AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/10/2020

Mozilla suspends Firefox Send service while it addresses malware abuse

Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a “Report abuse” button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send’s increasing prevalence in current malware operations. Mozilla launched Firefox Send in March 2019. The service provides secure and private file-hosting and file-sharing capabilities for Firefox users. Despite its name, the service is in reality accessible for anyone accessing the send.firefox.com web portal. All files uploaded and shared through Firefox Send are stored in an encrypted format, and users can configure the amount of time the file is saved on the server and the number of downloads before the file expires.


TikTok saw a rise in government demands for user data

Earlier this year, TikTok’s parent company ByteDance joined the raft of American tech giants that publish the number of government demands for user data and takedown requests by releasing its own numbers. The move was met with heavy skepticism, amid concerns about the app maker’s links to China, and accusations that it poses a threat to U.S. national security, a claim it has repeatedly denied. In its second and most recent transparency report, published today, TikTok said it received 500 total legal demands, including emergency requests, from governments in the first half of the year, up 67% on the previous half. Most of the demands came from the United States.


15B credentials available on dark web; average selling price below $16

There are more than 15 billion stolen account credentials being sold or even shared for free on the dark web, with individual entries selling for an average of $15.43, a new research report states. Roughly one-third of the credentials, or about 5 billion, are unique, according to Digital Shadows, whose researchers reached these totals following an analysis of two-and-a-half years of advertised account credentials found across nine active and defunct dark web marketplaces. Of the various categories of stolen credentials, bank and financial account passwords were found to be the most expensive — advertised on the dark web for an average of $70.91, with some prices set upwards of $500.


Does First Amendment let ISPs sell Web-browsing data? Judge is skeptical

The broadband industry has lost a key initial ruling in its bid to kill a privacy law imposed by the state of Maine. The top lobby groups representing cable companies, mobile carriers, and telecoms sued Maine in February, claiming the privacy law violates their First Amendment protections on free speech and that the state law is preempted by deregulatory actions taken by Congress and the Federal Communications Commission. Maine’s Web-browsing privacy law is similar to the one killed by Congress and President Donald Trump in 2017, as it prohibits ISPs from using, disclosing, or selling browsing history and other personal information without customers’ opt-in consent. The law took effect on July 1, 2020.


Facebook bans ‘Roger Stone disinformation network’

Facebook has removed a disinformation network it says was linked to “Roger Stone and his associates”. Mr Stone was a long-time political strategist and is an ally of US President Donald Trump. He was convicted of lying to Congress in 2019. He has denied involvement with the misinformation network. Facebook also said it had identified a network of fake accounts run by employees of Brazilian President Jair Bolsonaro’s government. The social network released details of four misinformation campaigns ahead of the July edition of its monthly report on co-ordinated inauthentic behaviour. “Campaigns like these raise a particularly complex challenge by blurring the line between healthy public debate and manipulation,” Facebook said.


SurveyMonkey Phishers Go Hunting for Office 365 Credentials

Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters. The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security. “Within the body of the email is a hidden redirect link appearing as the text ‘Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you’” it explained. “Clicking on the link redirects to a site hosted on a Microsoft form submission page. This form asks the user to enter their Office 365 email and password. If the user is not vigilant and provides their credentials, the user account would be compromised.” The attack is effective for several reasons: its use of a legitimate SurveyMonkey email sender, the concealing of the phishing site URL and the description of the email as unique to every user.

Related Posts