AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/11/2024

New York Times source code stolen using exposed GitHub token

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repositories in January 2024, The Times confirmed to BleepingComputer. As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data. “Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.


FCC OKs pilot to bolster school, library cybersecurity

Growing cybersecurity threats against the U.S. education sector have prompted the Federal Communications Commission to approve the $200 million Schools and Libraries Cybersecurity Pilot Program, which would ensure investment in sophisticated endpoint protection, identity authentication, and firewall systems for schools and libraries across the country over the next three years, reports StateScoop. Such a program — which will use a model akin to the FCC’s E-Rate program in selecting the educational entities that would be supported — was noted by Funds for Learning to require $823.4 million in funding should all schools and libraries across the U.S. seek additional cybersecurity investment.


DDoS attacks target EU political parties as elections begin

Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. The European Parliament elections are already underway in the Netherlands and are set to begin in 26 more countries across the EU over the coming days, igniting politically motivated cyberattacks. Cloudflare reports that it has mitigated at least three distributed denial of service (DDoS) attack waves on various election-related sites in the Netherlands, as well as several political parties.


Two arrested in UK over fake cell tower-powered smishing campaign

British police have arrested two individuals following an investigation into illegal homebrew phone masts used for SMS-based phishing campaigns. The illegitimate phone mast, described as a “homemade mobile antenna” and dubbed by police as a “text message blaster,” is thought to be a first-of-its-kind device in the UK designed to fire dodgy texts out en masse, all while bypassing network operators’ anti-smishing controls. Thousands of messages were sent using this mast, City of London Police said on Friday, with those behind the operation misrepresenting themselves as banks “and other official organizations.”


Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past. In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old data. If you use this feature, that means you have about five months before losing your location history. Moving forward, Google will link the Location information to the devices you use, rather than to the user account(s). And, instead of backing up your data to the cloud, Google will soon start to store it locally on the device.

Related Posts