AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/12/2023

Australian software giant won’t say if customers affected by hack 

Australian enterprise software company TechnologyOne has halted trading after confirming it was hit by a cyberattack. In a stock exchange filing on Wednesday, the Brisbane-based software maker said it had detected that “an unauthorized third-party acted illegally to access its internal Microsoft 365 back-office system.” TechnologyOne said the company’s customer-facing platform is not connected to the affected Microsoft 365 system and “therefore has not been impacted,” but when reached, the company would not say if any customer or employee data had been accessed as a result of the wider incident. 

 

How Apple catches leakers: From color changes to comma placement 

Yesterday saw @analyst941 delete his Twitter account, claiming that he had been forced to do so after Apple carried out a “multi-step sting” operation. Whether this is true, or just a face-saving story for getting things wrong, it is broadly consistent with what we know about how Apple catches leakers. Apple has so many methods of identifying leakers – some of them incredibly subtle – that we and others have to be extremely careful in order to protect our sources … 

 

Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term 

An ex-Ubiquiti engineer, Nickolas Sharp, was sentenced to six years in prison yesterday after pleading guilty in a New York court to stealing tens of gigabytes of confidential data, demanding a $1.9 million ransom from his former employer, and then publishing the data publicly when his demands were refused. Sharp had asked for no prison time, telling United States District Judge Katherine Polk Failla that the cyberattack was actually an “unsanctioned security drill” that left Ubiquiti “a safer place for itself and for its clients,” Bloomberg reported. In a court document, Sharp claimed that Ubiquiti CEO Robert Pera had prevented Sharp from “resolving outstanding security issues,” and Sharp told the judge that this led to an “idiotic hyperfixation” on fixing those security flaws. 

 

Let white-hat hackers stick a probe in those voting machines, say senators 

US voting machines would undergo deeper examination for computer security holes under proposed bipartisan legislation. Senators Mark Warner (D-VA) and Susan Collins (R-ME) this week introduced an amendment to the Help America Vote Act (HAVA) that would require the nation’s Election Assistance Commission to include penetration testing in its certification process of voting hardware and software. That tech would need to undergo pen testing before it could be used in elections. 

 

Toyota: Data on more than 2 million vehicles in Japan were at risk in decade-long breach 

A decade-long data breach in Toyota’s much-touted online service put some information on more than 2 million vehicles at risk, the Japanese automaker said Friday. Spanning from January 2012 to April 2023, the problem with Toyota’s cloud-based Connected service pertains only to vehicles in Japan, said spokesperson Hideaki Homma. The Connected service reminds owners to get maintenance checks and links to streaming entertainment and provides help during emergencies. It can call for help after a crash or locate a car that’s been stolen. No issues arising from the breach have been reported so far. 

 

Related Posts