Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/24/2020

Zoom will soon let you report meeting participants to help bust Zoombombers

Zoom is adding a way for hosts to report meeting participants, according to the app’s release notes published on April 19th (via PC Mag). In theory, that could help the company track down trolls that take over Zoom calls and share inappropriate material, a practice more colloquially known as “Zoombombing.” Zoom says the reporting feature will be available in an update that’s scheduled to release on Sunday, April 26th. “This feature will generate a report which will be sent to the Zoom Trust and Safety team to evaluate any misuse of the platform and block a user if necessary,” Zoom said in the update notes. Account owners and admins will be able to turn on the setting. Zoom declined to comment when The Verge asked for more details about the policy.

 

“KandyPens” Has Leaked Full Customer Credit Card Details

If you have bought a vaping pen or an accessory from the online store of the “KandyPens,” you may have had your full credit card details stolen by Magecart malicious actors. The vaporizer products manufacturer and retailer has just informed the California State General Attorney Office of a data breach that could potentially have dire consequences for an undisclosed number of individuals. The company realized that someone had planted a card skimmer on its checkout page in January 2020, and immediately hired a forensic investigator to find out what was going on.

 

Google will force advertisers to prove they are who they say they are

 Google will require all advertisers to confirm their legal identity in an effort to increase transparency. Since 2018, political advertisers have had to verify who they are, so this is an expansion of that measure. The company will enforce the rule in the US at first, and it’s likely to take a few years before the requirement rolls out worldwide. Google suggests advertisers that in certain categories may be prioritized for the verification process. Those include the promotion of “products, goods, and services” (such as retail, media, tech and travel), “informational, advisory, or educational content”(charitable causes and free financial or health advice, for instance) and ads related to regulated industries, like gambling and healthcare products.

 

Twitter will remove dubious 5G tweets ‘that could potentially cause harm’

Ever since it first started rolling out, 5G skeptics have attempted to link the next-gen cellular technology to all manner of health issues. Most recently, it’s become an easy scapegoat for the global COVID-19 pandemic, given the rapid rise of both. Conspiracy theories have gained such a foothold that vigilantes have taken matters into their own hands by destroying cell towers in various European countries. In its latest bid to tamp down on the spread of false information pertaining to the novel coronavirus, Twitter today expanded its COVID-19 guidance to include the topic.

 

New Microsoft Hack Hits Private Equity Firms In Million Dollar Heist: Here’s How It Happened

It reads like a movie script, a real-life Hustle. A team of sophisticated cyber criminals has been stalking private equity firms, monitoring internal systems, diverting emails, hijacking relationships, interpreting and even initiating wire transfers to steal millions of dollars from multiple organizations. The attack, exposed by Check Point, intercepted four separate bank transactions totalling $1.3 million. Those particular victims were three PE firms, with only half the money recovered. Check Point then reverse engineered the attack, discovering a vast array of targeted victims. It is unknown how many have already been hit.

 

Leaked pics from Amazon Ring show potential new surveillance features

Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform. Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off “would-be criminals,” and potential object, facial, and license plate detection.

 

Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again

A lawsuit filed in the wake of a controversial cybersecurity presentation last year has ended with a whimper. Crown Sterling, which described itself as an “emerging digital cryptography” company, has entered into a confidential settlement with the company behind the Black Hat security conference. In a lawsuit filed last year, the vendor had accused Black Hat, owned by Informa Tech Holdings, of breach of contract after its content was pulled from the conference website in the aftermath of a sponsored presentation that saw independent cybersecurity researchers heckle Crown Sterling’s CEO.

Related Posts