AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/4/2024

Missouri county declares state of emergency amid suspected ransomware attack 

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. “Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack,” officials wrote Tuesday. “Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal.” The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice. 


Microsoft slammed for lax security that led to China’s cyber-raid on Exchange Online 

A review of the June 2023 attack on Microsoft’s Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called “Storm-0558” – has found that the incident would have been preventable save for Microsoft’s lax infosec culture and sub-par cloud security precautions. The review, conducted by the US government’s Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board (CSRB), calls for “rapid cultural change” at Microsoft. 


FCC will vote on restoring net neutrality rules 

The Federal Communications Commission will vote on April 25th on a proposal to restore net neutrality rules, the agency announced on Wednesday. If the five-member panel votes to restore the rules, internet service providers (ISP) will be reclassified from information services to common carriers, bringing stricter regulations with the change. The idea of net neutrality is to keep ISPs from treating internet traffic differently by throttling or blocking, for example. 


Want to keep getting Windows 10 updates next year? Here’s what it will cost 

As Windows 10 nears its end-of-support deadline, Microsoft is executing a familiar game plan for its business customers. Last December, the company confirmed it would offer a subscription-based option to customers who want to continue receiving security updates for Windows 10 after October 14, 2025, mirroring a similar program Microsoft ran in 2020, when Windows 7 reached its end of support. And now, right on schedule, we know what those updates will cost, at least for Microsoft’s most profitable customers. In a post on the Windows IT Pro Blog, Microsoft’s Jason Leznek offered up a price list for business customers; a separate post on the Microsoft Education Blog offered a much more attractive set of prices for education customers. 


Academics probe Apple’s privacy settings and get lost and confused 

A study has concluded that Apple’s privacy practices aren’t particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options. The research was conducted by Amel Bourdoucen and Janne Lindqvist of Aalto University in Finland. The pair noted that while many studies had examined privacy issues with third-party apps for Apple devices, very little literature investigates the issue in first-party apps – like Safari and Siri. The aims of the study [PDF] were to investigate how much data Apple’s own apps collect and where it’s sent, and to see if users could figure out how to navigate the landscape of Apple’s privacy settings. 


Related Posts