Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/13/2020

Secret Service merging electronic and financial crime task forces to combat cybercrime

The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous task forces. “Through the creation of the CFTFs, the Secret Service aims to improve the coordination, sharing of expertise and resources, and dissemination of best practices for all its core investigations of financially-motivated cybercrime,” the Secret Service said.

 

International probe launched into facial recognition firm that scrapes images from the internet

The New York-headquartered company has built a facial recognition database by taking images from social media platforms and other websites without the consent of the people featured. It is reported that Clearview has “scraped” more than 3 billion images from the internet to build its database, which law enforcement agencies use to try and identify criminals. “The Office of the Australian Information Commissioner (OAIC) and the UK’s Information Commissioner’s Office (ICO) have opened a joint investigation into the personal information handling practices of Clearview Inc., focusing on the company’s use of ‘scraped’ data and biometrics of individuals,” reads a statement on the ICO’s website.

 

Google bans stalkerware ads

Google announced plans this week to ban ads that promote stalkerware, spyware, and other forms of surveillance technology that can be used to track other persons without their specific consent. The change was announced this week as part of an upcoming update to Google Ads policies, set to enter into effect next month, on August 11, 2020. Google said that private investigation services or products designed for parents to track or monitor their underage children are not banned under this new policy and will still be allowed to be advertised on its platform. Offenders who promote stalkerware will receive a seven-day warning, after which they’ll be banned if they don’t remove the offending ads.

 

Amazon says it sent warning about TikTok app to employees by mistake

Amazon sent a memo to employees Friday morning telling them to delete the popular social media app TikTok from their phones. Hours later, the company’s press office said the memo was sent in error but provided no further explanation. In the email to workers, Amazon’s IT services department said the app poses “security risks,” but it didn’t provide specifics. Workers were told to remove the app Friday to be able to keep mobile access to their work email. Access to TikTok from a browser on a laptop would still be allowed, according to the email, titled “Action required: Mandatory removal of TikTok by 10-Jul,” which CNET reviewed.

 

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

A jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal networks of LinkedIn, Dropbox, and Formspring back in 2012 and then selling their user databases on the black market. The jury verdict was passed on Friday during what was the first trial to be held in California since the onset of the coronavirus (COVID-19) pandemic. According to court documents and evidence presented at the trial, Nikulin hacked all three companies in the spring of 2012. The hacker first breached LinkedIn between March 3 and March 4, 2012, after he infected an employee’s laptop with malware that allowed Nikulin to abuse the employee’s VPN and access LinkedIn’s internal network. From here, the hacker stole roughly 117 million user records, data that included usernames, passwords, and emails.

 

How Two-Factor Authentication Keeps Your Accounts Safe

IF YOU WANT to keep your online accounts safe, adding two-factor authentication (2FA) is the single most important step you can take. While no security measure is 100 percent hackproof, 2FA is going to go a long way to locking down access to your important accounts. As the name suggests, 2FA adds another level of authentication to the login process. It means you need something besides your username and password to get into your account—and with swaths of login credentials regularly published online, it’s in your best interests to put that additional step in place. We’ve discussed 2FA before, but there have been some useful updates since then. Here we’ll outline exactly what two-factor authentication is, how it works, and how you can set it up. It doesn’t take long to put 2FA in place, and the next time someone else tries to access your account with a stolen set of login details, you’ll be glad you did.

Related Posts