Biden aide Bill Russo attacks Facebook’s post-election role

Mr. Russo, who is deputy press secretary to the US president-elect tweeted that Facebook is not doing enough to rein in pages that promoted conspiracy theories, calls to violence and disinformation in the days following the US election. He cited stolen election claims and “woefully ineffective” management of a misleading live-streamed press conference. Facebook has declined to directly respond, but as we reported on Monday it has started to introduce “probation” as a measure to tackle the spread of disinformation within its groups.

(BBC News

Twitter could face its first GDPR penalty within days

European data protection regulators are closing in on a 2019 Twitter breach, after a majority of EU data supervisors agreed to back a draft settlement submitted earlier by Ireland’s Data Protection Commission. The breach affected Android users who had applied a setting to make their tweets non-public but may have had their data exposed to the public Internet since as far back as 2014. This breach falls under the GDPR, which can levy penalties of up to 4% of a company’s annual global turnover. 

(TechCrunch)

New ‘Ghimob’ malware can spy on 153 Android mobile applications

Kaspersky says this new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth (Guildama) operation, its developer. Distribution was never carried out via the official Play Store, but rather through emails or malicious sites that redirect users to websites promoting spoofed versions of Android apps including Google Defender, Google Docs, WhatsApp Updater, or Flash Update in order to seek out user credentials.

(ZDNet)

Cadbury’s chocolate involved in hamper scam

A fake Facebook group is using the lure of a free hamper of Cadbury chocolate to trick social media users into divulging their personal and financial details. The campaign is based around “Cadbury Rewards,” as part of a celebration of its 126 years in business as well as the upcoming holiday season. In reality, the company is 196 years old, having been founded in 1824. Victims are sent to a Cadbury-branded phishing page to enter their name, home address, phone number, email address and bank card details.

(InfoSecurity Magazine

Thanks to our sponsor, Blumira

Staffing a 24/7 full-time security operations center with trained security analysts isn’t a reality for many organizations. Blumira’s end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours with a free 14-day trial at Blumira.com.

Technical error blamed for Boris Johnson’s Biden tweet glitch

The UK government has blamed a technical error for a Boris Johnson tweet congratulating Joe Biden on his US election victory which faintly showed the name “Trump” in the background. Social media users commented on the discrepancy which also included the words “second term” buried in it. Government officials said two messages had been prepared before the result was known, and that the alternative one had been “embedded” in the other by mistake.

(BBC News)

5.8 million RedDoorz user records for sale on hacking forum

A threat actor is selling a database containing 5.8 million user records belonging to RedDoorz customers, on a hacker forum. RedDoorz is a Singapore-based hotel management and booking platform with over 1,000 properties across Southeast Asia. In September of this year it disclosed that it had suffered a data breach. The records, some of which have been confirmed by BleepingComputer as being real, include RedDoorz member’s email, hashed passwords, name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation

(Bleeping Computer)

Ex-Microsoft employee sentenced for $10 million fraud

Volodymyr Kvashuk, a 26-year-old Ukrainian residing in Renton, Washington, worked as a tester for Microsoft’s online retail sales platform, which enabled him to steal digital currency in the form of gift cards or Microsoft subscription codes and then resell them on the internet, using colleagues emails as a shield. A U.S. District Judge has ordered him to pay more than $8.3 million in restitution and serve nine years in prison, after which he may face deportation.

(CISO Mag)

Chrome to block tab-nabbing attacks

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. The new feature is scheduled to go live with Chrome 88, to be released in January 2021 in an effort to catch up with Apple and Mozilla. Tab-nabbing refers to situations when users click on a link, and the link opens in a new tab. These new tabs have access to the original page that opened the new link. Via the JavaScript “window.opener” function, the newly opened tabs can modify the original page and redirect users to malicious sites.(ZDNet)