Pete Recommends – Weekly highlights on cyber security issues, December 7, 2024

Subject: FTC Cracks Down on Tech Support Scams, Targeting Schemes That Prey on Cord Cutters
Source: Cord Cutters News
https://cordcuttersnews.com/ftc-cracks-down-on-tech-support-scams-targeting-schemes-that-prey-on-cord-cutters/

The Federal Trade Commission (FTC) is strengthening its fight against tech support scams with new rules that expand its authority to pursue scammers even when consumers initiate the call. This move aims to protect vulnerable individuals, particularly older adults and those navigating the world of cord-cutting, who are often targeted by these deceptive schemes.

Expanding the Telemarketing Sales Rule – The FTC has amended its Telemarketing Sales Rule to include “inbound” calls to companies offering tech support services through deceptive advertisements or direct mail solicitations. This means the FTC can now take action against scammers who lure consumers into calling them with false claims about computer viruses, malware infections, or other technical problems.

How the Scams Work – Tech support scams typically involve:

  • Deceptive Pop-ups or Emails: Scammers often use alarming pop-up messages or emails that mimic legitimate security alerts, claiming that the victim’s computer or device is infected.
  • Unsolicited Phone Calls: Scammers may also make unsolicited phone calls, posing as tech support representatives from well-known companies.
  • Requests for Payment: Once they have gained the victim’s trust, scammers will request payment for their “services” through untraceable methods like wire transfers, gift cards, or cryptocurrency.
Subject: $400M seized, 5,500 arrested in global operation targeting cyber fraud
Source: Help Net Security
https://www.helpnetsecurity.com/2024/12/02/haechi-v-interpol-global-operation-targeting-cyber-fraud/

A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to financial crimes and the confiscation of more than $400 million in virtual assets and government-backed currencies. The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, BEC fraud, and e-commerce fraud.

“While 5,500 arrests is significant, this likely represents lower-level operators in call centre-style operations rather than major cybercrime orchestrators. These groups target high volumes of victims for smaller payouts, rather than the larger ransomware payouts from more sophisticated actors. These operations typically operate at scale, stealing 1,000s of USD at a time, which then adds up, rather than a smaller number of big-time operations such as ransomware, which may net 100,000s of USD per target. …

More about
Subject: Details about the iOS Inactivity Reboot Feature
Source: Schneier on Security
https://www.schneier.com/blog/archives/2024/12/details-about-the-ios-inactivity-reboot-feature.html

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time.Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Tags: Apple, iOS, iPhone, law enforcement, reverse engineering

Subject: Catching Up with SAFECOM | An Education & Outreach Committee Quarterly Newsletter, Fall 2024
Source: CISA SAFECOM
https://content.govdelivery.com/accounts/USDHSCISA/bulletins/3c51a10

One entry is – Cloud computing offers myriad benefits to public safety organizations, though adoption of such technology may not be as easy as it seems. SAFECOM has released Considerations for Public Safety Cloud Computing Adoption to assist public safety practitioners in asking the key consideration questions. Composed of questions in a checklist format, the document guides practitioners through determining 1) needs and scope, 2) requirements, and 3) a questionnaire to solicit key information. While not all suggested considerations may apply to individual circumstances, they stimulate thought and initiate conversation with peers, leaders, and decision-makers. These considerations could assist public safety organizations at any stage of cloud adoption to ensure that their selection is operable, secure, resilient, and compliant with rules and regulations. LEARN MORE

Subject: CFPB Proposes Rule to Stop Data Brokers from Selling Sensitive Personal Data to Scammers, Stalkers, and Spies
Source: The Consumer Financial Protection Bureau
https://www.bespacific.com/cfpb-proposes-rule-to-stop-data-brokers-from-selling-sensitive-personal-data-to-scammers-stalkers-and-spies/

“The Consumer Financial Protection Bureau (CFPB) today proposed a rule to rein in data brokers that sell Americans’ sensitive personal and financial information. The proposed rule would limit the sale of personal identifiers like Social Security Numbers and phone numbers collected by certain companies and make sure that people’s financial data such as income is only shared for legitimate purposes, like facilitating a mortgage approval, and not sold to scammers targeting those in financial distress. The proposal would make clear that when data brokers sell certain sensitive consumer information they are “consumer reporting agencies” under the Fair Credit Reporting Act (FCRA), requiring them to comply with accuracy requirements, provide consumers access to their information, and maintain safeguards against misuse. “By selling our most sensitive personal data without our knowledge or consent, data brokers can profit by enabling scamming, stalking, and spying,” said…


Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: In blow to crypto collectives, judge rules venture backers must face claims
Source: Reuters
https://www.reuters.com/legal/government/column-blow-crypto-collectives-judge-rules-venture-backers-must-face-claims-2024-12-02/

Dec 2 (Reuters) – It’s hardly a secret that the crypto industry is counting on the incoming Trump administration to end the Biden administration’s campaign of regulatory enforcement actions. And who knows? Perhaps a more crypto-friendly president will work with Congress to develop laws and regulations to guide the industry’s growth.But in the meantime, federal judges continue to view some segments of the industry with skepticism. The latest example is a Nov. 18 ruling from U.S. District Judge Vince Chhabria of San Francisco, who found not only that a decentralized crypto collective could be liable for selling unregistered securities but also that a high-powered trio of venture capital funds must face investors’ claims because they were partners in the crypto collective.

Chhabria’s ruling, as Wachtell, Lipton, Rosen & Katz pointed out in client alert over the weekend, has exacerbated the liability risk for tokenholders in these decentralized autonomous organization, or DAOs, which have been touted as a way to distribute authority to a broad base of users but have been criticized by courts — including Chhabria in the Nov. 18 decision — as a device to evade U.S. regulation.

Chhabria took a dim view of all of the defendants’ arguments, as you would expect from an opinion that opened with the judge’s observation that the case raised “several new and important questions about the ability of people in the crypto world to inoculate themselves from liability by creating novel legal arrangements to profit from exotic financial instruments.”

But once you characterize the collective as a general partnership, the judge said, partners can be held liable for soliciting the sale of unregistered securities even if they, as individuals, did not issue the securities.

Subject: FTC Says Data Brokers Unlawfully Tracked Protesters and US Military Personnel
Source: WIRED
https://www.wired.com/story/ftc-mobilewalla-gravy-analytics-orders/

The FTC is targeting data brokers that monitored people’s movements during protests and around US military installations. But signs suggest the Trump administration will be far more lenient.

The United States Federal Trade Commission is taking action against two American data brokers accused of unlawfully trafficking in people’s sensitive location data. The data was used, the agency says, to track Americans in and around churches, military bases, and doctors’ offices, among other protected sites. It was sold not only for advertising purposes but also for political campaigns and government uses, including immigration enforcement.Mobilewalla, a Georgia-based data broker that’s said to have digitally tracked the residents of domestic abuse shelters, is accused by the agency of purposefully tracking protesters in the wake of George Floyd’s murder in 2020. In a court filing, the FTC says Mobilewalla attempted to unmask the protesters’ racial identities by tracking their mobile devices to, for example, Hindu temples and Black churches.The FTC also accused Gravy Analytics and its subsidiary Venntel of harvesting and exploiting consumers’ location data without consent, alleging that the company used that data to unfairly infer health decisions and religious beliefs.

Filed: https://www.wired.com/category/security/

Subject: How to prep your iPhone for unexpected medical emergencies
Source: PopSci
https://www.bespacific.com/how-to-prep-your-iphone-for-unexpected-medical-emergencies/

PopSci – “While we hope you all live long and healthy lives without experiencing a  medical emergency, they do happen—and if one happens to you or someone close to you, then you want to be as prepared as possible. The iPhone has a few features that can help. You can log key health details on the handset, which will then be available to emergency responders, if required. There are also a couple of tricks worth knowing for making emergency calls. This prep doesn’t take long, and should something serious happen to you, you’ll then stand the best chance of getting the help you need. Here’s how to get everything set up so your iPhone is ready for an emergency.
–Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Subject: Six password takeaways from the updated NIST cybersecurity framework
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/

[Sponsored Content at the web site]

Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections.Don’t have time to read the 35,000-word guidelines? No problem. Here are the six takeaways from NIST’s new guidance that your organization needs to know to create password policies that work.

Filed: https://www.bleepingcomputer.com/news/security/

Subject: Google introduces ‘undo backup’ feature for Google Photos app
Source: Android Headlines
https://www.androidheadlines.com/2024/12/google-photos-undo-backup-feature-app.html

The introduction of the Undo Backup feature is a game-changer for users who rely heavily on cloud storage but occasionally need to declutter. Furthermore, it ensures that managing backups doesn’t compromise your device’s stored files.

While iOS users are already benefiting from the feature, Android users will have to wait a little longer. Google has confirmed that the rollout is imminent.

LinkedIn
Posted in: Cryptocurrency, Cybercrime, Cybersecurity, Privacy