AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/29/2024

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist 

The Akira ransomware gang is claiming responsiblity for the “cybersecurity incident” at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including “a lot of personal documents” such as passport scans. Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira’s affiliate likely had access to a system containing staff-related data. Company documents relating to accounting, finances, tax, projects, and clients are also said to be included in the archives grabbed by the cybercriminals, who are threatening to make the data public soon. There is still no evidence to suggest customer data was exposed. 


The NSA buys Americans’ internet data, newly released documents show 

The National Security Agency has been buying Americans’ web browsing data from commercial data brokers without warrants, intelligence officials disclosed in documents made public by a US senator Thursday. The purchases include information about the websites Americans visit and the apps that they use, said Oregon Democratic Sen. Ron Wyden, releasing newly unclassified letters he received from the Pentagon in recent weeks confirming the sales. 


Major vulnerability found in Cisco software could allow remote attacker to launch malware 

Cisco has reported a critical vulnerability in some of its most widely-used software, and has urged users to patch their endpoints immediately. In a security advisory, Cisco said it addressed an improper processing of user-provided data read into memory flaw in multiple Unified Communications Manager (UCM) programs, and Contact Center Solutions products. The flaw is tracked as CVE-2024-20253, carrying a severity score of 9.9/10. 


Italy fines first city for privacy breaches in use of AI 

Italy’s privacy watchdog has fined the northern city of Trento for breaking data protection rules in the way it used artificial intelligence (AI) in street surveillance projects. Trento was fined 50,000 euros ($54,225) and told to delete all data gathered in two European Union-funded projects. It is the first local administration in Italy to be sanctioned by the GPDP watchdog over the use of data from AI tools. The authority – one of the EU’s most proactive in assessing AI platform compliance with the bloc’s data privacy regime – last year briefly banned popular chatbot ChatGPT in Italy. In 2021, it also said a facial recognition system tested by the Italian Interior Ministry did not comply with privacy laws. 


Exploits released for critical Jenkins RCE flaw, patch now 

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. Jenkins is an open-source automation server widely used in software development, particularly for Continuous Integration (CI) and Continuous Deployment (CD). It plays a critical role in automating various parts of the software development process, like building, testing, and deploying applications. It supports over a thousand integration plugins and is used by organizations of all sizes, including large enterprises. 


Who is Alleged Medibank Hacker Aleksandr Ermakov? 

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles. 

Related Posts