AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/14/2023

Congress is trying to stop discriminatory algorithms again 

US policymakers hope to require online platforms to disclose information about their algorithms and allow the government to intervene if these are found to discriminate based on criteria like race or gender. Sen. Edward Markey (D-MA) and Rep. Doris Matsui (D-CA) reintroduced the Algorithmic Justice and Online Platform Transparency Act, which aims to ban the use of discriminatory or “harmful” automated decision-making. It would also establish safety standards, require platforms to provide a plain language explanation of algorithms used by websites, publish annual reports on content moderation practices, and create a governmental task force to investigate discriminatory algorithmic processes.  

 

Apple re-releases zero-day patch after fixing browsing issue 

Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites. “Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly,” Apple said on Tuesday. The company added it would soon release fixed versions of the buggy updates and advised customers to remove them if they were experiencing issues while browsing the web after updating. 

 

Cybersecurity professional accused of stealing $9M in crypto 

The U.S. government accused a cybersecurity professional of hacking a cryptocurrency exchange and stealing around $9 million in cryptocurrency, in what looks like a case of an ethical hacker turning rogue, then trying to appear ethical again. In a press release on Tuesday, the U.S. Attorney’s Office of the Southern District of New York announced the indictment of Shakeeb Ahmed, 34, calling him “a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the attack.” It’s not said where Ahmed worked exactly. His LinkedIn profile says he is a senior security engineer at Amazon. August Aldebot-Green, a spokesperson for Amazon, told TechCrunch he is no longer employed at the company. 

 

British teens accused of hacks against Uber and Rockstar Games’s Grand Theft Auto 6 

A London court has heard that two British teens hacked and blackmailed a series of companies, causing millions of dollars worth of damage. As Reuters reports, Arion Kurtaj – now 18 years old – is accused of hacking Uber, fintech firm Revolut, and Grand Theft Auto videogame developer Rockstar Games last September. The Rockstar hack resulted in the leak of more than 90 videos of footage from the as-yet-unreleased “Grand Theft Auto 6”. But the damage done by the hacks is not limited to the spilling of video game secrets. 

 

Satellites lack standard security mechanisms found in mobile phones and laptops 

Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security mechanisms of satellites currently orbiting the Earth from an IT perspective. They analyzed three current low-earth orbit satellites and found that, from a technical point of view, only some modern security concepts were implemented. Various security mechanisms that are standard in modern mobile phones and laptops were not to be found: for example, there was no separation of code and data. Interviews with satellite developers also revealed that the industry relies primarily on security through obscurity. 

 

Orca Sues Wiz for ‘Copying’ Its Cloud Security Tech 

Israeli-US cloud security vendors Orca Security and Wiz are taking their competitive bad blood to court. Orca has filed suit against Wiz for patent infringement. Both companies offer tools to monitor cloud storage servers for cyberattacks, but Orca is suing Wiz for essentially stealing its whole business, reports on the new lawsuit said. Wiz has built its business on a simple business plan: copy Orca,” Orca said in the suit against Wiz. “This copying is replete throughout Wiz’s business and has manifest in myriad ways.” The case was filed in the US District court in Delaware on Wednesday, July 12. 

Related Posts