AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/10/2023

Google teases Project IDX, an AI-infused code editing thing 

Google on Tuesday announced Project IDX, an AI-infused cloud-based integrated development environment. This super IDE “is a browser-based development experience built on Google Cloud and powered by Codey, a foundational AI model trained on code and built on PaLM 2,” wrote five Googlers who worked on the project in an announcement. PaLM 2 is one of Google’s large language models. “It’s designed to make it easier to build, manage and deploy full-stack web and multiplatform applications, with popular frameworks and languages,” the Googlers – Bre Arder, Kirupa Chinnathambi, Ashwin Raghav Mohan Ganesh, Erin Kidwell, and Roman Nurik – wrote. 


Electoral Commission apologises for security breach involving UK voters’ data 

Confidence in the UK’s electoral regulator has been thrown into question after it emerged a hostile cyber-attack accessing the data of 40 million voters went undetected for a year and the public was not told for another 10 months. The Electoral Commission apologised for the security breach in which the names and addresses of all voters registered between 2014 and 2022 were open to “hostile actors” as far back as August 2021. 


Microsoft Visual Studio Code flaw lets extensions steal passwords 

Microsoft’s Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers. These tokens are used for integrating with various third-party services and APIs, such as Git, GitHub, and other coding platforms, so stealing them could have significant consequences for a compromised organization’s data security, potentially leading to unauthorized system access, data breaches, etc. 


White House Offers Prize Money for Hacker-Thwarting AI 

The White House on Wednesday launched a competition offering millions of dollars in prize money for creating new artificial intelligence systems that can defend critical software from hackers. Competitors vying for some of the $18.5 million in prize money will need to design novel AI systems that quickly find and fix software vulnerabilities in electric grids, subways or other key networks that could be exploited by hackers, President Joe Biden’s administration said. 


The Yandex Leak: How a Russian Search Giant Uses Consumer Data 

In late January 2023, almost 45 GB of source code from the Russian search giant Yandex was leaked on BreachForums by a former Yandex employee. While the leak itself did not contain user data, it reportedly contained the source code for all major Yandex services, including Metrika, which collects user analytics through a widely used SDK, and Crypta, Yandex’s behavioral analytics technology.  


20 Hottest New Cybersecurity Tools At Black Hat 2023 

During the Black Hat 2023 conference this week in Las Vegas, just about every top security vendor is in attendance, and many of them have new cybersecurity tools to showcase. Out on the floor at the Mandalay Bay Convention Center, hundreds of cybersecurity companies have been touting products in key focus areas of the moment—such as XDR (extended detection and response), zero trust security and SASE (secure access service edge), cloud and application security, vulnerability management and threat intelligence. Prominent cybersecurity vendors that are showcasing new or recently unveiled products at Black Hat 2023 include Palo Alto Networks, Cisco Systems, Fortinet and SentinelOne. 


Related Posts