AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/29/2024

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said in an analysis, which was presented at the Black Hat Asia conference last week. “During this conversion process, a known issue exists in which the function removes trailing dots from any path element and any trailing spaces from the last path element. This action is completed by most user-space APIs in Windows.”


DHS announces AI safety board with OpenAI founder, CEOs of Microsoft, Nvidia, IBM

The Department of Homeland Security announced a new Artificial Intelligence Safety and Security Board designed to guide the usage of AI within U.S. critical infrastructure. DHS Secretary Alejandro Mayorkas said on a media call Friday that the board will advise the department on how best to govern the ways AI is deployed across the 16 critical infrastructure sectors, “from defense to energy transportation to information technology, financial services, to food and agriculture, and so much more.” AI can be “an extraordinarily powerful force to improve the efficiency and quality of all the services that critical infrastructure provides. At the same time, we recognize the tremendously debilitating impact its errant use can have,” Mayorkas told reporters.


Spy Pet, accused of scraping billions of public messages, taken down by Discord

According to reports, Discord has shut down a website named Spy Pet that scraped Discord user data, including messages posted across servers, and sold it for crypto. Notably, Discord has also banned multiple accounts associated with the Spy Pet service, which has now gone offline. As first highlighted by StackDiary and The Register, Spy.pet website has scraped data, including profiles and individual messages of over 620 million Discord users, and is selling them off for payments made in cryptocurrency. Furthermore, Spy.pet was found to be stealing connected social media accounts, including Steam accounts, and offering an ‘enterprise option’ for anyone looking to train an AI model based on Discord’s library of messages.


Google asks court to reject the DOJ’s lawsuit that accuses it of monopolizing ad tech

Google filed a motion on Friday in a Virginia federal court asking for the Department of Justice’s antitrust lawsuit against it to be thrown away. The DOJ sued Google in January 2023, accusing the company of monopolizing digital advertising technologies through “anticompetitive and exclusionary conduct.” Per Bloomberg, Google is now seeking summary judgment to avoid the case going to trial in September as planned. Attorney General Merrick B. Garland said at the time the lawsuit was first announced that Google “has used anticompetitive, exclusionary, and unlawful conduct to eliminate or severely diminish any threat to its dominance over digital advertising technologies.” The lawsuit alleges that Google controls digital advertising tools to such an extent that it “pockets on average more than 30 percent of the advertising dollars that flow through its digital advertising technology products,” according to a press release from the agency last year.


Okta warns of “unprecedented” credential stuffing attacks on customers

Okta warns of an “unprecedented” spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. Threat actors use credential stuffing to compromise user accounts by trying out in an automated manner lists of usernames and passwords typically purchased from cybercriminals. In an advisory today, Okta says the attacks seem to originate from the same infrastructure used in the brute-force and password-spraying attacks previously reported by Cisco Talos [12].

Related Posts