AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/22/2020

CFAA latest: Supremes to tackle old chestnut of what ‘authorized use’ of a computer really means in America

If someone is authorized to use a computer – to access a database, for example – is that a blanket authorization, and can they use it so long as they continue to use their existing login? Or does it depend on the circumstances? Can someone’s authorization be dependent on the application’s terms of service? The question may seem simple but the bigger issue is how the law – specifically the US Computer Fraud and Abuse Act (CFAA) – sees it. Because while an employee could be warned, or even fired, for abusing their access to information, the CFAA would make it a criminal act. People could go to jail for not following the correct terms of service.


Team Cymru and Arctic Security Reveal Number of Compromised Organizations Has More Than Doubled Since Stay-at-Home Order

Team Cymru and its partner Arctic Security today announced the release of new cyber threat research indicating that news coverage of the recent uptick in cyber threat activity is showing an incomplete picture. Despite the focus on VPN hacks and attacks at home, the research indicates that computers at more than 50,000 organizations in the US had been infected prior to stay-at-home orders. Researchers say they are witnessing previously infected computers being activated now that their malicious communications are no longer being blocked by corporate firewalls. Arctic Security in Finland, with unique data from US-based internet security and threat intelligence firm Team Cymru, finds the number of compromised organizations in the US, Finland and across Europe has doubled, tripled or even quadrupled, between January and the end of March. Researchers believe this demonstrates a systemic problem facing organizations – a failure of internal security tools and processes and an inability to prepare for mobile workforces.


Bot creates millions of fake eyeballs to rip off smart-TV advertisers

Researchers have uncovered the biggest connected-TV (CTV) ad fraud operation they’ve ever seen, fueled with fake ad views seen by bogus eyeballs that actually belonged to a bot network they named ICEBUCKET. Bot-mitigation security firm White Ops said on Thursday that at its peak – January 2020 – the ICEBUCKET bot operation impersonated more than 2 million people in over 30 countries. ICEBUCKET also cooked up 300 publishers out of thin air, then stole advertising dollars by tricking advertisers into thinking there were real people on the other side of the screen. Those were no humans: they were all bots, working to exploit the limited transparency of what’s known as the server-side ad insertion (SSAI) platform for measuring video ad impressions.


Senator wants Tim Cook to take personal responsibility for contact-tracing data privacy

Senator Josh Hawley (R-Mo.) wants Apple and Google to have some skin in the game when it comes to keeping data private in their joint coronavirus contact-tracing project. Hawley’s idea? That Apple and Google’s CEOs — Tim Cook and Sundar Pichai, respectively — should take personal responsibility for ensuring the data is kept private. “If you seek to assure the public, make your stake in this project personal,” he wrote Tuesday in a letter to Tim Cook and Sundar Pichai. “Make a commitment that you and other executives will be personally liable if you stop protecting privacy, such as by granting advertising companies access to the interface once the pandemic is over.”


Hey there! Are you using WhatsApp? Your account may be hackable

After Jeff Bezos’s phone was compromised by a malicious video sent via WhatsApp, it hopefully got all of you thinking about your own phone security and thinking how easily you could be hacked. There are lots of tools, tips and tricks to put in place to best protect WhatsApp’s two billion users from cybercriminals, but the truth is that if a threat actor is dedicated enough, there is little we can do other than to protect ourselves in the best way possible… and hope the attackers move on to less well-defended targets. But when it comes to WhatsApp, is there anything else we can do to protect our account? The messages are already encrypted, meaning law enforcement individuals can’t probe into those private conversations directly, but is there another way in? The encryption key to a WhatsApp message is present in both devices being used in the conversation, so threat actors would need to get their hands on one or the other to read through those chatlogs.

Related Posts