AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/03/2023

Reddit beats film industry, won’t have to identify users who admitted torrenting

Film companies lost another attempt to force Reddit to identify anonymous users who discussed piracy. A federal court on Saturday quashed a subpoena demanding users’ names and other identifying details, agreeing with Reddit’s argument that the film companies’ demands violate the First Amendment. The plaintiffs are 20 producers of popular movies who are trying to prove that Internet service provider Grande is liable for its subscribers’ copyright infringement because the ISP allegedly ignores piracy on its network. Reddit isn’t directly involved in the copyright case. But the film companies filed a motion to compel Reddit to respond to a subpoena demanding “basic account information including IP address registration and logs from 1/1/2016 to present, name, email address and other account registration information” for six users who wrote comments on Reddit threads in 2011 and 2018.

 

ChatGPT uncovers Mac malware on the Dark Web

A cybersecurity firm says it asked ChatGPT to find new Mac security threats, and after some delving, it found one sold on a Russian server. Guardz Cyber Intelligence Research (CIR) most recently uncovered ShadowVault, and reports that it has now followed up that find with a new one — made initially by AI. “In this follow-up post, Guardz CIR (Cyber Intelligence Research) team decided to leverage the power of AI, much like we do in our phishing protection service,” writes the team in a blog post, “We asked ChatGPT about additional mac-OS threats that lurk somewhere on the Dark Web.”

 

Critical Azure vulnerability another Microsoft security debacle: Tenable

A newly revealed vulnerability in Microsoft’s Azure cloud platform carries a critical severity rating, according to researchers from Tenable, prompting the cybersecurity vendor’s chief executive to renew his sharp criticisms of how Microsoft handles security issues in its platforms. “Microsoft wants everybody to trust them, but they have a great lack of transparency and a track record of irresponsibility when it comes to disclosing vulnerabilities and breaches,” Tenable chief executive Amit Yoran said in an interview with CRN.

 

DOD ‘years behind’ private sector in utilizing AI for cybersecurity, official says

The Department of Defense is “years behind” the private sector in implementing the use of artificial intelligence to help bolster its cybersecurity capabilities, a top official said Wednesday. Drew Malloy, technical director of the Cyber Development Directorate for the Defense Information Systems Agency, detailed the challenges DOD has faced in leveraging AI-based security solutions and said the defense agency was exploring ways to further operationalize emerging technologies into its cybersecurity practices. 

 

Cult of the Dead Cow Wants to Save Internet Privacy with a New Encryption Protocol

The Cult of the Dead Cow, one of the most influential hacktivist groups on the web, announced plans Wednesday to launch an end-to-end encrypted protocol that can be used for app development. cDc is calling its new tool Veilid and, from the initial descriptions, it sounds pretty friggin’ cool. On the group’s website, cDc members wrote: “Come do a hacktivism with the cDc, as we launch a THING that will once again change the world, with the style and chaos that only the herd can bring. Let us bless you with a revolutionary communications system that will disrupt the balance of power.”

 

FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022

In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022. Cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom called on organizations worldwide to address these security flaws and deploy patch management systems to minimize their exposure to potential attacks.

Related Posts