AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/2/2024

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality  

CloudSEK’s threat research team has reported a critical exploit affecting Google services, allowing threat actors to generate Google cookies continuously while ensuring continuous access to Google services even after a user performs a password reset. In a technical report, CloudSEK shared details of the exploit. On October 20, 2023, CloudSEK’s AI digital risk platform XVigil discovered that on the Telegram channel, a developer/threat actor PRISMA had released a 0-day solution to address issues with incoming sessions of Google accounts. 


Cyberattack on Massachusetts hospital disrupted records system, emergency services 

The string of damaging cyberattacks against U.S. healthcare facilities continued this week as an incident knocked out the electronic health records system at a Massachusetts hospital and caused the facility to turn away ambulances on Christmas Day. Anna Jaques Hospital, about 35 miles north of Boston, was “open to all patients” on Friday as it continued to recover from the attack, a spokesperson told WCVB-TV. Reports said the hospital resumed accepting ambulances on December 26. 


Google settles $5 billion privacy lawsuit over tracking people using ‘incognito mode’ 

Google has agreed to settle a $5 billion privacy lawsuit alleging that it spied on people who used the “incognito” mode in its Chrome browser — along with similar “private” modes in other browsers — to track their internet use. The class-action lawsuit filed in 2020 said Google misled users into believing that it wouldn’t track their internet activities while using incognito mode. It argued that Google’s advertising technologies and other techniques continued to catalog details of users’ site visits and activities despite their use of supposedly “private” browsing. 


U.S. intelligence officials determined the Chinese spy balloon used a U.S. internet provider to communicate 

U.S. intelligence officials have determined that the Chinese spy balloon that flew across the U.S. this year used an American internet service provider to communicate, according to two current and one former U.S. official familiar with the assessment. The balloon connected to a U.S.-based company, according to the assessment, to send and receive communications from China, primarily related to its navigation. Officials familiar with the assessment said it found that the connection allowed the balloon to send burst transmissions, or high-bandwidth collections of data over short periods of time. 


China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks 

Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for developing ransomware using ChatGPT. This is the country’s first instance involving the popular yet officially banned chatbot. The arrests should not come as a surprise, as cybercriminals have been eager to exploit the AI chatbot for malicious purposes. Those who could not exploit it have created their own versions of the malicious ChatGPT, infamously known as WormGPT and FraudGPT. According to the South China Morning Post (SCMP), the cyber attackers came under the authorities’ radar after an unidentified company in Hangzhou reported a cybercrime. The hackers demanded 20,000 Tether to unblock/restore access to their systems. 


Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data 

Three cybersecurity researchers from Technische Universität Berlin (Technical University of Berlin/TU Berlin) have successfully hacked Tesla’s autopilot system. Their exploit, achieved with relatively inexpensive equipment, grants access to internal hardware and even unlocks a hidden “Elon mode” with enhanced capabilities. TU Berlin’s doctoral students Christian Werling, Niclas Kühnapfel, and Hans-Niklas Jacob used tools costing around €600 (£520 – $660) to root the ARM64-based circuit board of Tesla’s autopilot. This allowed them to extract arbitrary code and user data, including cryptographic keys and important system parts. They also accessed a deleted GPS coordinates video as it wasn’t overwritten.  

Related Posts