AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/01/2023

Many Public Salesforce Sites are Leaking Private Data 

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). The guest access feature allows unauthenticated users to view specific content and resources without needing to log in. 


What Are the NSA’s Top Security Concerns? 

Cybersecurity is important to business and industry, but it’s even more critical to our government, according to Rob Joyce, Director of the NSA’s cybersecurity wing, who gave RSA Conference attendees a rundown of the top threats and trends the agency has identified in the last year. Joyce began with what he says is “usually at the top of everybody’s mind when we start to talk about threats”—Ukraine and Russia. He offered some sobering statistics. In 2022, there were more than 2,000 cyberattacks from Russia, more than 300 of those against defense and security sectors, more than 400 against infrastructure such as energy and finance, and more then 500 against non-defense government entities. “That’s more than 10 cyberattacks a day going against a broad swathe of infrastructure,” noted Joyce. “In 2023, Ukraine is reporting more and more integrated cyber and kinetic attacks.” 


Hackers swap stealth for realistic checkout forms to steal credit cards 

Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. These payment forms are shown as a modal, HTML content overlayed on top of the main webpage, allowing the user to interact with login forms or notification content without leaving the page. When modals are active, the background content is sometimes dimmed or blurred to draw attention to the modal content. 


Cold storage giant Americold outage caused by network breach 

Americold, a leading cold storage and logistics company, has been facing IT issues since its network was breached on Tuesday night. The company said it contained the attack and is now investigating the incident that also affected operations per customer and employee reports. It also estimated that its systems will be down until at least next week, according to a memo seen by BleepingComputer and sent to customers earlier this week. 


Google wins court order to force ISPs to filter botnet traffic 

A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google. Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected about a cybergang known loosely as the CryptBot crew. Data that these CryptBot criminals are alleged to have plundered includes browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other PII (personally identifiable information). 


Italy Brings Back ChatGPT with New Data Security Measures 

ChatGPT, the popular language model developed by OpenAI, has resumed its services in Italy after implementing new privacy disclosures and controls for its users. The move comes after concerns were raised about the data privacy of users of the chatbot service. ChatGPT, which uses artificial intelligence and natural language processing to answer questions and hold conversations with users, was launched in 2022. However, the Italian government put a temporary ban on ChatGPT’s services last month following reports of potential privacy violations. After reviewing its practices and adhering to the recommendations proposed by Italian security authorities, OpenAI has now implemented new privacy controls and disclosures to ensure that user data is protected. 


Iran APT using ‘BellaCiao’ malware against targets in US, Europe and Asia 

An Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries. Researchers from cybersecurity firm Bitdefender attributed the malware to APT35/APT42 – also known as Mint Sandstorm or Charming Kitten – an advanced persistent threat group that is allegedly run by Iran’s Islamic Revolutionary Guard Corps (IRGC). Martin Zugec, technical solutions director at Bitdefender, told Recorded Future News that the malware developers named the malware BellaCiao as a reference to an Italian folk song about resistance fighting. 


G-7 should adopt ‘risk-based’ A.I. regulation, ministers say 

Group of Seven advanced nations should adopt “risk-based” regulation on artificial intelligence, their digital ministers agreed on Sunday, as European lawmakers hurry to introduce an AI Act to enforce rules on emerging tools such as ChatGPT. But such regulation should also “preserve an open and enabling environment” for the development of AI technologies and be based on democratic values, G-7 ministers said in a joint statement issued at the end of a two-day meeting in Japan. While the ministers recognized that “policy instruments to achieve the common vision and goal of trustworthy AI may vary across G-7 members,” the agreement sets a landmark for how major countries govern AI amid privacy concerns and security risks. 


As Europeans strike first to reign in AI, the US follows 

proposed set of rules by the European Union would, among other things. require makers of generative AI tools such as ChatGPT,to publicize any copyrighted material used by the technology platforms to create content of any kind. A new draft of European Parliament’s legislation, a copy of which was attained by The Wall Street Journal, would allow the original creators of content used by generative AI applications to share in any profits that result. The European Union’s “Artificial Intelligence Act” (AI Act) is the first of its kind by a western set of nations. The proposed legislation relies heavily on existing rules, such as the General Data Protection Regulation (GDPR), the Digital Services Act, and the Digital Markets Act. The AI Act was originally proposed by the European Commission in April 2021. 

Related Posts