AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/16/2024

Juniper warns of critical RCE bug in its firewalls and switches

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices’ J-Web configuration interfaces and tracked as CVE-2024-21591, this critical security flaw can also be exploited by unauthenticated threat actors to get root privileges or launch denial-of-service (DoS) attacks against unpatched devices. “This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory,” the company explained in a security advisory published Wednesday.

 

Senators want to know why the SEC’s X account wasn’t secured with MFA

Another lawmaker is pushing the Securities and Exchange Commission for more information about its security practices following the hack of its verified account on X. In a new letter to the agency’s Inspector general, Senator Ron Wyden, called for an investigation into “the SEC’s apparent failure to follow cybersecurity best practices.” The letter, which was first reported by Axios, comes days after the SEC’s official X account was taken over in order to post a tweet claiming that spot bitcoin ETFs had been approved by the regulator. The rogue post temporarily juiced the price of bitcoin and forced SEC chair Gary Gensler to chime in from his X account that the approval had not, in fact, happened. (The SEC did approve 11 spot bitcoin ETFs a day later, with Gensler saying in a statement that “bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity.”)

 

OpenAI’s policy no longer explicitly bans the use of its technology for ‘military and warfare’

Just a few days ago, OpenAI’s usage policies page explicitly states that the company prohibits the use of its technology for “military and warfare” purposes. That line has since been deleted. As first noticed by The Intercept, the company updated the page on January 10 “to be clearer and provide more service-specific guidance,” as the changelog states. It still prohibits the use of its large language models (LLMs) for anything that can cause harm, and it warns people against using its services to “develop or use weapons.” However, the company has removed language pertaining to “military and warfare.”

 

Hacker spins up 1 million virtual servers to illegally mine crypto

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.  As announced today by Europol, the suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for crypto-mining. By using the computing resources of others’ servers to mine cryptocurrency, the cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

 

Reddit must share IP addresses of piracy-discussing users, film studios say

In this week’s filing, the film studios claim that six Redditors’ IP address logs are “clearly relevant and proportional to the needs of the case” because the Reddit users all made comments that either establish “that Frontier has not reasonably implemented a policy for terminating repeat infringers sufficient for a safe harbor affirmative” or that “the ability to freely pirate without consequence was a draw to becoming a subscriber of Frontier.” Last year, a Reddit user wrote that they received 44 emails from Frontier threatening to cut off their service due to torrent downloads, but “if they didn’t do it after 44 emails … they won’t.”

 

Environmental Websites Hit by DDoS Surge in COP28 Crossfire

The 28th United Nations Climate Change Conference (COP 28), held in Dubai at the end of 2023, sparked an “unprecedented surge” in distributed denial of service (DDoS) attacks against environmental services. In its DDoS Threat Report for 2023 Q4, content delivery provider Cloudflare found a 61,839% spike in HTTP DDoS attack traffic targeting environmental services’ websites in the last quarter of 2023 compared with the same period in 2022. These attacks marked a shift from the previous domination of cryptocurrency-related DDoS attacks. DDoS attacks targeting environmental websites constituted half of all observed DDoS during that quarter.

Related Posts