AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/30/2023

Zero-day vulnerability in Google Chrome, statement issued by Google 

Google has released an emergency security update to address a critical zero-day vulnerability in its Chrome web browser. The vulnerability, CVE-2023-6345, stems from an integer overflow weakness within the Skia open-source 2D graphics library. The vulnerability could allow attackers to execute arbitrary code on affected systems, potentially taking control of devices or stealing personal information revealed by BleepingComputer 


US lawmakers have Chinese LiDAR on their threat-detection radar 

A US congressional committee has questioned whether Chinese-made Light Detection and Ranging (LiDAR) devices might have a negative impact on national security, and suggested they may therefore be worthy of the same bans that prevent stateside adoption of other tech. The Select Committee on the Chinese Communist Party (CCP), spearheaded by US representative and committee chairman Mike Gallagher (R-WI), penned a letter to secretaries Gina Raimondo, Lloyd Austin, and Janet Yellen requesting an investigation of Chinese LiDAR manufacturers and the appropriateness of sanctions on those entities. 


Senators introduce bipartisan legislation ending involuntary facial recognition screening 

Sens. John Kennedy (R-La.) and Jeff Merkley (D-Ore.) introduced bipartisan legislation on Wednesday to end involuntary facial recognition screening at airports. The pair of senators are aiming to repeal the authorization of the Transportation Security Administration (TSA) to use facial recognition screening at airports, saying that the Travelers’ Privacy Protection Act (TPPA) would prevent the agency from “further exploiting the technology and storing traveler’s biodata.” The senators added that most Americans are unaware that they can opt out of the screening. 


Custom OpenAI Chatbots Leak Secrets, Pose Privacy Threats 

In a concerning development, initiatives taken by OpenAI to allow users to develop their personalized versions of the generative AI tool, ChatGPT, have taken a dark turn. Known as ‘GPTs’, these chatbots have been designed for personal use or publication on the web. While thousands of such personalized bots have been created, researchers have identified a gnawing flaw, as they are leaking the initial instructions provided. This puts sensitive data at risk, including proprietary data and personal information. Jiahao Yu has been researching Computer Science at Northwestern University. Researchers at the University, along with Yu, examined over 200 custom GPTs. 


North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks 

Threat actors from the Democratic People’s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. “Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime’s ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information,” cybersecurity firm Recorded Future said in a report shared with The Hacker News. 


Dollar Tree hit by third-party data breach impacting 2 million people 

Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies. Dollar Tree is a discount retail company that operates the Dollar Tree and Family Dollar stores in 23,000 locations in the United States and Canada. According to a data breach notification shared with the Maine Attorney General, Dollar Tree’s service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023. 

Related Posts