AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/07/2023

The Pope’s Security Gets a Boost With Vatican’s MDM Move 

The world’s smallest and most antiquated army is taking a step towards modernizing its cyber defenses. Just ahead of the pre-Easter Holy Week for Catholics, Samsung announced that the Pontifical Swiss Guard (GSP) — the elite security force charged with protecting the Vatican and the Pope — is adopting the Knox Suite, a bundle of services for managing and securing mobile devices. 


Adobe Reset User Passwords as Precaution Against Data Breach Risks 

Adobe has sent password reset emails to users informing them that the company has changed the password associated with their Adobe ID, which may have been compromised in data breaches from other online sources. Services. Adobe, a leading software company known for its popular creative applications, has recently sent out an email to its users urging them to change their passwords. The email, which emphasizes the importance of privacy, explains that Adobe has taken proactive measures to protect user information after detecting events that may have put personal data at risk. 


Samsung workers made a major error by using ChatGPT 

Samsung workers have unwittingly leaked top secret data whilst using ChatGPT to help them with tasks. The company allowed engineers at its semiconductor arm to use the AI writer to help fix problems with their source code. But in doing so, the workers inputted confidential data, such as the source code itself for a new program, internal meeting notes data relating to their hardware. The upshot is that in just under a month, there were three recorded incidences of employees leaking sensitive information via ChatGPT. Since ChatGPT retains user input data to further train itself, these trade secrets from Samsung are now effectively in the hands of OpenAI, the company behind the AI service. 


Tesla Retail Tool Vulnerability Led to Account Takeover 

Designed with support for both employee and vendor logins, TRT stores various types of enterprise information, including financial information, details on Tesla locations, contact information, building plans, network circuit details, and details on local, ISP, and utility account logins. The application allows both internal and external account logins and uses for authentication a JSON Web Token (JWT) that specifies an email address cleared for manually defined user accounts, security researcher Evan Connelly explains“At Tesla’s scale, it would be hard to manually update that list every time an employee leaves. And in theory, it should be okay if past employees have access defined within a web app, as their IDP account would be disabled or deleted and thus unable to login to the app through Tesla’s internal IDP,” Connelly notes. 


Rilide browser extension steals MFA codes 

Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals credentials and can grab multi-factor authentication (MFA) codes. Dubbed Rilide by Trustwave researchers, the extension mimics the legitimate Google Drive extension while, in the background, it disables the Content Security Policy (CSP), collects system information, exfiltrates browsing history, takes screenshots, and injects malicious scripts. 


Related Posts