AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/20/2023

Major apparel supplier behind North Face and Vans hit by cyberattack, disrupting its holiday fulfillments 

VF Corporation reported in a Securities and Exchange Commission filing on Monday that it had been hit by a cyberattack. The company owns a slew of apparel brands, including Vans, North Face, Timberland, Dickies and more — and it warns the disruption could affect your holiday shopping. VF first noticed “unauthorized occurrences” on its IT systems on December 13, it said in a statement to Engadget. While it began to mitigate the damage, VF found that the hackers had encrypted some of its IT systems and stole personal data. It’s trying to come up with work arounds so that people can still buy from VF brands, but the $7 billion company said the attack messed with its ability to fulfill orders. 

 

SSH protects the world’s most sensitive networks. It just got a lot weaker 

Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware surreptitiously inhaled thousands of user names and passwords before it was finally discovered. Some of the credentials belonged to employees of a company run by Tatu Ylönen, who was also a database researcher at the university. 

 

An abused wife took on Tesla over tracking tech. She lost. 

San Francisco police Sergeant David Radford contacted Tesla in May 2020 with a request on a case: Could the automaker provide data on an alleged stalker’s remote access to a vehicle? A woman had come into the station visibly shaken, according to a police report. She told police that her abusive husband, in violation of a restraining order, was stalking and harassing her using the technology in their 2016 Tesla Model X. 

 

AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? 

Shortly after the AlphV/Blackcat ransomware gang’s website was replaced on Tuesday by a splashpage announcing it had been seized by the FBI, the law enforcement message was itself replaced by another missive from the criminals claiming to have “unseized” the page and brought it back under their control. The aggressive message from AlphV said that because of the FBI’s actions it was removing rules it had previously set for affiliates prohibiting them targeting “hospitals, nuclear power plants” and similar institutions, as long as these were located outside of the Commonwealth of Independent States — areas from the former Soviet Union. 

 

2024 Cybersecurity Industry Experts Predictions: Part 1 

As 2023 draws to a close, it’s time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. In the first part of our predictions round-up experts at My1Login, i-confidential, and OSP Cyber Academy reveal what they believe will be the biggest trends in the year ahead. 

 

AI image training dataset found to include child sexual abuse imagery 

A popular training dataset for AI image generation contained links to child abuse imagery, Stanford’s Internet Observatory found, potentially allowing AI models to create harmful content. LAION-5B, a dataset used by Stable Diffusion creator Stability AI and Google’s Imagen image generators, included at least 1,679 illegal images scraped from social media posts and popular adult websites. The researchers began combing through the LAION dataset in September 2023 to investigate how much, if any, child sexual abuse material (CSAM) was present. They looked through hashes or the image’s identifiers. These were sent to CSAM detection platforms like PhotoDNA and verified by the Canadian Centre for Child Protection.  

Related Posts