This week in InfoSec talks about legendary brands in the industry Rant of the Week exposes more Meta shit-housery Billy Big Balls is a story about Uncle Sam doing it wrong Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is an industry term you may not be using correctly
This week in InfoSec (11:48)
With content liberated from the “today in infosec” twitter account and further afield
24th November 1998: AOL announces it will buy Netscape Communications
AOL announces it will buy Netscape Communications in a stock-for-stock deal worth approximately $4.2 billion. At the time it was considered a good move by AOL and Netscape to merge forces to better compete with Microsoft in the browser and Internet provider markets. However, Microsoft’s dominance in the personal computer market could not be stopped and the Netscape browser lost almost all market share to Internet Explorer.
In 2003 Microsoft settled a monopoly lawsuit with AOL (then merged with Time Warner) for $750 million over the loss of value of Netscape. AOL itself, once a dominant Internet Service Provider, slowly lost their subscriber base with the evolution of broadband Internet in the 2000’s and operates primarily as a media conglomerate, although their dial-up service still subscribes approximately 2 million users as of 2013. In 2015 that went up to 2.1 million but is now reported to be in the thousands.
21st November 2017: It was reported that Uber had concealed a massive hack that exposed data of 57m users and drivers 13 months previously
Rant of the Week (17:17)
Tax filing websites have been sending users’ financial information to Facebook
Major tax filing services such as H&R Block, TaxAct, and TaxSlayer have been quietly transmitting sensitive financial information to Facebook when Americans file their taxes online, The Markup has learned.
The data, sent through widely used code called the Meta Pixel, includes not only information like names and email addresses but often even more detailed information, including data on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts.
The information sent to Facebook can be used by the company to power its advertising algorithms and is gathered regardless of whether the person using the tax filing service has an account on Facebook or other platforms operated by its owner Meta.
Billy Big Balls of the Week (25:37)
Meta links US military to fake social media influence campaigns
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military.
Meta said it picked up on three major covert influence operations on its platforms in the third quarter of the year, the first of which originated in the United States.
Meta previously reported on secretive influence ops being performed by the US in August, but didn't specify anything about its observations at the time outside of saying they originated within the country.
Now, however, the social media giant is getting more specific. "Although the people behind this operation attempted to conceal their identities and coordination, our investigation found links to individuals associated with the US military," Meta said in the report [PDF].
Police text 70,000 victims in UK's biggest anti-fraud operation
Detectives have begun contacting 70,000 people suspected of being victims of a sophisticated banking scam.
The Metropolitan Police is sending text messages to mobile phone users it believes spoke with fraudsters pretending to be their bank.
Met Commissioner Sir Mark Rowley described an "enormous endeavour" in gathering evidence after the discovery of an online fraud network.
There have been more than 100 arrests so far, and one man has been charged.
People who receive a text message in the next 24 hours will be directed to the Action Fraud website to register their details as officers build cases against suspects.
The scam involved fraudsters calling people at random, pretending to be a bank and warning of suspicious activity on their account.
They would pose as employees of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB.
The fraudsters would then encourage people to disclose security information and, through technology, they may have accessed features such as one-time passcodes to clear accounts of funds.
As many as 200,000 people in the UK may have been victims of the scam, police said, with victims losing thousands of pounds, and in one case £3m.
Industry News (32:27)
Experts Warn Threat Actors May Abuse Red Team Tool Nighthawk
UK Privacy Tsar Defends Controversial Enforcement Strategy
Meta Removes Pro-US Accounts in Middle East and Central Asia
Panaseer Launches Guidance on Security Controls Ahead of EU's New Legislation
Russian DDoS Briefly Downs European Parliament Site
UK Cops Lead Action Against Fraud Site that Made £100m+
Cyber Essentials Scheme Set for April 2023 Update
Sonder confirms data breach, documents and other PII potentially compromised
SharkBot Malware Found in Android File Manager Apps With Thousands of Downloads
Tweet of the Week (40:45)