AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/15/2020

Chrome will soon block resource-draining ads. Here’s how to turn it on now

Chrome browser users take heart: Google developers are rolling out a feature that neuters abusive ads that covertly leach your CPU resources, bandwidth, and electricity. The move comes in response to a swarm of sites and ads first noticed in 2017 that surreptitiously use visitors’ computers to mine bitcoin and other cryptocurrencies. As the sites or ads display content, embedded code performs the resource-intensive calculations and deposits the mined currency in a developer-designated wallet. To conceal the scam, the code is often heavily obfuscated. The only signs something is amiss are whirring fans, drained batteries, and for those who pay close attention, increased consumption of network resources.


Project Aims to Unmask Disinformation Bots

Aiming to combat disinformation on social media, a research team published plug-ins for major Web browsers on Thursday that give users a score as to the likelihood that a Twitter handle is a bot or a human. Dubbed BotSight, the project is the brainchild of machine learning researchers at security firm NortonLifeLock, formerly a subsidiary of Symantec, which aims to help users determine which accounts are valid and which are not. The tool uses 4TB of data collected by the researchers over the past six months and looks at 20 features — from the randomness of the Twitter handle to the rate of follower acquisition — to classify the handle as a bot or human.


New Microsoft 365 sign-in pages already spoofed for phishing

Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Microsoft 365 sign-in pages. “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns,” Microsoft tweeted earlier. “We have so far seen several dozens of phishing sites used in these campaigns.” The new Azure AD sign-in experience design for Microsoft customers was updated roughly three months ago, at the end of February, and has started rolling out during the first week of April.


TikTok accused of breaching US child privacy regulations

Twenty advocacy groups have accused TikTok of violating child privacy regulations in the US and breaching a settlement that the viral video app agreed with the Federal Trade Commission last year over a previous privacy complaint. The groups—which include the Campaign for a Commercial-Free Childhood, the Center for Digital Democracy and the Electronic Privacy Information Center—have filed a complaint with the US watchdog saying they believe that the social media platform is “in contempt” of the terms of the 2019 settlement, as well as children’s privacy regulations. TikTok, which is owned by Chinese tech group ByteDance, was fined $5.7 million in February last year for illegally collecting children’s data as it began to rise in popularity among teens in the West.


Senate Votes to Allow FBI to Look at Your Web Browsing History Without a Warrant

The US Senate has voted to give law enforcement agencies access to web browsing data without a warrant, dramatically expanding the government’s surveillance powers in the midst of the COVID-19 pandemic. The vote comes at a time when internet usage has skyrocketed, with tens of millions of Americans quarantined at home during the COVID-19 pandemic. Privacy advocates have warned for over a decade that allowing warrantless access to web search queries and browsing history allows law enforcement to easily crack down on activists, labor organizers, or anyone else the government deems a threat.

Related Posts