AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – February 14, 2019

Hackers Charged With Making Threats to Schools

Two computer hackers were charged with sending false shooting and bomb threats to hundreds of schools and other institutions in the U.S. and Britain, federal prosecutors said Tuesday. The men are members of Apophis Squad, a worldwide collective of hackers intent on using the internet to “sow chaos,” the Department of Justice said in Los Angeles. Timothy Vaughn of Winston-Salem, North Carolina, was arrested this week by the FBI. The 20-year-old used the online handles “WantedbyFeds” and “Hacker_R_US,” according to the indictment. George Duke-Cohan, 19, of Hertfordshire, United Kingdom, is currently serving a prison sentence in Britain for a hoax threat targeting an airliner. His internet usernames included “DigitalCrimes,” court papers show.


Netflix records all of your Bandersnatch choices, GDPR request reveals

Netflix keeps a record all of your Bandersnatch choice data from its Black Mirror choose-your-own-adventure film, a technology policy researcher has discovered. The researcher, Michael Veale, obtained his viewing data after emailing Netflix to request it under GDPR’s right of access rules. Motherboard reports that Veale’s aim was to use the experiment to educate people about how to use the law to request their data, and to encourage companies to make it more readily available. Although it’s unsurprising that Netflix knows which choices each user made during its interactive film, Veale used the experiment to highlight that the streaming service never asks for permission to store your choices. Netflix told the researcher that it stores the data to “inform the personalised recommendations you see in future visits” as well as to help it, “determine how to improve [Bandersnatch’s] model of storytelling.”


The Scarlet Widow Gang Entraps Victims Using Romance Scams

We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but  the emotional entanglement ultimately leads to heartbreak. Romance scams are months long, if not year long, campaigns where bad actors catfish, or pretend to be in love with, an unsuspecting victim in order to steal money from them. They do this by creating fake romantic relationships that the victims become invested in and are willing to help them with fake financial troubles. In a report shared with BleepingComputer, the Agari Cyber Intelligence Division (ACID) outlines how a criminal gang out of Nigeria called "Scarlet Widow" targets those who are more likely to be lonely such as farmers, elderly, the disabled, and divorced.


DataCamp Implements Partial Password Reset After Data Security Incident

Online data science learning platform DataCamp implemented a password reset for some of its users potentially affected by a data security incident. According to a statement published on its website, DataCamp discovered on 11 February 2019 that a third party had gained unauthorized access to its systems. In the process, the intruders might have exposed the information for a subset of the company’s users. They specifically might have obtained access to users’ names, email addresses and optional data like their location and education. They also might have viewed users’ bcrypt-hashed passwords, sign-in IP addresses, account creation dates and last sign-in dates. Following its discovery, DataCamp retained a digital forensics and security firm to investigate the causes of the incident. This effort revealed that the unauthorized individuals might have exposed the information of only a minority of users.


Google Maps might get an important new privacy option soon

Here's the trouble with letting apps know your location data: It's a potential privacy nightmare, but it also makes certain apps a lot more useful. Case in point: Google Maps. You don't have to let the app access your location or retain your location history, but then it's not nearly as good. And if you do let it retain your location history, the only way to make it forget that data is to periodically go into the app's settings and tap an option manually. No more. 9to5Google spotted that a new beta of Google Maps for Android, version 10.10, has an option to automatically delete your location history after a set interval.

Related Posts