Top infosec trends in the social media spotlight this week

Firefox users were up in arms last weekend, as it became apparent that the majority of add-ons for the popular web browser had either stopped working or were failing to install.

One week on, and with functionality now restored, the developers have issued an initial post-mortem of the incident, which resulted from one of the certificates being used to sign add-ons being allowed to expire.

“We strive to make Firefox a great experience,” said vice president of engineering, Joe Hildebrand. “Last weekend we failed, and we’re sorry.”

Firefox’s chief technology officer, Eric Rescorla, has shared further technical details of the outage, along with offering assurances that the developers are working hard to avoid anything similar happening again.

Of course, this came after no shortage of criticism from users.

“The add-on fiasco was amateur night,” one Reddit user said. “If you implement a system reliant on certificates, then you better be damn sure, redundantly damn sure, mission critically damn sure, that it always works.”

Others, however, were a little more forgiving, and quick to praise the Firefox development team for their incident response efforts.

‘HamasCyberHQ.exe has been removed’

An air strike by the Israel Defense Forces (IDF) in retaliation for a cyber-attack by Hamas has raised questions over when – or whether – such a response can be justified.

Last weekend, according to the IDF, Israel was subject to a relatively unsophisticated cyber-attack and retaliated with a physical strike on the alleged hackers.

The above tweet makes it clear that Israel regards the cyber-attack as an act of war, but some have argued that the action sets a dangerous precedent.

Following the incident, The Daily Swig’s Emma Woollacott takes a closer look into this complex and highly political issue.

Scamming the scammers

Scamming operations once again fell into the spotlight this week, first with the Australian Cyber Security Centre warning that fraudsters are impersonating ACSC staff over the phone.

“These scammers try to coax individuals into actions that could compromise computers or reveal bank information,” an advisory read.

“The scammers ask you to enter a URL in your web browser and provide your bank account details, and sometimes they try to entice you to transfer money – in one case, scammers asked for $20,000 to be transferred.”

The center’s advice to consumers was clear:

In Asia, the special anti-fraud unit of the Hong Kong police stopped HK$700 million ($90 million) worth of payments to local and international fraudsters using internet and phone scams in the first quarter of the year.

According to the South China Morning Post, the anti-fraud squad handled 6,200 calls in the first three months of the year, up 25% on the same period in 2018.

Elsewhere, YouTuber Jim Browning revealed fresh insight into how tech support scammers operate, as he posted a must-watch video that features fraudsters’ webcam footage, WhatsApp chat logs, and the results of his open source intelligence-gathering efforts.

“Over the past six months, I have had unprecedented access to a scam call center,” Browning said in the video, which has already received close to a million views. “All of the victims have fallen victim to a pop-up scam.”

Although he received no response from the Kolkata Cyber Police, Browning explains how he was able to change the scammers’ automated messaging service to warn victims, before draining the illicit operation of its funds.

Turning security data into an art form

And finally this week, Trend Micro has taken an interesting approach to help illustrate the scale of prevalent cybersecurity issues by commissioning world-renowned artists to transform its security data into works of art.

Created with real data from Trend Micro, the security organization has released the first five in a series of visualizations under the #ArtOfCybersecurity initiative – perfect for anyone in search of some new, infosec-themed desktop wallpaper.

In search of some weekend listening? Look no further than SwigCast, a new security podcast from The Daily Swig. Episode 1 is out now.