AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/10/2023

Apple fixes two zero-days exploited to hack iPhones and Macs 

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company said when describing the issues in security advisories published on Friday. The first security flaw (tracked as CVE-2023-28206) is an IOSurfaceAccelerator out-of-bounds write that could lead to corruption of data, a crash, or code execution. 


Amazon Bans Flipper Zero, Claiming It Violates Policy Against Card Skimming Devices 

Amazon has banned the incredibly versatile Flipper Zero pen-testing tool on its platform, labeling it as a prohibited card-skimming device. The Flipper Zero almost looks like a kid’s toy, with a white and orange exterior and a picture of a dolphin on the top of the screen. But the device can be used for tasks like opening garage doors, altering price signs at gas stations, unlocking car doors, intercepting Bluetooth signals, or even gaining access to someone’s computer. Flipper Zero can also gain access to keyless entry codes, which are typically protected by RFID-controlled locks. 


All Dutch govt networks to use RPKI to prevent BGP hijacking 

The Dutch government will upgrade the security of its internet routing by adopting before the end of 2024 the Resource Public Key Infrastructure (RPKI) standard. RPKI, or Resource Certification protects against erroneous rerouting of internet traffic, maliciously or not, through cryptographic verification of the routes. The standard uses digital certificates to secure the Border Gateway Protocol (BGP) used for exchanging routing information and ensure that the traffic comes through the legitimate network operator controlling the IP addresses on the destination path. 


Tesla hit with class action lawsuit over alleged privacy intrusion 

A California Tesla owner on Friday sued the electric carmaker in a prospective class action lawsuit accusing it of violating the privacy of customers. The lawsuit in the U.S. District Court for the Northern District of California came after Reuters reported on Thursday that groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras between 2019 and 2022. 


MSI Confirms Cyberattack, Advises Caution With Firmware 

Gaming hardware manufacturer MSI confirmed today that it was the victim of a cyberattack. In a brief statement on its website, the company said that the attack hit “part of its information systems,” which have since returned to regular operations. The company advises its customers only to get BIOS and firmware updates from the MSI website and no other sources. It’s light on details, saying that after “detecting network anomalies,” MSI implemented “defense mechanisms and carried out recovery measures,” and then informed the the government and law enforcement. 


Kodi forum breach exposes user data 

A breach of the Kodi user forum has exposed the personal data of over 400,000 users. The web-based MyBB admin console was accessed — on February 16 and February 21 2023 — and the team says it first became aware of this when a dump of the forum’s database was found for sale on an internet forum. The database dump contains a wide range of user data, including names, email addresses, IP addresses, and passwords. The data was accessed using the account of a trusted but currently inactive member of the forum admin team. 


Overview of Google Play threats sold on the dark web 

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to official stores, such as Google Play. These are usually policed vigorously, and apps are pre-moderated before being published; however, the authors of malicious and unwanted software employ a variety of tricks to bypass platform checks. For instance, they may upload a benign application, then update it with malicious or dubious code infecting both new users and those who have already installed the app. Malicious apps get removed from Google Play as soon as they are found, but sometimes after having been downloaded a number of times. 

Related Posts