AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/9/2024

How to escape Honda’s privacy hell

There are lots of reasons to want to shut off your car’s data collection. The Mozilla Foundation has called modern cars “surveillance machines on wheels” and ranked them worse than any other product category last year, with all 25 car brands they reviewed failing to offer adequate privacy protections. With sensors, microphones, and cameras, cars collect way more data than needed to operate the vehicle. They also share and sell that information to third parties, something many Americans don’t realize they’re opting into when they buy these cars. Companies are quick to flaunt their privacy policies, but those amount to pages upon pages of legalese that leave even professionals stumped about what exactly car companies collect and where that information might go.


Google’s AI plans now include cybersecurity

As people try to find more uses for generative AI that are less about making a fake photo and are instead actually useful, Google plans to point AI to cybersecurity and make threat reports easier to read. In a blog post, Google writes its new cybersecurity product, Google Threat Intelligence, will bring together the work of its Mandiant cybersecurity unit and VirusTotal threat intelligence with the Gemini AI model. The new product uses the Gemini 1.5 Pro large language model, which Google says reduces the time needed to reverse engineer malware attacks. 


FBI warns of gift card fraud ring targeting retail companies

The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this hacking group targets the personal and work mobile devices of retail department staff using a sophisticated phishing kit that enables them to bypass multi-factor authentication. Upon infiltrating an employee’s account, the attackers move laterally through the network, trying to identify the gift card business process and pivoting towards compromised accounts linked to this specific portfolio.


Zscaler Investigates Hacking Claims After Data Offered for Sale

Cybersecurity giant Zscaler rushed to conduct an investigation on Wednesday after a notorious hacker offered to sell access to the company’s systems. The hacker known as IntelBroker announced on a popular cybercrime forum that he was “selling access to one of the largest cyber security companies”. The hacker’s post does not name the company, but he did confirm in the forum’s shoutbox that it was Zscaler. IntelBroker has offered to sell “confidential and highly critical logs packed with credentials”, including SMTP access, PAuth access, and SSL passkeys and certificates, for a total price of $20,000 in cryptocurrency. 


Stack Overflow bans users en masse for rebelling against OpenAI partnership — users banned for deleting answers to prevent them being used to train ChatGPT

Stack Overflow, a legendary internet forum for programmers and developers, is coming under heavy fire from its users after it announced it was partnering with OpenAI to scrub the site’s forum posts to train ChatGPT. Many users are removing or editing their questions and answers to prevent them from being used to train AI — decisions which have been punished with bans from the site’s moderators. Stack Overflow user Ben posted on Mastodon about his experience editing his most successful answers to try to avoid having his work stolen by OpenAI.

Related Posts