AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/19/2023

Google’s turning off third-party cookies for 1 percent of Chrome users early next year 

Google has been talking about a plan for Chrome to block the third-party cookies that can track user activity across many different websites since 2020. Its stated intention at the time was to complete the shift within two years. Three years later, it hasn’t happened, as its proposals for replacement technology have been criticized by competitors and privacy advocates and scrutinized by regulators who want to know if they will give Google an unfair advertising advantage. 

 

10 Types of AI Attacks CISOs Should Track 

As CISOs work to future proof their cybersecurity strategy and infrastructure for tomorrow’s emerging threats, artificial intelligence (AI) attacks are looming large in their thoughts. Even without the hype that’s billowed around ChatGPT and generative AI’s skyrocketing popularity, AI risk has started to unfold as a growing concern among security researchers and pundits in 2023. Security advocates are warning CISOs that they’re fighting a two-front war when it comes to AI risk and resilience. Not only do they need to be wary of the threat posed by adversarial AI attacks against enterprise deployments of AI and machine learning (ML) models, but they must also defend themselves from a greater volume of attacks fueled by the bad guys’ use of AI in their offensive campaigns. 

 

Teen charged with hacking DraftKings bragged ‘fraud is fun,’ feds say 

Federal prosecutors on Thursday announced criminal charges against an 18-year-old Wisconsin man for a scheme to hack and sell access to user accounts of the sports betting site DraftKingsThe man, Joseph Garrison, is accused of working with others to steal about $600,000 from approximately 1,600 victim accounts during the November 2022 attack, according to the U.S. Attorney’s Office in Manhattan. DraftKings is not named in the criminal complaint against Garrison. But a person close to the company confirmed it was a target of the so-called credential stuffing attack. 

 

KeePass vulnerability allows attackers to access the master password 

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the master password. You absolutely do not want an attacker to get hold of your master password, since that is basically the key to your kingdom—aka “all your passwords are belong to us.” However, a researcher has worked out a way to recover a master password, and has posted KeePass 2.X Master Password Dumper on GitHub. 

 

TikTok users sue to stop app ban in Montana 

Five TikTok users are calling on a federal court to overturn Montana’s overall ban on the video sharing app, arguing that it violates their free speech rights. The lawsuit was filed just hours after Montana Governor Greg Gianforte signed the unprecedented prohibition into law on Wednesday. Gianforte said on Twitter that he endorsed the ban in order to “protect Montanans’ personal and private data from the Chinese Communist Party.” 

 

Apple Bans Employees From Using ChatGPT Amid Its Own AI Efforts 

According to a document seen by The Wall Street Journal and individuals who claim to be familiar with the matter, Apple is concerned that AI tools could leak the company’s confidential data. In addition to ChatGPT, Apple has barred staff from using GitHub’s Copilot, a tool that helps write code with autocompletion. Many businesses, such as banks, financial services, and healthcare institutions, have avoided adopting ChatGPT out of fear that their employees could inadvertently give the chatbot sensitive proprietary information. Samsung banned employee use of generative AI utilities like ChatGPT after discovering that staff had uploaded sensitive source code to the platform. 

Related Posts