AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/16/2024

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says 

Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very integrity of the blockchain into question.” “The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of ethereum users across the globe,” Williams said. “And once they put their plan into action, their heist only took 12 seconds to complete.” 

 

Companies lacked proper review for links to Caribbean undersea cables, FCC says 

Two telecommunications companies will pay separate $1 million fines to the Federal Communications Commission for adding connections to a Caribbean undersea cable network without getting the U.S. government’s approval. The FCC said Tuesday that cable landing stations in Colombia and Costa Rica came online in 2021 and 2022, respectively, without review by the U.S. interagency unit for reviewing foreign connections to U.S. infrastructure, known as Team TelecomPuerto Rico Telephone Company and LATAM Telecommunications were each fined for allowing improper links to the América Móvil undersea system, which includes stations in Florida. 

 

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks 

Researchers at Belgium’s KU Leuven discovered a fundamental design flaw in the IEEE 802.11 Wi-Fi standard that gives attackers a way to trick victims into connecting with a less secure wireless network than the one to which they intended to connect. Such attacks can expose victims to higher risk of traffic interception and manipulation, according to VPN review site Top10VPN, which collaborated with one of the KU Leuven researchers to release flaw details this week ahead of a presentation at an upcoming conference in Seoul, South Korea. 

 

Visa leverages AI to help retailers access more customer data 

Digital payments company Visa has said it’s leveraging AI to share consumer shopping preferences with merchants, which could enhance personalized shopping experiences. The company plans to utilize its proprietary token service, which currently secures 29% of its transactions by removing sensitive cardholder information from the payment flow. Now, with consumer consent, it’s planning to add personal data back into that flow, enabling merchants to access private data tokens containing AI-generated insights based on a consumer’s past transactions on the Visa network, the company said. 

 

FCC names and shames Royal Tiger AI robocall crew 

The US Federal Communications Commission has named its first robocall gang, dubbing the crew “Royal Tiger,” and detailed its operations in an attempt to encourage international action against the scammers. Royal Tiger uses AI voice cloning to impersonate staff at government agencies, banks, and utilities. These robocalls purport to offer credit card interest rate reductions or fake purchase authorization orders. The gang also use spoofing techniques to obtain consumer’s financial and other sensitive data, which then allows them to target individuals. 

Related Posts