Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/3/2020

Facebook admits to improperly giving user data to third-party developers, again

In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users’ non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.  We reached out to Facebook in an attempt to determine just how many users had their data improperly sent to third-party apps, but received no immediate response.  Facebook’s blog post does provide some — albeit limited — insight into the privacy mishap, however. The company writes that the user info in question possibly involved email addresses, birthdays, language, and gender, and was sent to around 5,000 apps past the 90-day threshold. 

 

Business giant Xerox allegedly suffers Maze Ransomware attack

Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25. The company has yet to confirm or deny a cyberattack on its network but screenshots from the attacker show that computers on at least one Xerox domain have been encrypted. Xerox Corporation is a huge business present in at least 160 countries. It registered over $1.8 billion in revenue in Q1 2020 and has 27,000 employees across the globe. It’s part of the Fortune 500 list, currently ranking at 347, with a revenue of over $9 billion last year.

 

Zoom misses its own deadline to publish its first transparency report

How many government demands for user data has Zoom  received? We won’t know until “later this year,” an updated Zoom blog post now says. The video conferencing giant previously said it would release the number of government demands it has received by June 30. But the company said it’s missed that target and has given no firm new date for releasing the figures. It comes amid heightened scrutiny of the service after a number of security issues and privacy concerns came to light following a massive spike in its user base, thanks to millions working from home because of the coronavirus pandemic.

 

Ransomware Gangs Don’t Need PR Help

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism.

 

Apple CEO Tim Cook agrees to testify in House antitrust investigation

The House Antitrust Subcommittee last year announced a bipartisan investigation into “platform gatekeepers” and “dominant” tech firms. Apple is being scrutinized for its App Store business, so-called “Sherlocking” of third-party apps and systematic removal of parental control apps. While Bezos, Pichai and Zuckerberg each signaled intent to participate in the House inquiry last month, Apple remained mum on Cook’s potential involvement. Cicilline has been an outspoken critic of dominant Silicon Valley players and is among a cadre of proponents of legal initiatives that would break up big companies. Apple’s App Store business is a major concern for the representative. In interviews last month, Cicilline called compulsory App Store fees “highway robbery” and likened the policy as “ransom” for access to the popular app marketplace.

Related Posts