AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/06/2023

Slack’s private GitHub code repositories stolen over holidays

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022. The incident involves threat actors gaining access to Slack’s externally hosted GitHub repositories via a “limited” number of Slack employee tokens that were stolen.

How ChatGPT could become a hacker’s friend

The ChatGPT artificial intelligence bot has been causing a bit of a buzz lately thanks to its ability to answer questions, ask follow ups and learn from its mistakes. However, the research team at Cybernews has discovered that ChatGPT could be used to provide hackers with step-by-step instructions on how to hack websites. Using the Hack the Box cybersecurity training platform, researchers asked the bot how they would test a website’s vulnerabilities in a hypothetical penetration testing scenario. Chat GPT responded with five basic starting points for what to inspect on the website to look for vulnerabilities. By explaining what they saw in the source code, researchers then got the AI’s advice about which parts of the code to concentrate on. They also received examples of suggested code changes. After around 45 minutes of chatting with the bot, researchers were able to hack the test website.

JP Morgan must face suit from Ray-Ban maker after crooks drained $272m from accounts

A New York federal judge told JP Morgan Chase Bank this week that he would not toss a lawsuit accusing the bank of ignoring red flags when cybercrooks stole $272 million from the New York account of the company that makes Ray-Bans in 2019. In an opinion and order filed on Wednesday [PDF], US District Judge Lewis Liman dismissed claims that JP Morgan breached its contract and was negligent, but said that the Thai manufacturing subsidiary of international eyewear company EssilorLuxottica, Essilor Manufacturing (EMTC), can continue with a claim under New York contract law requiring banks to refund unauthorized payment orders from a customer. He dismissed a claim under the same law by its international parent firm, as well as common law claims for both, although Judge Liman said the companies could file an amended complaint with redrafted breach of contract claims.

Zoho urges admins to patch severe ManageEngine bug immediately

Business software provider Zoho has urged customers to patch a high-severity security flaw affecting multiple ManageEngine products. The bug, tracked as CVE-2022-47523, is an SQL injection vulnerability found in the company’s Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution. Successful exploitation provides authenticated attackers with access to the backend database and allows them to execute custom queries to access database table entries.

Ransomware Disruption at The Guardian to Last at Least a Month

A ransomware attack on one of the world’s oldest international newspapers at the end of 2022 will continue to cause operational issues for several more weeks, according to a new report. Threat actors struck The Guardian on December 20, forcing the London-based newspaper’s owner, the Guardian Media Group, to order staff to work from home. However, a new internal note from the group’s CEO, Anna Bateson, sent at the start of the new year, warned of more disruption to come, according to the Press Gazette. “This is a further update on the serious disruption to our network and IT systems that began before Christmas. As a result of the steps we took to secure our network, a number of key systems have been taken offline and remain unavailable,” it reportedly explained.

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. “Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely,” the Meta-owned company said. Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device.

Related Posts