed up for OnStar Smart Driver in the first place, claiming the choice was made for them by salespeople during the car-buying process. Now, in what feels like an all-too-rare win for privacy in the 21st century, that data-sharing deal is no more.

 

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesn’t help you understand what it can do, a few examples from the news might help. Flipper Zero made headlines in October because versions running third-party firmware could be used to crash iPhones running iOS 17 (since resolved in iOS 17.2). Later, reporters found information that car thieves could use the Flipper Zero to intercept, record, and sometimes mimic the signal of a vehicle’s key fob, and if the car was in a garage, the signal of the garage door opener too.

 

Here’s why Twitter sends you to a different site than what you clicked

Users of the social media platform X (formerly Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed in the post. A Twitter ad spotted below by a security researcher shows forbes.com as its destination but instead takes you to a Telegram account purportedly promoting crypto scams. Security researcher Will Dormann spotted a Twitter post with a link to “forbes.com.”

Related Posts