AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/29/2023

Two Men Arrested Following Poland Railway Hacking

“The two men arrested are Polish citizens,” said Tomasz Krupa, a police spokesman in the eastern city of Bialystok where the arrest occurred. Police also seized radio equipment from the apartment where the men, who are 24 and 29 years of age, were detained. On Friday night, the radio communication network of the Polish PKP railway was hacked near the northwestern city of Szczecin leading to the issuing of several stop signals which brought to a standstill or delayed some 20 trains. Traffic resumed a few hours later, according to PKP. The attacks continued on Saturday and Sunday in other parts of the country, without posing major problems to traffic.


Authentication Outage Underscores Why ‘Fail Safe’ Is Key

One week ago today, social media accounts for the information-system services at several universities and colleges starting lighting up with advisories to students: Duo, Cisco’s popular authentication service, was suffering from performance issues, preventing them from logging into their accounts. “DUO is experiencing a systemwide outage, which may impact the ability to log in to GU systems,” stated Georgetown University’s Information Services on X, formerly known as Twitter. The school updated students two hours later: “DUO performance is slowly improving, but DUO is still reporting issues affecting the university’s two-factor authentication for all Georgetown systems.”


Microsoft blames ‘unsupported processor’ blue screens on OEM vendors

Microsoft says the recent wave of blue screens impacting some Windows users is not caused by issues in its August 2023 optional updates. Instead, the company implies that the root cause is an incompatibility problem with the affected devices’ firmware and asks those impacted by the issue to reach out to the CPU manufacturer for a solution. “After investigating these reports, we have found that the ‘UNSUPPORTED_PROCESSOR’ error was not caused by issues in KB5029351 and is limited to a specific subset of processors,” Microsoft said.


Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. “This development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale,” the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter).


Global cybercrime treaty could be ‘disastrous for human rights,’ NGOs warn

Human rights organizations are raising alarms about a United Nations cybercrime treaty being negotiated this week in New York, warning that the rules could expand the surveillance power of governments and give dictatorships further tools of repression. Delegates from across the U.N. descended on Manhattan this week for the final negotiation sessions of the treaty — an effort kicked off by Russia in 2017 to develop global rules addressing the thorny issue of transnational internet crimes. Representatives for Human Rights Watch, Electronic Frontier Foundation, Access Now, Kenya ICT Action Network, Article 19 and Privacy International held a press conference Wednesday on the sidelines to highlight a range of issues they have with the current draft of the treaty.


Easy-to-exploit Skype vulnerability reveals users’ IP address

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The security vulnerability has been discovered by a security researcher named Yossi, who privately reported it to Microsoft and demonstrated its effective exploitation to journalist Joseph Cox. Vulnerability specifics have not been publicly shared since it has yet to be patched, but Cox says it’s “trivially easy to exploit and involves changing a certain parameter related to the link.”


Related Posts