Infosec in brief We gather everyone's still easing themselves into the New Year.
While you're recovering from the Christmas break, Meta has been busy introducing fresh ways to monetize your web surfing habits while dressing it up as a user experience improvement.
The latest attempt to extract more sellable data comes in the form of link history, which lists the webpages you've visited using the browser built into Meta's apps.
Link history stores records for 30 days, can be used to recall pages previously read, and excludes links sent in messages.
There we have it: A new feature that's actually a way to boost targeted advertising after changes by Apple and others hobbled Meta's ability to collect info on its users.
If you don't want to be hit with adverts tailored to your browsing habits, see the above links to opt out.
There's no rest for security teams heading into 2024, with the past week bringing us several security fixes for critical vulnerabilities, including several newly-reported issues in Chrome.
The latest stable channel release for Chrome Desktop includes six security fixes, four of which Google singled out for recognition in the release notes.
If you missed it, Google-owned security firm Mandiant embarrassingly had its Twitter account hijacked this past week for a short while and turned into a pitch machine for cryptocurrency scams.
Another victim, web3 firm CertiK, was hit by a similar group of miscreants as well.
As in Mandiant's case, the CertiK's hijackers tried to trick the firm's crypto-conscious followers into falling for scams.
It's not entirely clear how either incident happened.
Apropos of nothing, we couldn't help but notice the chief exec of a collapsed crypto fund seemingly never existed in the first place.... Nigerian not-a-prince cuffed over BEC. A Nigerian national has been arrested and is awaiting extradition to the US on charges he defrauded two American charities out of more than $7.5 million via a business email compromise scheme.
According to the US Justice Department, Olusegun Samson Adejorin allegedly purchased a credential-stealing tool and used it to harvest details for the two charities, one in Maryland and the other in New York.
Using the stolen credentials, Adejorin allegedly asked the Maryland charity's bank to release large sums of cash to the New York charity.
This isn't immediately suspicious, as the New York charity used the Maryland one for investment services.
Withdrawals over $10,000 required approval from the Maryland charity, which Adejorin, allegedly having a foothold in both firms, was happy to provide.
The bank details, of course, weren't for the New York charity, but controlled by Adejorin, it is claimed.
It's not clear how Adejorin was caught, but if convicted, his sentence could be considerable.
Facing eight counts, the Nigerian could do up to 20 years for each of five wire fraud charges, five years for unauthorized access to a protected computer, and two years each for two counts of identity theft.
This Cyber News was published on go.theregister.com. Publication date: Mon, 08 Jan 2024 07:43:29 +0000