AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/11/2024

Russia disrupts internet access in multiple regions to test ‘sovereign internet’

Residents of several Russian regions experienced internet disruptions over the weekend as local authorities attempted to disconnect them from the global network and test the country’s so-called “sovereign internet” infrastructure. According to a report by the U.S. nonprofit Institute for the Study of War (ISW), these trials mostly affected Russian regions populated by ethnic minorities, including Chechnya, Dagestan and Ingushetia. Data from the internet watchdog NetBlocks shows that the internet disruptions in Dagestan lasted for nearly 24 hours.

 

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks. The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress. The flaw was first disclosed by Cleo in a security advisory on October 30 which warned that exploitation could lead to remote code execution. It affects ​​Cleo’s LexiCom, VLTransfer, and Harmony tools, which are commonly used by enterprises to manage file transfers.

 

US sanctions Chinese firm for hacking firewalls in ransomware attacks

The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a Chengdu-based cybersecurity government contractor (recently profiled by the Natto Thoughts team) that provides products and services to core clients like China’s intelligence services.

 

Apple Hit With $1.2B Lawsuit Over Abandoned CSAM Detection System

Apple is facing a lawsuit seeking $1.2 billion in damages over its decision to abandon plans for scanning iCloud photos for child sexual abuse material (CSAM), according to a report from The New York Times.

Filed in Northern California on Saturday, the lawsuit represents a potential group of 2,680 victims and alleges that Apple’s failure to implement previously announced child safety tools has allowed harmful content to continue circulating, causing ongoing harm to victims. In 2021, Apple announced plans to implement CSAM detection in iCloud Photos, alongside other child safety features. However, the company faced significant backlash from privacy advocatessecurity researchers, and policy groups who argued the technology could create potential backdoors for government surveillance. Apple subsequently postponed and later abandoned the initiative.

 

Startup will brick $800 emotional support robot for kids without refunds

Startup Embodied is closing down, and its product, an $800 robot for kids ages 5 to 10, will soon be bricked. Embodied blamed its closure on a failed “critical funding round.” On its website, it explained: We had secured a lead investor who was prepared to close the round. However, at the last minute, they withdrew, leaving us with no viable options to continue operations. Despite our best efforts to secure alternative funding, we were unable to find a replacement in time to sustain operations. The company didn’t provide further details about the pulled funding. Embodied’s previous backers have included Intel Capital, Toyota AI Ventures, Amazon Alexa Fund, Sony Innovation Fund, and Vulcan Capital, but we don’t know who the lead investor mentioned above is.

 

$50 Million Radiant Capital Heist Blamed on North Korean Hackers

A North Korean threat actor was responsible for the $50 million heist that Radiant Capital fell victim to in October, the decentralized finance (DeFi) project says. The incident occurred on October 16, after three developers got infected with malware and their devices were used to sign fraudulent transactions during a routine multi-signature emissions adjustment process. Radiant published a post-mortem on October 18 explaining that the attackers deceived the Safe{Wallet} verification, which displayed legitimate transactions while the fraudulent ones were being performed in the background. This led to the draining of roughly $50 million from core markets. Subsequently, the attackers exploited open approvals and withdrew funds from user accounts.

Related Posts