AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/12/2024

Framework discloses data breach after accountant gets phished 

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework’s CEO into sharing a spreadsheet containing customers’ personally identifiable information (PII) “associated with outstanding balances for Framework purchases.” 


NIST researchers warn of top AI security threats 

As dozens of states race to establish standards for how their agencies use AI to increase efficiency and streamline public-facing services, researchers at the National Institute of Standards and Technology found that artificial intelligence systems, which rely on large amounts of data to perform tasks, can malfunction when exposed to untrustworthy data, according a report published last week. The report, part of a broader effort by the institute to support the development of trustworthy AI, found that cyber criminals can deliberately confuse or “poison” AI systems to make them malfunction by exposing them to bad data. And what’s more, according to the study, there’s no one-size-fits-all defense that developers or cybersecurity experts can implement to protect AI systems. 


So, are we going to talk about how GitHub is an absolute boon for malware, or nah? 

The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. Its popularity and utility ensures that the site is “relatively immune to Chinese censorship efforts,” according to the Electronic Frontier Foundation. GitHub’s reach, however, also makes its various services appealing to those looking to distribute malware to the largest possible audience. 


Resolution to get fit this year? How to Spot a Weight-Loss Scam 

Starting a new year comes for many of us with a resolution to get healthier and shed some pounds. Yet, with the rise in fitness enthusiasm, it’s essential to stay cautious about scams that promise quick and miraculous changes in weight loss and overall well-being. While these pitches persist throughout the year, January sees a surge in weight loss product promotions. Scammers advertise dubious weight loss pills, patches, or creams through telemarketing calls, text messages, social media, blogs, fake news sites, and banner ads, all promising incredible results. 


Child abusers are covering their tracks with better use of crypto 

For those who trade in child sexual exploitation images and videos in the darkest recesses of the Internet, cryptocurrency has been both a powerful tool and a treacherous one. Bitcoin, for instance, has allowed denizens of that criminal underground to buy and sell their wares with no involvement from a bank or payment processor that might reveal their activities to law enforcement. But the public and surprisingly traceable transactions recorded in Bitcoin’s blockchain have sometimes led financial investigators directly to pedophiles’ doorsteps. Now, after years of evolution in that grim cat-and-mouse game, new evidence suggests that online vendors of what was once commonly called “child porn” are learning to use cryptocurrency with significantly more skill and stealth—and that it’s helping them survive longer in the Internet’s most abusive industry. 


Texas School Safety Software Data Leak Endangers Student Safety 

A data leak involving Raptor Technologies, a Texas-based school safety software provider, exposed millions of sensitive records about students, parents, and staff. The leak, discovered by cybersecurity researcher Jeremiah Fowler, exposed personal information, incident response plans, infrastructure challenges, and documents about at-risk students, raising concerns about student privacy and school safety. The leak exposed around 4,024,001 records, exposing students to numerous security risks. 

Related Posts