AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/13/2023

Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims 

Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal court in San Jose, California, claims Intel knew about the susceptibility of its AVX instruction set to side-channel attacks since 2018, but didn’t fix the defect until the disclosure of the Downfall hole this year, leaving affected computer buyers with no other option than to apply a patch that slows performance by as much as 50 percent. 


It’s Still Easy for Anyone to Become You at Experian 

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account. I recently ordered a copy of my credit file from Experian via annualcreditreport.com, but as usual Experian declined to provide it, saying they couldn’t verify my identity. Attempts to log in to my account directly at Experian.com also failed; the site said it didn’t recognize my username and/or password. 


Iranian hackers launch malware attacks on Israel’s tech sector 

Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms. Imperial Kitten is also known as Tortoiseshell, TA456, Crimson Sandstorm, and Yellow Liderc, and for several years it used the online persona Marcella Flores. It is a threat actor linked to the Islamic Revolutionary Guard Corps (IRGC), a branch of the Iranian Armed Forces, and has been active since at least 2017 carrying out cyberattacks against organizations in various sectors, including defense, technology, telecommunications, maritime, energy, and consulting and professional services. 


Freight giant DP World recovers from cyber attack, but warns investigation and remediation is ‘ongoing’ 

Shipping giant DP World Australia says its systems are working at its ports again, following a brief cyber attack which crippled the company’s operations. The company moves about 40 per cent of the nation’s freight, and it was feared that a prolonged cybersecurity breach would make life harder for importers, retailers and Christmas shoppers — particularly those seeking items in hot demand around the world, like electronics. “They’re massive,” explained Stephen Lakey, an independent director of the Supply Chain Logistics Association of Australia. 


Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades 

U.S. Treasury Secretary Janet Yellen suggested Friday that a ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market. She said U.S. and Chinese finance officials discussed the attack in San Francisco, where they met Friday ahead of a regional economic summit next week. “We’ve not seen an impact on the Treasury market,” Yellen told reporters. “I think it’s an example of why we need close communications. This is situation where it’s critical to be able to pick up the phone and know that you will have a good response on the other end, and that we can trust one another to work together.” 


HiBoB Experts Reveal: Top Cybersecurity Threats for Employee Data 

Employee data—it contains some of your company’s most sensitive information. Salaries, social security numbers, health records…this stuff is like gold to cybercriminals. While you need access to employee data to run your business, keeping it secure is seriously tricky with today’s sophisticated hacking threats. A data breach could wreck your operations and demolish trust with staff. So how do you lock down employee data and protect your organization? Well, why not turn to the people who are responsible for holding and protecting hundreds of thousands of employee records across a wide range of industries? As a leading HR platform for over 3,000 companies, HiBob helps organizations manage sensitive employee information each and every day.  

Related Posts