AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/21/2023

UK Supreme Court rules AI is not an inventor 

The UK Supreme Court ruled that AI cannot get patents, declaring it cannot be named as an inventor of new products because the law considers only humans or companies to be creators. The court unanimously denied a petition from Stephen Thaler, founder of the AI system DABUS, to name his AI as an inventor. The UK’s decision aligns with a similar decision made against Thaler in the US: he previously lost an appeal with the US Patent and Trademark Office, which also denied his petition to claim AI as an inventor. The US Supreme Court declined to hear the case.  


Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner 

Cybersecurity researcher Jeremiah Fowler discovered and alerted VPNMentor to an unprotected database associated with the New York-based online platform Real Estate Wealth Network. The exposed database held 1.5 billion records, including real estate ownership data for millions of individuals. With a size of 1.16 TB (1,523,776,691 records in total), the database featured organized folders containing information on property owners, sellers, investors, and internal user logging data. It encompassed daily logging records spanning from 4/22/23 to 10/23/23, revealing internal user search data. 


FTC proposes tougher children’s data privacy rules for first time in a decade 

The Federal Trade Commission (FTC) is proposing new restrictions on the use and disclosure of children’s personal data and wants to make it much harder for companies to exclude children from their services if they can’t monetize their data, the agency announced Wednesday. The proposed overhaul of the Children’s Online Privacy Protection Rule (COPPA) is the first suggested update of the landmark regulation in a decade. It comes as the agency is showing new muscle in protecting children online, most notably with its recent crackdown on Meta, which it wants to prohibit from monetizing kids’ data across the board. 


Crypto scammers abuse X ‘feature’ to impersonate high-profile accounts 

Cryptocurrency scammers are abusing a legitimate X “feature” to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. On X, formerly Twitter, a post’s URL consists of the account name of the person who tweeted it and a status ID, as shown below. https://twitter.com/[account_name]/status/[status_idThe website uses the status ID to determine what post should be loaded from the site’s database, not bothering to check if the account name is valid. 


Hackers Prompt Emergency Google 0-Day Attack Patch For Chrome Users 

Google hackers Vlad Stolyarov and Clément Lecigne, part of the crack team of security researchers that form Google’s Threat Analysis Group, have uncovered the eighth zero-day vulnerability impacting Chrome browser users of the year. In response to the discovery of CVE-2023-7024, Google has issued an emergency attack patch for all Chrome users as it is known that an exploit already exists on the wild. Rated as a high-severity vulnerability, CVE-2023-7024 impacts the open-source WebRTC component of the Chrome web browser and is of the heap buffer overflow variety.  


BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement 

Despite law enforcement efforts to take down the notorious ALPHV/BlackCat ransomware gang, the cybercriminals are not going down without a fight. Latest developments have shown that the site that was supposedly ‘taken down’ by the FBI has now been ‘unseized.’ The US Department of Justice (DoJ) announced a technical operation against BlackCat on December 19, this was accompanied by a notice on the group’s website stating its seizure by the FBI. 

Related Posts