AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/19/2023

The tech companies scanning your face while you shop 

If you happen to miss the camera above the entrance, the sign will inform you. “FACIAL RECOGNITION & CCTV IN OPERATION ON THIS SITE” it declares in black letters as the automatic door slides to one side. When you enter, the camera scans the contours of your face, instantly cross-referencing it against a database of known shoplifters. Since you are a law-abiding citizen, the computer finds nothing. The video footage and any associated biometric data is instantly deleted. It does this hundreds of times a day, as customers filter in and out of the shop. 


Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients 

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a “dark pattern.” “The fact that Google Authenticator syncs to the cloud is a novel attack vector,” Snir Kodesh, Retool’s head of engineering, said. “What we had originally implemented was multi-factor authentication. But through this Google update, what was previously multi-factor-authentication had silently (to administrators) become single-factor-authentication.” 


Microsoft leaks 38TB of private data via unsecured Azure storage 

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository. Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information. Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke. 


Google Domains halts registrations as it waits for the Google Grim Reaper 

Google Domains has registered its last domain. Google announced in July that the service was getting shut down and that it had struck a deal with Squarespace to sell off the existing customer base. Part of that transition process means winding down the existing Google Domains functionality. 9to5Google was the first site to notice that you can no longer buy a domain through the service while it waits for the Google Grim Reaper to arrive. Google Domain’s homepage has a notice explaining that this all apparently went down a few days ago, saying, “On September 7, 2023 Squarespace acquired all domain registrations and related customer accounts from Google Domains. Customers and domains will be transitioned over the next few months.” You can still manage existing domains on Google Domains, but that’s it. 


One of the FBI’s most wanted hackers is trolling the U.S. government 

Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructure in the U.S. and elsewhere. The feds also accused him of being a “central figure” in the development and deployment of the notorious ransomware variants like HiveLockBit, and Babuk. Matveev is such a prominent cybercriminal that the FBI designated him as one of its most wanted hackers. Matveev, who the FBI believes he remains in Russia, is unlikely to face extradition to the United States. For Matveev, however, life seems to go on so well that he is now taunting the feds by making a T-shirt with his own most wanted poster, and asking his Twitter followers if they want merch. 


ThemeBleed exploit is another reason to patch Windows quickly 

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The ThemeBleed vulnerability was listed as CVE-2023-38146: a Windows Themes Remote Code Execution (RCE) vulnerability. 

Related Posts