AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/6/2024

Rapid7 throws JetBrains under the bus for ‘uncoordinated vulnerability disclosure’

Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there’s apparently a time and a place for these things. According to the cybersecurity company, it replied by saying it wouldn’t agree to swift disclosure, and pointed JetBrains to its policy against silently patching vulnerabilities, which stipulates that if companies violate that policy, Rapid7 will itself release the full details of the vulnerability, including enough information to allow people to develop exploits, within 24 hours.


US accuses Army vet cyber-Casanova of sharing Russia-Ukraine war secrets

Yet another US military man is facing a potentially significant stretch in prison after allegedly sending secret national defense information (NDI) overseas. David Franklin Slater, 63, was indicted on Monday and faces three counts of conspiracy to disclose NDI. On the same day, Pentagon documents leaker Jack Teixeira also pleaded guilty to his crimes, as expected. Slater is said to have developed a relationship with a co-conspirator, believed by him to be a woman in Ukraine, via a foreign dating app and used the same app to send secret data back to the recipient at their request. A civilian employee of the US Air Force at the time, Slater held a Top Secret security clearance from around August 2021 to April 2022 and with that attended numerous Top Secret briefings concerning the war in Ukraine.


U.S. sanctions Predator spyware operators for spying on Americans

The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology used to target Americans, including U.S. government officials, journalists, and policy experts,” reads a press release by the Office of Foreign Assets Control (OFAC).


IP address X-posure now a feature on Musk’s social media thing

Video and audio calling features for X Premium users added last year to Elon Musk’s version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you’re nattering away to. For some of you, that’s not a problem. You’re calling people you know and trust anyway. For others, it may be a genuine privacy issue, so at least you’ve been warned. This is the nature of this kind of peer-to-peer communications. When you call someone via X, each end by default will be able to determine the other person’s IP address. X’s News account announced the expansion of video and audio calls to all users last week. Within days complaints started rolling in about the on-by-default feature, with critics noting that, along with opening users up to bombardment by trolls, it could also make physically tracking X users, to some degree at least, a cinch for anyone who knows how to inspect network packets and see the other end of a conversation’s IP address.


New DMARC rules could see retailer emails not being delivered

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google’s email authentication policy changes. Both Google’s sender guidelines and Yahoo’s sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.


RiskInDroid: Open-source risk analysis of Android apps

“A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s output, and they should be able to compare the app’s risk with others easily,” Gabriel Claudiu Georgiu, developer of RiskInDroid, told Help Net Security. Unlike other tools, RiskInDroid does not take into consideration only the permissions declared into the app manifest but carries out reverse engineering on the apps to retrieve the bytecode and then infers (through static analysis) which permissions are used, extracting four sets of permissions for every analyzed app.

Related Posts