AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/09/2023

Cisco releases urgent patch for flaw that could let hackers access Emergency Response Systems 

Cisco Emergency Responder (CER), the company’s emergency communication system used to respond to crises in a timely manner, had hardcoded credentials, allowing hackers with knowledge of this fact easy access to the systems. The news was confirmed by the company itself, which recently released a new patch to address the problem. The vulnerability is tracked as CVE-2023-20101 and comes with a severity score of 9.8. “An attacker could exploit this vulnerability by using the account to log in to an affected system,” Cisco said in an advisory. “A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.” 

 

Genetics firm 23andMe says user data stolen in credential stuffing attack 

23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. 23andMe is a U.S. biotechnology and genomics firm offering genetic testing services to customers who send a saliva sample to its labs and get back an ancestry and genetic predispositions report. Recently, a threat actor leaked samples of data that was allegedly stolen from a genetics firm and, a few days later, offered to sell data packs belonging to 23andMe customers. 

 

Ukraine cyber-conflict: Hacking gangs vow to de-escalate 

The two largest hacktivist groups in the Ukraine conflict have vowed to de-escalate cyber-attacks and comply with new rules of engagement published by a war watchdog. On Wednesday, the International Committee of the Red Cross (ICRC) issued the first list of rules for civilian hackers ever created. Dubbed a “Geneva Code of cyber-war”, it was initially criticised as unworkable. But now Ukrainian and Russian hackers say they will comply with the rules. Since the invasion of Ukraine there has been a steady stream of disruptive cyber-attacks against public services in both Ukraine and Russia with varying degrees of impact. 

 

Google, Yahoo Push DMARC, Forcing Companies to Catch Up 

By February 2024, any company sending more than 5,000 email messages through Google or Yahoo will have to start using an authentication technology known as Domain-based Message Authentication Reporting and Conformance (DMARC). The requirements — announced by Google and Yahoo this week — will reach much further than marketers, however, forcing all companies lagging behind in their adoption of the trio of security technologies to catch up. Enterprises using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) will gain protection against impersonation through better authentication, while DMARC creates a notification channel back to the domain-name owner to collect information on whether their email is being spoofed. 

 

Bounty offered for secret NSA seeds behind NIST elliptic curves algo 

A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. The bounty will be tripled to $36,864 if the award recipient chooses to donate the amount to any 501(c)(3) charity. This challenge was announced by cryptography specialist Filippo Valsorda, who raised the amount with the help of recognized figures in cryptography and cybersecurity. 

 

Third Flagstar Bank data breach since 2021 affects 800,000 customers 

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion. data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services. 

Related Posts