AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/20/2023

Threat Actor Claims Major TransUnion Data Breach 

A notorious threat actor linked to previous big-name breaches has released several gigabytes of personal data stolen from credit agency TransUnion, researchers have claimed. An individual who goes by the moniker “USDoD” posted a 3GB database containing the personally identifiable information (PII) of 58,505 individuals, according to Vx-underground. Although there’s no information on whether those are customers or employees, given the size of the company, at least some of the PII taken would appear to be from customers. 


Thousands of Juniper Appliances Vulnerable to New Exploit 

Threat intelligence firm VulnCheck has published details on a new exploit targeting a recent Junos OS vulnerability and says that thousands of Juniper Networks appliances that have not been patched are at risk. The flaw, tracked as CVE-2023-36845, is described as a PHP environment variable manipulation issue in the J-Web interface of Juniper’s SRX series firewalls and EX series switches running specific Junos OS versions. 


International Criminal Court says hackers accessed its systems 

The International Criminal Court (ICC) has said it experienced a cyberattack last week after hackers accessed its internal systems. The ICC, headquartered in The Hague, Netherlands, is the only permanent war crimes tribunal. Established in 2002, the court is currently investigating crimes against humanity in Ukraine. The organization on Tuesday confirmed that it had detected “anomalous activity affecting its information systems.” 


UK Passes Online Safety Bill Restricting Social Media Content 

Years in the making, the UK’s Online Safety Bill has passed its final hurdles and is heading into law, to a very mixed reaction. The bill is designed to hold social media companies to account, but has spread in scope and ambition over the years. To be enforced by regulator Ofcom, it requires companies – small as well as large – to remove illegal content and prevent underage children from seeing harmful material. However, it has gradually amassed further offenses along the way, from cyberflashing to animal cruelty and online fraud. 


Clorox warns of “material impact” to its financial results following cyberattack 

Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a “material impact” after hackers attacked its systems. In mid-August, Clorox revealed that its IT systems had been taken offline and its operations “temporarily impaired” after “unauthorised activity” on its network. As a consequence, Clorox put emergency plans into operation and began manually processing and shipping orders from its manufacturing facilities. 


GitLab Rolls Out Emergency Security Update for Critical Pipeline Vulnerability 

GitLab, a popular web-based open-source platform for software project management and work tracking, has rolled out emergency security updates to fix a critical vulnerability that could affect millions of users. The vulnerability, tagged as CVE-2023-4998, carries a CVSS v3.1 score of 9.6 and affects the GitLab Community Edition (CE) and Enterprise Edition (EE) versions ranging between 13.12 and 16.2.7, and versions 16.3 through 16.3.4. The vulnerability was discovered by security researcher Johan Carlsson. In August, GitLab had identified and fixed a medium-severity issue, tracked as CVE-2023-3932. 

Related Posts