AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/19/2024

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years

An elusive and highly covert Chinese hacking group tracked as GhostEmperor — notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia — has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. Cybersecurity company Sygnia, in a report published Wednesday, said it discovered GhostEmperor was behind an incident it responded to towards the end of last year when an unidentified client’s network was compromised and used as a launchpad to gain access to another victim’s systems.

 

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says

A security researcher says he found a flaw in a traffic light controller that would potentially allow malicious hackers to change the lights and create traffic jams.  Andrew Lemon, a researcher at cybersecurity firm Red Threat, published two blog posts on Thursday detailing his findings of a wider research project investigating the security of traffic controllers. One of the devices Lemon looked at is the Intelight X-1, where he said he found a bug that allows anyone to take full control of the traffic lights. According to Lemon, the bug is very simple and basic: There is no authentication on the internet-exposed web interface of the device. 

 

USPS shared customer postal addresses with Meta, LinkedIn and Snap

The U.S. Postal Service was sharing the postal addresses of its online customers with advertising and tech giants Meta, LinkedIn and Snap, TechCrunch has found. On Wednesday, the USPS said it addressed the issue and stopped the practice, claiming that it was “unaware” of it. TechCrunch found USPS was sharing customers’ information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user — such as which pages they visit — every time a webpage containing the code loads in the customer’s browser.

 

CrowdStrike code update bricking Windows machines around the world

An update to a product from infosec vendor CrowdStrike is bricking computers running Windows. The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot. “We’re seeing BSOD Org wide that are being caused by csagent.sys, and it’s taking down critical services. I’ll open a ticket, but this is a big deal,” wrote one user. Forums report that Crowdstrike has issued an advisory with a URL that includes the text “Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19” – but it’s behind a regwall that only customers can access.

 

Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court

A judge has dismissed a major portion of the Securities and Exchange Commission (SEC) litigation against SolarWinds and its chief information security officer (CISO), Tim Brown, ruling that they cannot be held liable for statements and filings made after the breach of the company’s flagship Orion product. However, the SEC can proceed with its charge against SolarWinds and Brown for misrepresentations made about the company’s cybersecurity posture leading up to the cyberattack, according to the ruling from US District Court Judge Paul A. Engelmayer released on July 18. Court filings refer to the cyber incident as “Sunburst.”

Related Posts