AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/26/2023

AWS announces ‘sovereign cloud’ to support data residency in Europe 

Amazon is joining the list of big tech companies to introduce a dedicated independent cloud for Europe, with news that it’s working on the “AWS European Sovereign Cloud” for governments and highly-regulated industries across Europe. AWS’s cloud rival Google partnered with Deutsche Telekom’s IT services and consulting subsidiary T-Systems more than two years ago to offer a sovereign cloud for German organizations, while Microsoft launched its “cloud for sovereignty” last year. And Oracle followed suit earlier this year. 


Cybersecurity regulations for passenger and freight railroads renewed by TSA 

The Transportation Security Administration (TSA) renewed cybersecurity directives for passenger and freight railroad carriers that were set to expire on Tuesday. The rules — split into three separate directives — mandate that operators test parts of their cybersecurity incident response plans every year, submit annual updated cybersecurity assessment plans to TSA and report on the effectiveness of the efforts. Carriers are mandated to develop network segmentation policies and controls that separate operational technology (OT) systems from general IT systems in case of compromise. 


Google Search can now help verify an image’s origins 

Google is starting to roll out its new “About this image” tool, which aims to provide essential background information and context about images in Google Search. The feature was first announced at Google’s I/O developer conference in May, and now it’s rolling out to English users globally. You can access the feature from the three-dot menu that appears in Search and Google Images results. The search giant is also announcing updates to its Fact Check Explorer initiative and AI-powered Search Generative Experience. 


As Citrix Urges Its Clients to Patch, Researchers Release an Exploit 

A critical security update is now available for the latest high-profile Citrix NetScaler vulnerability. But so is an exploit. And in some cases, the latter may be simpler to use than the former. It’s been a busy week so far for Citrix customers. On Sept. 23, following reports of active exploitation in the wild, the company released an urgent update for CVE-2023-4966, a sensitive information disclosure vulnerability in its NetScaler application delivery controller (ADC) and Gateway products. The vulnerability was assigned a “High” 7.5 out of 10 CVSS rating by NIST, but a “Critical” 9.4 by Citrix itself. 


Seiko says ransomware attack exposed sensitive customer data 

Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. Seiko says its investigation confirmed that a total of 60,000 ‘items of personal data’ held by its ‘Group’ (SGC), ‘Watch’ (SWC), and ‘Instruments’ (SII) departments were compromised by the attackers. On August 10, 2023, the company warned that someone had gained unauthorized access to at least one of its servers on July 28, 2023. 


Pro-Russia hackers target inboxes with 0-day in webmail app used by millions 

A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, researchers from security firm ESET said on Wednesday. The previously unknown vulnerability resulted from a critical cross-site scripting error in Roundcube, a server application used by more than 1,000 webmail services and millions of their end users. Members of a pro-Russia and Belarus hacking group tracked as Winter Vivern used the XSS bug to inject JavaScript into the Roundcube server application. The injection was triggered simply by viewing a malicious email, which caused the server to send emails from selected targets to a server controlled by the threat actor. 

Related Posts