AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/05/2023

Chrome extensions can steal plaintext passwords from websites 

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors, including some Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them. 


Everything You Wanted to Know About AI Security but Were Afraid to Ask 

From musing about self-driving cars to fearing AI bots that could destroy the world, there has been a great deal of AI hype in the past few years. AI has captured our imaginations, dreams, and occasionally, our nightmares. However, the reality is that AI is currently much less advanced than we anticipated it would be by now. Autonomous cars, for example, often considered the poster child of AI’s limitless future, represent a narrow use case and are not yet a common application across all transportation sectors. In this article, we de-hype AI, provide tools for businesses approaching AI and share information to help stakeholders educate themselves. 


LockBit ransomware gang allegedly leaks MoD data after hit on supplier 

The LockBit ransomware operation has leaked a tranche of data purloined from the UK’s Ministry of Defence (MoD) after an attack on a company called Zaun, a West Midlands-based supplier of metal fencing products that has supplied some of the UK’s key installations, thought to include the Porton Down research unit in Wiltshire and the Faslane nuclear submarine base in Scotland.  


Back to School Security Tips 

Let’s face it, our kids are going through life in a way that was quite frankly unimaginable – or science fiction – to us as we were growing up. I’m in my 40s, so my younger years saw computers only starting to appear in homes, and internet was dial-up. We learned as the platforms and technology grew. However, our kids have been online in some way, shape or form since they came into the world (true “digital natives”). You more than likely posted pics of your new baby as a semi-internet brag (no shame there). But for kids, both the internet and digital devices have always been an integral part of their lives – and are tied to the classroom as well. 


Okta: Hackers target IT help desks to gain Super Admin, disable MFA 

Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users. The attackers’ goal was to hijack highly-privileged  Okta Super Administrator accounts to access and abuse identity federation features that allowed impersonating users from the compromised organization. Okta provided indicators of compromise for attacks observed between July 29 and August 19. 


Hackers exploit MinIO storage system to breach corporate networks 

Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. MinIO is an open-source object storage service offering compatibility with Amazon S3 and the ability to store unstructured data, logs, backups, and container images of up to 50TB in size. Its high performance and versatility, especially for large-scale AI/ML and data lake applications, make MinIO a popular, cost-effective choice. 


Attackers accessed UK military data through high-security fencing firm’s Windows 7 rig 

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK’s most sensitive military and research sites. The LockBit Ransom group conducted the attack on the company’s network, and Zaun admitted the group may have exfiltrated 10GB of data. The company also confessed that the attack might have reached its server beyond the Windows 7 entry point. 

Related Posts