AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/5/2024

Clearview faces a €30.5 million for violating the GDPR

Clearview AI is back in hot — and expensive — water, with the Dutch Data Protection Authority (DPA) fining the company €30.5 million ($33.6 million) for violating the General Data Protection Regulation (GDPR). The release explains that Clearview created “an illegal database with billions of photos of faces,” including Dutch individuals, and has failed to properly inform people that it’s using their data. In early 2023, Clearview’s CEO claimed the company had 30 billion images. Clearview must immediately stop all violations or face up to €5.1 million ($5.6 million) in non-compliance penalties. “Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world,” Dutch DPA chairman Aleid Wolfsen stated.

 

Sextortion Scams Now Include Photos of Your Home

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing. This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.

 

Halliburton confirms data stolen in recent cyberattack

Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. The form 8-K filing mentions that an unauthorized third party accessed and exfiltrated sensitive information from Halliburton systems, and the company is now in the process of determining the exact scope of the breach. “The Company believes the unauthorized third party accessed and exfiltrated information from the Company’s systems,” reads Halliburton’s latest 8-K Form filing to the SEC.

 

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

 

Bitcoin ATM scammers stole $65 million in first half of 2024

People are losing a lot more money to Bitcoin ATM scams. In a report released on Tuesday, the Federal Trade Commission said it found the amount of money lost to Bitcoin ATM scams increased nearly 10 times from 2020 to 2023 — going from $12 million to a whopping $114 million. Consumers have already lost $65 million to the ruse in the first half of 2024 alone. Over the years, scams have evolved into different versions of pretty much the same thing: schemes that trick victims into paying scammers. We’ve seen bad actors trick people into sending wire transfersbuying gift cards, and even handing over a pile of cash in a shoebox. This is the Bitcoin ATM variation.

Related Posts