AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/20/2023

Ukraine takes down massive bot farm, seizes 150,000 SIM cards 

The Cyber ​​Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. The bots were used to push Russian propaganda justifying Russia’s war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities. In a joint operation, the cyber police and units of the Ukrainian National Police executed 21 search operations in Vinnytsia, Zaporizhzhia, and Lvivand.  

 

Two Jira Plugin Vulnerabilities in Attacker Crosshairs 

Attackers are apparently trying to exploit two path traversal vulnerabilities in the ‘Stagil navigation for Jira – Menus & Themes’ plugin, the SANS Internet Storm Center warns. Distributed via the Atlassian marketplace, the plugin allows users to customize their Jira instance with a custom navigator, sub-menus, and other elements. Tracked as CVE-2023-26255 and CVE-2023-26256, the two high-severity flaws were disclosed in February 2023, and were addressed with the release of version 2.0.52 of the plugin. The bugs allow an attacker to modify the fileName parameter of the snjCustomDesignConfig and snjFooterNavigationConfig endpoints to traverse and read the file system. 

 

Microsoft expands access to cloud logging data for free after Exchange hacks 

Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts. This wider availability comes after Chinese hackers stole a Microsoft signing key that allowed them to breach corporate and government Microsoft Exchange and Microsoft 365 accounts to steal email. While it is still unknown how the key was stolen, the US government, who first detected these attacks, used Microsoft’s advanced logging data to detect the intrusions and report them to Microsoft. 

 

Hackers Could Deactivate Your WhatsApp Account With A Simple Email 

It has been reported that any individual could potentially deactivate a WhatsApp account by sending an email, and currently, there is no known method to prevent this from happening. This information has been shared with all WhatsApp users. The fact that WhatsApp offers complete end-to-end encryption (E2EE) contributes in some way to its popularity as one of the most popular messaging services available. However, if E2EE isn’t backed by strong safeguards against unauthorized access to user accounts, it is ineffective as a standalone security feature. 

 

Apple GPT Reportedly Being Tested As Company Aims To Compete With OpenAI, Google, New Framework Developed Too 

After Apple restricted employees from using ChatGPT out of fear that engaging with the Large Language Model would leak information about the company’s future products, the California-based firm is reportedly working on Apple GPT and has a framework in place that will allow the development of LLMs. Apple has developed the ‘Ajax’ framework, with Bloomberg’s Mark Gurman reporting that AI has become a top priority for the company as it aims to obtain a lead against entities like OpenAI and Google. The framework will be used to develop large language models similar to ChatGPT and Microsoft’s Bing, with the company’s engineers referring to their in-house chatbot as Apple GPT. Though the product is in the works, Gurman claims that Apple does not have a ‘clear strategy’ on what the program will do for consumers. 

 

Estee Lauder Breached by Two Ransomware Groups 

Estee Lauder has become the latest big name to suffer an apparently serious ransomware breach, after two groups claimed to have compromised the firm. The cosmetics giant was posted to the leak site of both the Alphv/BlackCat and Clop ransomware gangs, according to security researchers on Twitter. Researcher Dominic Alvieri was just one of many citing the news. The posts appear to have gone live on Tuesday July 18. New York-headquartered Estee Lauder – which counts brands such as DKNY, Jo Malone, Tommy Hilfiger and Aveda among its portfolio – published a brief statement on the same day. 

 

Google’s new security pilot program will ban employee Internet access 

The Internet is dangerous, so what if you just didn’t use it? That’s the somewhat ironic recommendation Google, one of the world’s largest Internet companies, is making to its employees. CNBC’s Jennifer Elias reports that Google is “starting a new pilot program where some employees will be restricted to Internet-free desktop PCs” while they work. An internal memo seen by CNBC notes that “Googlers are frequent targets of attacks” by criminals, and a great way to combat that is to not be on the Internet. 

Related Posts