AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/17/2023

America’s original hacking supergroup creates a free framework to improve app security

Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, has built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, includes options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet. “We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”


You might be oversharing on Venmo, whether you planned to or not

Were you one of the first to join Venmo more than a decade ago? Or even more than a few year ago? If so, you might want to check your settings. According to a New York Times article, your mobile financial transactions might be available for public perusing. Not only that, you can likely snoop on people you know and on strangers to see where they’re hanging out, what they’re buying and how much money they’re spending. Why is this happening? According to Brian X. Chen, who wrote the New York Times article, it’s because the ability to make your transactions and contact list private has been available for only a couple of years.


Clorox takes servers offline, notifies law enforcement after ‘unauthorized activity’

Cleaning product giant Clorox announced a cybersecurity incident this week that forced it to take several systems offline. The company – which reported more than $7 billion in earnings in 2022 through its namesake cleaning product and several others like Pine Sol, Burt’s Bees and more – reported the incident in regulatory filings with the U.S. Securities and Exchange Commission (SEC) Monday. “The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems. After becoming aware of the activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline,” the company said in an 8-K filing.


NYC Bans TikTok on City Devices

The Big Apple is joining the TikTok ban bandwagon. New York City issued a new directive on Wednesday banning TikTok from city-owned devices and forcing local agencies to remove the app from its phones and tablets within 30 days. Starting today, anyone using a city-owned device or network is prohibited from downloading the app or accessing it via website. A City Hall spokesperson confirmed the new restrictions to Gizmodo and said they come on the heels of a review by New York City’s Cyber Command which determined the app “posed a security threat to the city’s technical networks and directed its removal from city-owned devices.”


CISA warns of critical Citrix ShareFile flaw exploited in attacks

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. Citrix ShareFile (also known as Citrix Content Collaboration) is a managed file transfer SaaS cloud storage solution that allows customers and employees to upload and download files securely. The service also offers a ‘Storage zones controller’ solution that allows enterprise customers to configure their private data storage to host files, whether on-premise or at supported cloud platforms, such as Amazon S3 and Windows Azure.


Why you should delete old accounts you no longer use

Deleting old digital accounts you no longer use is important for your online privacy and security, and here’s why: With every online account (yes, even old and ‘insignificant’ accounts), you continuously enrich your digital footprint, leaving behind a significant source of data for third parties to access and exploit. Any public-facing information in a dormant online account significantly increases the risk of data theft, non-consensual data use and even identity theft.

Related Posts