AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/30/2023

WiFi protocol flaw allows attackers to hijack network traffic

Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, and management data. These frames are ordered in queues and transmitted in a controlled matter to avoid collisions and to maximize data exchange performance by monitoring the busy/idle states of the receiving points.

 

Elon Musk, Steve Wozniak Join AI Experts In Pushing To ‘Pause Giant AI Experiments’

The race for building a better AI product is white hot, but some of the biggest names in the world of technology and academic research are now demanding a “pause and reflect” moment. The likes of SpaceX chief Elon Musk, Apple co-founder Steve Wozniak, CEOs at some of the most extensive AI labs, academics, and scientists have signed an open letter titled “Pause Giant AI Experiments: An Open Letter” that wants “all AI labs to immediately pause for at least 6 months the training of AI systems more powerful than GPT-4.”

 

CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers

On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. The CrowdStrike Falcon® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike® Falcon OverWatch™ helps customers stay vigilant against hands-on-keyboard activity.

 

US commits $25 million to Costa Rica for Conti ransomware recovery

The U.S. government is sending $25 million to the government of Costa Rica to help the country recover from a devastating ransomware attack last year that crippled several key agencies. In May 2022, Costa Rica’s newly elected president Rodrigo Chaves declared a state of emergency after the now-defunct Conti ransomware group severely damaged the Ministry of Finance, the Ministry of Public Works and Transport and the Costa Rican Social Security Fund. The gang posted messages openly calling for the overthrow of the government before demanding a $20 million ransom. On Wednesday, a senior White House official said that using funding from the State Department, the U.S. government would be committing $25 million to Costa Rica’s cybersecurity efforts after a direct request from Chaves. The funding will be used to secure the country’s networks and defend its critical infrastructure.

 

Microsoft planning to block outdated Exchange servers

Outdated and completely unsupported versions of Exchange Servers pose an undeniable danger to corporate infrastructure and to mail flow. However, many administrators still believe in the proverb “if it ain’t broke — don’t fix it”, and prefer not to update Exchange unless absolutely necessary. And this appears to be why Microsoft decided to develop its transport-based enforcement System for Exchange Online.

 

US sends million-dollar scammer to prison for four years

The US Department of Justice has announced that it has sentenced a Nigerian man to prison for his part in a cybercrime ring that targeted individuals and businesses for over five years. 31-year-old Solomon Ekunke Okpe, of Lagos, was a member of a gang that devised and executed a variety of scams – including business email compromise (BEC), romance scams, working-from-home scams, and more – between December 2011 and January 2017. Targeting unsuspecting members of the public as well as banks and businesses in the United States and elsewhere, Okpe and his co-conspirators are said to have intended to cause “more than a million dollars in losses” to their US victims – although it’s not clear from the DoJ’s statement whether this was achieved.

Related Posts