AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/08/2023

Indian Court Orders Reuters To Take Down Investigative Report Regarding A ‘Hack-For-Hire’ Company

Over the years we’ve written about plenty of “cyberespionge” companies. Some engage in spyware or surveillance ware. Others actively hack devices. Almost all of these eventually get exposed through dogged investigative reporting. A few people reached out to point to this rather concerning Editor’s note that was posted to Reuters this week: Reuters has temporarily removed the article “How an Indian startup hacked the world” to comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi, India. Reuters stands by its reporting and plans to appeal the decision.

 

Hackers breach US govt agencies using Adobe ColdFusion exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates.

 

Linux is getting its own Blue Screen of Death

Linux is getting its own version of a Blue Screen of Death (BSOD). Phoronix reports that the latest release of systemd for Linux systems comes with a systemd-bsod service that’s able to generate a full-screen error message on Linux distributions. Much like how the Blue Screen of Death originated in Windows, Linux’s version will be used as an emergency tool to log errors. If a Linux system fails to boot, it will generate a full-screen message that displays a QR code to get more information on what’s causing the boot issue. This was reportedly added as part of an Outreachy project, a group that provides internships for people to work on open-source tools.

 

Google launches Gemini, the AI model it hopes will take down GPT-4

It’s the beginning of a new era of AI at Google, says CEO Sundar Pichai: the Gemini era. Gemini is Google’s latest large language model, which Pichai first teased at the I/O developer conference in June and is now launching to the public. To hear Pichai and Google DeepMind CEO Demis Hassabis describe it, it’s a huge leap forward in an AI model that will ultimately affect practically all of Google’s products. “One of the powerful things about this moment,” Pichai says, “is you can work on one underlying technology and make it better and it immediately flows across our products.” 

 

ICO Warns of Fines for “Nefarious” AI Use

The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to harvest data or treat customers unfairly. “We know there are bad actors out there who aren’t respecting people’s information and who are using AI to gain an unfair advantage over their competitors.

 

Android phones can now send medical data during 911 calls

Some Android users are getting an update that could literally save their lives one day. Android users who have a device with the Personal Safety app can now opt-in to sharing medical information with first responders when calling or texting 911. The feature has been available for iPhone and Apple Watch users since the rollout of iOS 13.5 in 2020. Android users can add information such as caller name, allergies, emergency contacts and preexisting medical conditions. “This is when the information you put inside your phone becomes useful to 911,” Tenea Reddick, ECC director at Baltimore City Fire Department, said in a statement.

 

 

Related Posts