AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/14/2021

Nation’s largest self-driving electric shuttle network launches

The country’s biggest fleet of low-speed, self-driving electric shuttles hit the road on Tuesday in a major step forward for the electric vehicle sector. The unveiling here adds momentum to an industry that is poised to get a significant boost from the Biden administration and Democrats in Congress. “We will write the next chapter in the world’s transportation history — in a time when we need a new chapter desperately,” said Tyler Svitak, executive director of the Colorado Smart Cities Alliance, a sponsor of the shuttle system. The fleet of nine driverless, zero-emission vehicles will shuttle Colorado School of Mines students and staff, as well as members of the public, from key spots in the city to various points on campus for at least the next year.

 

Crime data feared lost from Dallas police computer network

A massive amount of information on criminal cases dating to July 2020 has been lost from the Dallas Police Department computer database, authorities revealed on Wednesday. In a statement, the Dallas County District Attorney’s Office said the loss occurred in early April as the Dallas Police Department performed a data migration from a computer network drive. About 14 terabytes of the 22 terabytes lost were recovered, but the remaining eight terabytes are believed lost forever, according to the statement, and would have to be restored by new investigative work. Most up-to-date personal computers have hard-drive memory capacities ranging from a half-terabyte to two terabytes.

 

PrintNightmare vulnerability weaponized by Magniber ransomware gang

The operators of the Magniber ransomware have weaponized the infamous PrintNightmare vulnerability and are now attempting to breach Windows systems in South Korea. In a report published today by security firm CrowdStrike, the company said the attacks have been taking place since at least July 13. While several different vulnerabilities in the Windows Print Spooler service are collectively referred to as PrintNightmare, CrowdStrike said the attackers weaponized CVE-2021-34527. This is one of the two original PrintNightmare bugs that started this whole series of vulnerabilities, which is now getting close to around 10 different issues. Initially tracked and (believed to have been) patched in early June as CVE-2021-1675, researchers published proof of concept code to exploit this bug in late June. The proof-of-concept code was pulled down within hours after researchers realized it was exploiting a different issue, a much worse one, but by that time, the cat was out of the bag.

 

How to Find and Delete All Your Old, Unused Accounts

We all have accounts we no longer use, but some apps and websites make deleting your profile a pain. In those cases, simply ignoring them is an easier option. However, unused accounts are a major security threat—all it takes is one successful data break or credential-stuffing attack to potentially compromise your personal data, financial information, or private files. The only problem is, most of us can’t remember all the accounts we no longer use. Whether it’s the random web store you shopped at once three years ago, the lapsed streaming services you only used for the free trial, or the burner social media profiles you made, each of us has more unused accounts than we realize. Luckily, there are several resources to help you find, recover, and delete your unused, forgotten, or just hard-to-delete accounts.

 

macOS Big Sur 11.5.2 is here, but it doesn’t seem to do much

Today, Apple released a new version of its Mac operating system, macOS Big Sur. The new update is labeled macOS Big Sur 11.5.2, but there aren’t any new features or major security updates. Rather, macOS 11.5.2 focuses on “bug fixes.” In fact, these are Apple’s release notes for the latest version of Big Sur, in their entirety: macOS 11.5.2 includes bug fixes for your Mac. As you can see, the release notes do not specify which bugs have been fixed and mention no new features. Apple maintains a support page where it details the security updates within a given release, too. But that’s bare for this release. “This update has no published CVE entries,” it says. While Apple often (but not always) releases software updates for many or all of its platforms at the same time, macOS was alone today—at least in terms of public releases. Today also saw major new beta releases of iOS 15, watchOS 8, macOS Monterey, and more.

 

Hidden AirTags enable cybersecurity CEO to recover stolen electric scooter

Two hidden AirTags allowed the CEO of a cybersecurity company to successfully locate and recover his electric scooter, after it was stolen from outside a New York restaurant. He said that the police officers he approached for help with the recovery had never heard of AirTags, and initially refused any assistance …Trail of Bits CEO Dan Guido told the story in a series of tweets. My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down:  The theft occurred on Monday night. I went out to dinner and locked it to a grate with motorcycle handcuffs. I find them easier to use than a cable lock, but apparently I forgot to lock one cuff. It was gone after ~2 hours. No fear! The most important part of IR is preparation, and I hid two Airtags inside the scooter: one “decoy” in the wheel well and a second, more subtle, one inside the stem. Covered in black duct tape, they’re hard to see.

Related Posts