AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/25/2023

Decentralized Matrix messaging network says it now has 115M users 

The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. Additionally, the Synapse open-source Matrix homeserver’s opt-in usage reporting indicates that unique matrix IDs on the public network have surpassed 115 million, indicating massive growth of the protocol. This growth is nearly doubled from its 60 million users in July 2022, which by itself marked a 79% increase from the summer of 2021. 

 

‘Log in with…’ Feature Allows Full Online Account Takeover for Millions 

Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens of websites, exposing people to credential theft, financial fraud, and other cybercriminal activity. Researchers from Salt Labs discovered critical API misconfigurations on the sites of several online companies — artificial intelligence (AI)-powered writing tool Grammarly, online streaming platform Vidio, and Indonesian e-commerce site Bukalapak — that lead them to believe that dozens of other sites are likely compromised in the same way, they revealed in a report published Oct. 24. 

 

Hunters International leaks pre-op plastic surgery pics in negotiation no-no 

A newly emerged ransomware gang claims to have successfully gained access to the systems of a US plastic surgeon’s clinic, leaking patients’ pre-operation pictures in an attempt to hurry a ransom payment. Security experts have linked Hunters to the shuttered Hive group, which was dismantled through a coordinated international law enforcement operation in January. The group, calling itself Hunters International, has claimed attacks on only two victims so far, with the first – a UK primary school – appearing earlier this month. 

 

University of Michigan Reveals Hackers Obtained Troves of Data in August Breach 

The hackers behind the data breach the University of Michigan suffered in August made off with troves of data belonging to students, applicants, alumni, donors, employees and contractors, the university said in an update. Until this week, U-M kept a tight lid on the details surrounding the breach, telling the media that its ongoing investigation was preventing it from sharing “anything that might compromise that important work.” With the investigation now concluded, U-M can share more details of what happened in August. 

 

The AI-Generated Child Abuse Nightmare Is Here 

A horrific new era of ultrarealistic, AI-generated, child sexual abuse images is now underway, experts warn. Offenders are using downloadable open source generative AI models, which can produce images, to devastating effects. The technology is being used to create hundreds of new images of children who have previously been abused. Offenders are sharing datasets of abuse images that can be used to customize AI models, and they’re starting to sell monthly subscriptions to AI-generated child sexual abuse material (CSAM). 

Related Posts