AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/8/2020

Companies start reporting ransomware attacks as data breaches

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid. If a victim does not pay the ransom, the threat actors will publicly post the data on data leak sites created to shame the victim. The good news is that corporate victims are finally starting to issue data breach notifications when affected by a ransomware attack. In addition, most of them offer free credit monitoring and identity theft protection to affected employees and clients so that they can be alerted if their data is used publicly or for fraud.


Pompeo says U.S. looking at banning Chinese social media apps, including TikTok

Secretary of State Mike Pompeo said late on Monday that the United States is “certainly looking at” banning Chinese social media apps, including TikTok. “I don’t want to get out in front of the President (Donald Trump), but it’s something we’re looking at,” Pompeo said in an interview with Fox News.


Is AI Ready to Help Diagnose COVID-19?

For years, many artificial intelligence enthusiasts and researchers have promised that machine learning will change modern medicine. Thousands of algorithms have been developed to diagnose conditions like cancer, heart disease and psychiatric disorders. Now, algorithms are being trained to detect COVID-19 by recognizing patterns in CT scans and X-ray images of the lungs. Many of these models aim to predict which patients will have the most severe outcomes and who will need a ventilator. The excitement is palpable; if these models are accurate, they could offer doctors a huge leg up in testing and treating patients with the coronavirus. But the allure of AI-aided medicine for the treatment of real COVID-19 patients appears far off. A group of statisticians around the world are concerned about the quality of the vast majority of machine learning models and the harm they may cause if hospitals adopt them any time soon.


Apple and T-Mobile are being hit with a class action lawsuit over a security flaw that exposed iMessages and FaceTime calls

Apple and T-Mobile are facing a class action lawsuit over allegations that their failure to disclose a security issue that made it possible for third parties to access messages and video calls sent through Apple’s iMessage and FaceTime apps jeopardized consumer privacy. The plaintiffs, Tigran Ohanian and Regge Lopez, say Apple misled customers by promoting the security of its products without disclosing a vulnerability that made it possible for strangers to access iMessage and FaceTime interactions. The complaint was filed on July 6 in the United States District Court for the Southern District of New York. Apple Insider and Bloomberg Law first discovered the complaint.


Activists behind Facebook ad boycott rip Zuckerberg after meeting

Zuckerberg, COO Sheryl Sandberg, and CPO Christopher Cox met with organizers from the NAACP, Color Of Change, Anti-Defamation League, Stop Hate for Profit, and Free Press to discuss Facebook’s failure to curtail the spread of hate and disinformation across its platform. In a statement from Stop Hate for Profit, the organization said that Zuckerberg “offered the same old defense.” “It was abundantly clear in our meeting today that Mark Zuckerberg and the Facebook team is not yet ready to address the vitriolic hate on their platform,” the statement reads. “Zuckerberg offered no automatic recourse for advertisers whose content runs alongside hateful content. He had no answer for why Facebook recommends hateful groups to users. He refused to agree to provide an option for victims of hate and harassment to connect with a live Facebook representative.”


Criminal charges reveal the identity of the “invisible god” hacker

A notorious hacker who made an estimated $1.5 million by stealing information from more than 300 companies and governments in 44 countries has been identified as a 37-year-old man from Kazakhstan.  Known as Fxmsp, the hacker became famous in 2019 when he advertised access and source code for leading cybersecurity companies, amid claims that he could make a customer “the invisible god of networks.” His identity and techniques remained largely unknown, however. But today an American court unsealed criminal charges that named a single Kazakh national, Andrey Turchin, as the man behind the attacks, and detailed five felony charges against him. 

Related Posts