AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/31/2024

Microsoft stole my Chrome tabs, and it wants yours, too 

Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d left off in Chrome. I couldn’t believe my eyes. I never imported my data into Microsoft Edge, nor did I confirm whether I wanted to import my tabs. But here was Edge automatically opening after a Windows update with all the Chrome tabs I’d been working on. I didn’t even realize I was using Edge at first, and I was confused why all my tabs were suddenly logged out. 


ChatGPT is leaking passwords from private conversations of its users, Ars reader says 

ChatGPT is leaking private conversations that include login credentials and other personal details of unrelated users, screenshots submitted by an Ars reader on Monday indicated. Two of the seven screenshots the reader submitted stood out in particular. Both contained multiple pairs of usernames and passwords that appeared to be connected to a support system used by employees of a pharmacy prescription drug portal. An employee using the AI chatbot seemed to be troubleshooting problems they encountered while using the portal. 


Citibank sued over failure to defend customers against hacks, fraud 

New York Attorney General Letitia James sued Citibank over its failure to defend customers against hacks and scams and refusing to reimburse victims after allowing fraudsters to steal millions from their accounts. The NY Attorney General’s lawsuit against Citibank alleges that the financial institution also unlawfully denied reimbursement to victims of fraud, a violation of the Electronic Fund Transfer Act (EFTA). The complaint claims that because it’s providing online and mobile banking options for wire transfers, Citibank should also compensate fraud victims, akin to the protections afforded to victims of electronic credit or debit card fraud under the same legislation. 


Microsoft’s legal department allegedly silenced an engineer who raised concerns about DALL-E 3 

A Microsoft manager claims OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (similar to those that recently targeted Taylor Swift). GeekWire reported Tuesday the company’s legal team blocked Microsoft engineering leader Shane Jones’ attempts to alert the public about the exploit. The self-described whistleblower is now taking his message to Capitol Hill. “I reached the conclusion that DALL·E 3 posed a public safety risk and should be removed from public use until OpenAI could address the risks associated with this model,” Jones wrote to US Senators Patty Murray (D-WA) and Maria Cantwell (D-WA), Rep. Adam Smith (D-WA 9th District), and Washington state Attorney General Bob Ferguson (D). GeekWire published Jones’ full letter. 


New Linux glibc flaw lets attackers get root on major distros 

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). Tracked as CVE-2023-6246, this security flaw was found in glibc’s __vsyslog_internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger. The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046. 


‘Tis the Season for Tax Hax 

Proofpoint researchers recently identified the return of TA576, a cybercriminal threat actor that uses tax-themed lures specifically targeting accounting and finance organizations. This actor is typically only active the first few months of the year during U.S. tax season, generally targeting organizations in North America with low-volume email campaigns. In all campaigns, the actor will email requests for tax preparation assistance and will attempt to deliver remote access trojans (RATs). In the first two observed campaigns in January 2024, the actor used a compromised account to send benign emails purporting to request tax assistance. While the sender account was compromised, the emails featured a reply-to address with a recently registered domain that is likely owned by the threat actor. The threat actor provided a backstory and asked for pricing and availability. If the target replied, the threat actor responded with a malicious Google Firebase (web.app) URL.   

Related Posts