AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 29, 2019

1 Office Depot Pays $25 Million To Settle Deceptive Tech Support Lawsuit

Office Depot and Support.com, Inc, a tech support software provided from California, agreed to pay $25 million and $10 million respectively for allegedly tricking their customers into paying for millions of US dollars worth of computer repair services using fake malware scans. According to a press release issued today by the U.S. Federal Trade Commission (FTC), the agency will use the money received after the two settlements are paid to provide refunds to customers that were impacted by the allegedly deceptive tech support offered by Office Depot and Support.com. “Consumers have a hard enough time protecting their computers from malware, viruses, and other threats,” said FTC Chairman Joe Simons. “This case should send a strong message to companies that they will face stiff consequences if they use deception to trick consumers into buying costly services they may not need.”


2 Trump administration charges Facebook with ‘discriminatory’ housing advertising practices

In a civil compliant, the Department of Housing and Urban Development is seeking damages for any person who was harmed by Facebook’s targeted advertising policies, which until recently allowed employers and landlords to limit their audiences on the basis of race, ethnicity or gender. Facebook settled a lawsuit with the ACLU over the practice last week and overhauled its systems as a result. A senior HUD official told CNBC that based on Facebook’s user base and the proliferation of housing ads, the agency expects the number of users affected by the discriminatory practices could number in the millions.


3 ASUS confirms server compromise, releases fixed Live Update tool

ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday. ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” the company announced.


4 New Bill to Protect U.S. Senate Personal Devices, Accounts from Hackers

U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law. The Senate Cybersecurity Protection Act, S. 890, would allow the SAA — which is the one responsible for the Senate’s cybersecurity — to offer opt-in cybersecurity support which would help U.S. senators to be prepared when their personal devices are targeted by state-sponsored hacking groups. According to Wyden, the bill has been endorsed by "cyber and election security experts and advocates alike", such as Electronic Frontier Foundation, Google, Carnegie Mellon CyLab, Dragos Inc, Public Citizen, and more.


5 This Canadian town is letting residents pay taxes in Bitcoin

A small town in Canada, just north of Toronto, is joining Ohio in providing its citizens with an option to pay some taxes in cryptocurrency – Bitcoin, $BTC0.49% to be exact. The town of Innisfil will begin accepting Bitcoin as payment for property taxes in April, local news outlet Simcoe. According to the report, Innisfil is the first municipality in the North American nation to offer citizens the option to pay in cryptocurrency. “Once again, we are proud to be first in taking this bold step by offering this new, exciting payment option to our residents,” Innisfil Mayor Lynn Dollin said in a statement. Indeed, this is not an outright integration of cryptocurrency payments yet, but a one-year trial period.


6 “Twitter 2007 multicolor” hoax

Tweets have been circulating saying that you can trigger a cool new Twitter feature – colored tweets in a sort-of rainbow theme – simply by changing your birthday to 2007. Many people routinely give fake birthdays to cloud services, of course, with good reason. A lot of organisations continue to treat birthdays as some kind of touchstone for customer identification, on the dangerously mistaken assumption that your birthday is meant to be a secret and is therefore a reliable way to establish someone’s identity over the phone or the internet. In this case, the “Twitter 2007 multicolor” hoax is actually a cruel way to get you locked out of your Twitter account. Think about it – anyone born in 2007 is currently at most 12 years old, and therefore couldn’t possibly be 13, which is Twitter’s minumum age.


7 Spyware app exposes private photos, hosting provider steps in

A hosting company took down a database operated by a spying app this week after it was found displaying thousands of intimate images and recordings online. MobiiSpy, an Android app that can be used to track what people do on their phones, left over 95,000 images and 25,000 audio recordings on a publicly accessible database according to a report by Motherboard on 22 March. Although the database didn’t include names or contact information, it did contain call records and photos that could be used to identify the phones’ owners. According to researchers, the app’s developer had hardcoded the database URL directly into the app, which lets the operator read the target’s phone contacts and texts and even trigger remote recordings without the target’s knowledge.

Related Posts