AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/05/2023

Microsoft Is Ending Windows 10 Updates 

Microsoft is finished with major updates to Windows 10, the tech giant said in a blog post Thursday. Windows 10 version 22H2 is the current and final version of the operating system, though Microsoft said it will continue to release monthly security updates for all Windows 10 editions until it reaches end of support on Oct. 14, 2025. Existing long-term servicing channel, or LTSC, releases will still receive updates beyond that end of support date, the company said. What does this mean for you? With no new Windows 10 feature updates coming, Microsoft is recommending you transition over to Windows 11. You can still use Windows 10 after the end-of-support date, but without additional security updates after that time, your PC will become more vulnerable to various security risks. 

 

How the feds caught a notorious credit card fraudster 

The U.S. government announced on Wednesday that it had dismantled “Try2Check”, a credit card checking operation that allowed cybercriminals involved with the bulk purchase and sale of stolen credit card numbers to see which cards were valid and active. Department of Justice prosecutors confirmed the indictment of Russian citizen Denis Gennadievich Kulkov, who is suspected of creating Try2Check in 2005. Kulkov is said to have made at least $18 million in bitcoin from the service, which not only victimized credit card holders and issuers, but also a prominent U.S. payment processing firm whose systems were exploited to conduct the card checks. 

 

EU Warns Apple About Limiting Speeds of Uncertified USB-C Cables for iPhones 

Last year, the EU passed legislation that will require the iPhone and many other devices with wired charging to be equipped with a USB-C port in order to be sold in the region. Apple has until December 28, 2024 to adhere to the law, but the switch from Lightning to USB-C is expected to happen with iPhone 15 models later this year. It was rumored in February that Apple may be planning to limit charging speeds and other functionality of USB-C cables that are not certified under its “Made for iPhone” program. Like the Lightning port on existing iPhones, a small chip inside the USB-C port on iPhone 15 models would confirm the authenticity of the USB-C cable connected. 

 

Russian hackers use WinRAR to wipe Ukraine state agency’s data 

The Russian ‘Sandworm’ hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team (CERT-UA) says the Russian hackers used compromised VPN accounts that weren’t protected with multi-factor authentication to access critical systems in Ukrainian state networks. Once they gained access to the network, they employed scripts that wiped files on Windows and Linux machines using the WinRar archiving program. 

 

The UK’s tortured attempt to remake the internet, explained 

At some point this year, the UK’s long-delayed Online Safety Bill is finally expected to become law. In the government’s words, the legislation is an attempt to make the UK “the safest place in the world to be online” by introducing a range of obligations for how large tech firms should design, operate, and moderate their platforms. As any self-respecting Verge reader knows, content moderation is never simple. It’s difficult for platforms, difficult for regulators, and difficult for lawmakers crafting the rules in the first place. But even by the standards of internet legislation, the Online Safety Bill has had a rocky passage. 

 
Ex-Uber CSO gets probation for covering up theft of data on millions of people 

Joe Sullivan won’t serve any serious time behind bars for his role in covering up Uber’s 2016 computer security breach and trying to pass off a ransom payment as a bug bounty. A San Francisco judge on Thursday sentenced the app maker’s now-former chief security officer to three years of probation plus 200 hours of community service, despite prosecutors’ pleas to throw Sullivan in the cooler. Late last month federal officials urged the judge to sentence Sullivan to 15 months in prison for covering up the theft of data from Uber’s IT systems and lying to watchdogs about the intrusion. “Corporate leaders are called upon to do the right thing even when it is embarrassing, even when it is bad for the company’s bottom line,” they said [PDF]. “Nobody, neither corporations nor the executives who lead them, is above the law.” 

Related Posts