AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/2/2024

India rescues 250 citizens enslaved by Cambodian cybercrime gang 

The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. The government explains that these people were tricked into believing that lucrative job opportunities were waiting for them in the Southeast Asian nation, yet they were forced into becoming cybercriminals once they arrived there. After several nationals informed India’s Embassy in Cambodia of their dire situation, the country worked with the Cambodian authorities to locate and bring them back. 

 

Vulnerability database backlog due to increased volume, changes in ‘support,’ NIST says 

The National Institute of Standards and Technology (NIST) blamed increases in the volume of software and “a change in interagency support” for the recent backlog of vulnerabilities analyzed in the organization’s National Vulnerability Database (NVD). For years, the NVD has been an invaluable resource for cybersecurity experts and defenders who rely on it for key information about vulnerabilities. But in mid-February, important metadata from the NVD was removed and the organization struggled to process waves of new vulnerabilities. NIST posted a notice on its website claiming it was “working to establish a consortium to address challenges in the NVD program and develop improved tools and methods.”  

 

Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement 

Google has agreed to purge billions of data records reflecting users’ browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the “incognito” or “private” mode on web browsers like Chrome. In late December 2023, it emerged that the company had consented to settle the lawsuit. The deal is currently pending approval by the U.S. District Judge Yvonne Gonzalez Rogers. 

 

Polish officials may face criminal charges in Pegasus spyware probe 

Former Polish government officials may face criminal charges following an investigation into their use of the notorious spyware Pegasus to surveil political opponents and others. Poland officially launched a parliamentary probe into the previous government’s potential misuse of the commercial surveillance software in February. On Monday, Minister of Justice Adam Bodnar told The Guardian that Pegasus victims would soon receive notification that they had been targeted by the NSO Group’s controversial snoopware. “There is a decent chance that within a couple of months we’ll have quite extensive knowledge how this equipment was used and for what purpose,” Bodnar said.  

 

OWASP discloses data breach caused by wiki misconfiguration 

The OWASP Foundation has disclosed a data breach after some members’ resumes were exposed online due to a misconfiguration of its old Wiki web server. Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security. It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide. 

Related Posts