AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/1/2020

Meet the Victims of Online Scams

Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible. The victims of online scams each possess unique characteristics. And in the eyes of bad actors, they’re vulnerabilities much like the outdated components of a website. Understanding those characteristics lets bad actors tailor online scams for certain types of individuals, much like an attack targeting a specific website configuration.


CVS is testing driverless vehicles in Houston for safe, socially distanced medical deliveries

Self-driving vehicle startup Nuro announced yesterday that it will deliver medical prescriptions autonomously to residents in parts of one Texas city. It could be a boon for the health and safety of those made even more vulnerable because of the coronavirus pandemic. According to a company announcement, Nuro will partner with CVS, one of America’s biggest pharmacy chains, to deliver prescriptions to customers in a “pilot area,” which is made up of three zip codes in Houston, Texas. Starting next month, CVS customers can choose the autonomous delivery option during checkout on the pharmacy‘s website and app.


Google Takes Action Against Misleading and Malicious Notifications in Chrome

Browser notifications can be useful for certain types of services but some websites abuse them to mislead users, deliver malware, or phish personal information. Google classifies abusive notifications as permission request issues, which trick or force users into allowing notifications, and notification issues, which are fake messages that mimic chats, system dialogs or warnings. The latter can be used for phishing and to distribute malware. Starting with Chrome 84, websites that push abusive notifications will be automatically enrolled in the quieter notifications user interface, which Google introduced in January.


Amtrak resets user passwords after Guest Rewards data breach

The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members. Amtrak, a high-speed intercity passenger rail provider and an independent US government agency, operates a nationwide rail network in 46 states, the District of Columbia, and three Canadian provinces, with 30 million customers during the last nine years. It also has over 20,000 and it operates more than 300 trains every day to over 500 destinations, with a revenue of $3.5 billion in the fiscal year 2019.


Anonymous Hackers Threaten To ‘Expose The Many Crimes’ Of Minneapolis Police

In an entirely unsurprising move, the hactivist group Anonymous has surfaced to add its voice to those criticising the Minneapolis Police Department in the wake of the death of George Floyd on May 25. As the widespread civil unrest escalated, the loosely affiliated hackers released a video, threatening Minneapolis Police Department (MPD) that it will “expose your many crimes to the world.” Now those threats appear to have come to life, with online claims that MPD’s website was taken offline late on Saturday (May 30), with problems continuing through the night. Accessing the site today, Sunday, users were asked to complete a captcha to ensure they were not automated bots orchestrating a DDoS attack.

Related Posts