AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/4/2020

Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation

Rep. Adam Schiff, D-Calif., has a message for the CEOs of Google, YouTube and Twitter when it comes to coronavirus misinformation: please be more like Facebook. It’s an unusual request from a D.C. lawmaker after Congress has spent the past few years scolding Facebook for its policies on misinformation. The company has struggled to escape the shadow of the 2018 Cambridge Analytica scandal and its role in spreading disinformation by Russian actors during the 2016 U.S. presidential election. But the coronavirus pandemic has given Facebook an opportunity to reclaim its reputation and at least one lawmaker is taking notice.


Zoom admits it doesn’t have 300 million users, corrects misleading claims

Zoom has admitted it doesn’t have 300 million daily active users. The admission came after The Verge noticed the company had quietly edited a blog post making the claim earlier this month. Zoom originally stated it had “more than 300 million daily users” and that “more than 300 million people around the world are using Zoom during this challenging time.” Zoom later deleted these references from the original blog post, and now claims “300 million daily Zoom meeting participants.” The difference between a daily active user (DAU) and “meeting participant” is significant. Daily meeting participants can be counted multiple times: if you have five Zoom meetings in a day then you’re counted five times. A DAU is counted once per day, and is commonly used by companies to measure service usage. Only counting meeting participants is an easy, somewhat misleading, way to make your platform usage seem larger than it is.


Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers

Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people’s email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed. According to findings published Wednesday by Zach Edwards, of digital strategy firm Victory Medium, these businesses have spilled these contact details to advertising networks and the like over the past few years. Among those websites identified by Edwards – a group that also includes Mailchimp, The Washington Post, NGPVan.com, KongHQ, and GrowingChild.com – some promptly altered their websites when notified of the issue, but others have not.


Ransomware mentioned in 1,000+ SEC filings over the past year

A growing number of public companies are now listing ransomware as a forward-looking risk factor in documents filed with the US Securities Exchange Commission. More than 1,000 documents mentioning ransomware as a risk factor have been filed over the last 12 months, and more than 700 in 2020 alone, with the number expected to easily surpass 2019’s values. Ransomware is now regularly mentioned in annual reports (10K and 20F), quarterly reports (10Q), special event filings (8K and 6K), and registration forms (S1) filed with the US regulator. Alphabet, American Airlines, McDonald’s, Tupperware, and Pluralsight, are just a few of the big-name companies that listed ransomware as a potential risk to their business over the past two days alone.


Judge Orders FCC to Hand Over IP Addresses Linked to Fake Net Neutrality Comments

A Manhattan federal judge has ruled the Federal Communications Commission must provide two reporters access to server logs that may provide new insight into the allegations of fraud stemming from agency’s 2017 net neutrality rollback. A pair of New York Times reporters—Nicholas Confessore and Gabriel Dance—sued the FCC under the Freedom of Information Act after it refused their request to view copies of the logs. The logs will show, among other details, the originating IP addresses behind the millions of public comments sent to the agency ahead of the December 2017 net neutrality vote. The FCC attempted to quash the paper’s request but failed to persuade District Judge Lorna Schofield, who wrote that, despite the privacy concerns raised by the agency, releasing the logs may help clarify whether fraudulent activity interfered with the comment period, as well as whether the agency’s decision-making process is “vulnerable to corruption.”

Related Posts