AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/20/2024

Walmart customers scammed via fake shopping lists, threatened with arrest

Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lists, a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance and branding of the official Walmart site. The scam ends in accusations of money laundering, threats of arrest warrant, and pressure to transfer money into a Bitcoin wallet.

 

UK activists targeted with Pegasus spyware ask police to charge NSO Group

Four UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London’s Metropolitan Police they hope will lead to charges against Pegasus peddler NSO Group. The activists, who say their comms were snooped on by the autocratic states, assembled their complaint with the help of Global Legal Action Network (GLAN), a non-governmental organization bringing the case to the Met on their behalf. They accuse NSO, along with a selection of its key associates, of being behind alleged spyware infections dating back to 2018.

 

DOJ, FBI need better metrics for tracking ransomware disruption efforts, audit finds

The Justice Department and FBI need to redefine what counts as success in fighting the scourge of ransomware, a new internal audit recommends. In the 26-page audit released Tuesday, Department of Justice (DOJ) Inspector General Michael Horowitz outlined the department’s actions related to ransomware from April 2021 to September 2023. The report also takes into consideration the takedown of LockBit, which took place in early 2024. The inquiry found three areas the DOJ and FBI need to improve on to more effectively fight ransomware. 

 

FTC exposes massive surveillance of kids, teens by social media giants

A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data. The FTC’s findings were released after a probe that began in December 2020 and started with 6(b) orders sent to Amazon (owner of Twitch), Meta (Facebook), YouTube, Twitter (now X Corp.), Snapchat, TikTok (owned by ByteDance), Discord, Reddit, and WhatsApp (Meta) four years ago, in December 2020.

 

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. “This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said. The PIN is a six-digit code by default, although it’s also possible to create a longer alpha-numeric PIN by selecting “PIN options.” This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android.

Related Posts