AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/01/2023

Google Removes ‘Pirate’ URLs from Users’ Privately Saved Links 

To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google’s search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to “moderate” users’ privately saved links collections. 


NYC subway security flaw seemingly exposes ‘impossible’ Apple Pay vulnerability 

An inexcusable NYC subway security flaw has been revealed, allowing anyone with knowledge of a user’s credit card number and expiry date to track all journeys made within the past seven days. But what’s far more concerning is that the vulnerability applies to journeys where Apple Pay was used to tap into stations, despite the fact that this should be completely impossible. While most metro subway systems began by requiring dedicated transit cards, most now also accept contactless payment cards, which also allows Apple Pay to be used. To further streamline the process of passing through entry and exit barriers, Apple later introduced Apple Pay Express Transit. 


VMConnect supply chain attack continues, evidence points to North Korea 

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.  


This WordPress plugin with 5 million users could have a serious security flaw 

Cybersecurity researchers from Patchstack recently discovered a high-severity flaw in a popular extension for WordPress, which allows threat actors to exfiltrate sensitive information from vulnerable websites. The vulnerability is tracked as CVE-2023-40004, and is described as allowing unauthenticated users to access and tweak token configurations. The flaw was found in an extension called All-in-One WP Migration, which has five million active installations.  


Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military 

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.” Some aspects of the malware were uncovered by the Security Service of Ukraine (SBU) earlier in August, highlighting unsuccessful attempts on part of Russian adversaries to penetrate Ukrainian military networks and gather valuable intelligence. 


Apple finally admits the CSAM scanning flaw we all pointed out at the time 

We first learned of Apple’s CSAM scanning plans when they were leaked shortly before the company announced them in August 2021. Cryptography and security expert Matthew Green tweeted the plans, saying it was a bad idea. The leak – which didn’t include details of the protections Apple has against false positives – meant that four concerns were raised ahead of the announcement. Security experts continued to raise concerns even after the announcement, as did many of Apple’s own employees. Apple responded both on and off the record, before announcing that plans to roll out the feature had been paused. 

Related Posts