AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/3/2020

Trump’s social media executive order faces lawsuit

The nonprofit Center for Democracy and Technology is taking aim at US President Donald Trump’s social media executive order. The CDT filed a lawsuit against the president on Tuesday, alleging that the order violates the First Amendment and the right to free speech. “The order is plainly retaliatory: it attacks a private company, Twitter, for exercising its First Amendment right to comment on the President’s statements,” the lawsuit says. “More fundamentally, the order seeks to curtail and chill the constitutionally protected speech of all online platforms and individuals by demonstrating the willingness to use government authority to retaliate against those who criticize the government.”


Google is sued in U.S. for tracking users’ ‘private’ internet browsing

Google was sued Tuesday in a proposed class action accusing it of illegally invading millions of users’ privacy by tracking their internet use from browsers set in “private” browsing mode. The lawsuit seeks at least $5 billion, accusing the Alphabet Inc. unit of illegally collecting information about what people are viewing online and where they are doing their browsing through various applications and website plug-ins, including Google Analytics and Google Ad Manager. “Billions of times a day, Google causes computers around the world to report the real-time internet communications of hundreds of millions of people to Google,” according to the complaint filed in U.S. District Court in San Jose, California.


Hackers are targeting your smartphone as way into the company network

The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months. Analysis by cybersecurity company Lookout found that there’s been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone. Phishing emails have long been a problem for desktop and laptop users, but the increased use of mobile devices – especially as more people are working remotely – has created an additional attack vector for cyber criminals who are targeting both Android and IOS phones.


After a breach, users rarely change their passwords, study finds

Only around a third of users usually change their passwords following a data breach announcement, according to a recent study published by academics from the Carnegie Mellon University’s Security and Privacy Institute (CyLab). The study, presented earlier this month at the IEEE 2020 Workshop on Technology and Consumer Protection, was not based on survey data, but on actual browser traffic. Academics analyzed real-world web traffic collected with the help of the university’s Security Behavior Observatory (SBO), an opt-in research group where users sign up and share their full browser history for the sole purpose of academic research.


Stolen YouTube Credentials Growing in Popularity on Dark Web Forums

The current cyber threat landscape is dominated by coronavirus-related attacks, exploits, and scams. In recent blogs, we have explored how cybercriminals have been exploiting the COVID-19 pandemic to distribute spread phishing and malware attacks, how they then moved to targeting collaboration tools and how they recycle old usernames and passwords for credential dumping attacks. But over the past few weeks, IntSights researchers have observed yet another new trend in black markets and cybercrime forums that has rapidly growing demand: stolen credentials for prominent YouTube accounts.


Related Posts