AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/29/2023

Tech Press Slowly Figuring Out That Banning TikTok Doesn’t Fix The Actual Problem 

The great TikTok moral panic of 2023 is largely a distraction. It’s a distraction from the fact we’ve refused to meaningfully regulate dodgy data brokers, who traffic in everything from your daily movement habits to your mental health diagnosis. And it’s a distraction from our corrupt failure to pass even a baseline privacy law for the internet era. Until the last few weeks, that’s been an oddly under-represented point in press coverage: namely that banning TikTok doesn’t actually fix the problem you’re claiming to fix if you’re not willing to regulate the data broker space more generally. In large part because Chinese and Russian intelligence (or U.S. governments seeking to avoid warrants) can simply pay data brokers for sensitive information anyway. 

 

Apple Issues Urgent Security Update for Older iOS and iPadOS Models 

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug.  

 

Hacker Agrees to Return $197 Million Stolen from Euler Finance 

On March 13th, Euler Finance, a decentralized lending platform, was hacked for a whopping $197 million. Euler Finance describes itself as “a non-custodial protocol on Ethereum that allows users to lend and borrow almost any crypto asset.” The day after the hack happened, Euler Finance issued an ultimatum to the hacker requesting if “90% of the funds are not returned within 24 hours” that Euler Finance will “launch a $1M reward for information that leads to your arrest and the return of all funds”. 

 

Microsoft lets generative AI loose on cybersecurity 

As a part of its continued quest to inject generative AI into all its products, Microsoft today introduced Security Copilot, a new tool that aims to “summarize” and “make sense” of threat intelligence. In a light-on-the-details announcement, Microsoft pitched Security Copilot as a way to correlate data on attacks while prioritizing security incidents. Countless tools already do this. But Microsoft argues that Security Copilot, which integrates with its existing security product portfolio, is made better by generative AI models from OpenAI — specifically the recently launched text-generating GPT-4. 

 

Tech Industry Bids to Tackle Cyber-Mercenary Epidemic 

Some of the biggest names in the IT industry have released a new set of principles which they hope will help to disrupt the menace of “cyber-mercenaries.” Industry group the Cybersecurity Tech Accord uses the term to refer to a growing number of companies dedicated to developing and selling offensive cyber capabilities, mainly to government customers. Citing reports that claim the market for these services has grown to at least $12bn over recent years, the group argued that these firms are undermining democratic values and making the digital world less secure. That’s because they often sell their services to autocratic governments who use them to spy on journalists, human rights activists, political dissidents and others, and because they actively research new zero-day vulnerabilities which are kept secret from the affected vendors. 

 

A Growing Goldmine: Your LinkedIn Data Abused For Cybercrime 

As of November 2022, LinkedIn is considered the largest platform catering to professionals and companies’ information with approximately 875 million users in over 200 countries. This focus on work-related information is one reason why cybercriminals are attracted to the site. It is a big pool in which where they can find heaps of data on users and organizations as a reference, and build sophisticated attacks with carefully constructed fake profiles that are difficult to distinguish from real people. In some cases, cybercriminals use artificial intelligence tools to create real-looking, AI-generated headshots. Advanced persistent threat (APT) group Lazarus has used LinkedIn for cybercriminal and espionage operations as recent as September 2022, targeting macOS users searching for jobs in the cryptocurrency industry. The group established initial contact with the victims via targeted private messages on the platform. In 2021, Nobelium APT threat actors targeted LinkedIn users with a Safari zero-day security gap. Through LinkedIn messaging, a spear-phishing campaign dubbed Ducktail targeted marketing and HR professionals to allow the group to take over Facebook Business accounts and abuse the ads function for malvertising deployments. 

Related Posts