AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/13/2024

VR headsets can be hacked with an Inception-style attack

In the Christoper Nolan movie Inception, Leonardo DiCaprio’s character uses technology to enter his targets’ dreams to steal information and insert false details into their subconscious.  A new “inception attack” in virtual reality works in a similar way. Researchers at the University of Chicago exploited a security vulnerability in Meta’s Quest VR system that allows hackers to hijack users’ headsets, steal sensitive information, and—with the help of generative AI—manipulate social interactions. 

 

Data brokers admit they’re selling information on precise location, kids, and reproductive healthcare

Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in. Any business that meets the definition of data broker must register with the California Privacy Protection Agency (CPPA) annually. The CPPA defines data brokers as businesses that consumers don’t directly interact with, but that buy and sell information about consumers from and to other businesses. Where there’s money to be made you’ll find companies and individuals that will go to any length to get a piece of the action. At the moment there are around 480 data brokers registered with the CPPA.

 

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. Now, JetBrains has gone on the offensive. The software developer published its side of the story at the time, but felt the need to go a step further with another blog post this week, hammering home its argument that it did act responsibly and within the norms of vulnerability disclosure. Further to that, it branded Rapid7’s approach, which was to release full details of the two TeamCity vulnerabilities as well as enough information for low-skilled attackers to develop exploit code just five hours after patches went live, “entirely unethical and harmful” to its customers.

 

White House meets with UnitedHealth CEO over hack

White House officials met with UnitedHealth Group (UNH.N), opens new tab CEO Andrew Witty and others in the industry on Tuesday to discuss a hack at the healthcare conglomerate’s tech unit that has disrupted operations across the United States. The meeting was the first to bring together providers such as hospitals and payers such as health insurers, said a spokesperson from the Department of Health and Human Services (HHS), adding that daily individual meetings have been held with all involved parties since the hack.

 

Acer confirms Philippines employee data leaked on hacking forum

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company’s employee attendance data after a threat actor leaked the data on a hacking forum. Acer is a Taiwanese maker of computer hardware and electronics, best known for its laptops that offer a good balance of performance, quality, and competitive pricing. Earlier today, a threat actor known as ‘ph1ns’ published a link to download a stolen database containing Acer employee data for free on a hacking forum. The attacker told BleepingComputer that no ransomware or encryption was involved and that it was a pure data theft attack.

 

Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm

The cryptocurrency company Tether seized $1.4 million on behalf of U.S. law enforcement investigating a tech support scam targeting elderly citizens, the company announced Tuesday — as it attempts to burnish its reputation amid accusations that its USDT coin is the currency of choice for online fraudsters. The U.S. Attorney’s Office of the Northern District of Illinois announced the seizure on Friday and “acknowledged Tether for its assistance in effectuating the transfer of these assets.” “The company will continue to voluntarily assist law enforcement agencies to help protect the safety and security of its users and the broader crypto community,” Tether said in a release.

Related Posts