AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/26/2024

Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests

The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest. Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information about the invasive technology.

 

How a cheap barcode scanner helped fix CrowdStrike’d Windows PCs in a flash

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike’s shoddy testing software made possible. All of Grant Thornton’s machines were encrypted with Microsoft’s BitLocker tool, which meant that recovery upon restart required CrowdStrike’s multi-step fix and entry of a 48-character BitLocker key.

 

Critical ServiceNow RCE flaws actively exploited to steal credentials

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates for the flaws on July 10, 2024, tens of thousands of systems potentially remain vulnerable to attacks.

 

Anyone can Access Deleted and Private Repository Data on GitHub

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way. This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR). A CFOR vulnerability occurs when one repository fork can access sensitive data from another fork (including data from private and deleted forks). Similar to an Insecure Direct Object Reference, in CFOR users supply commit hashes to directly access commit data that otherwise would not be visible to them.

 

Apple Agrees to Follow President Biden’s AI Safety Guidelines

Apple is now part of the a group of influential technology companies agreeing to the Biden administration’s voluntary safeguards for artificial intelligence. The safeguards, announced by the White House last year as part of an Executive Order, aim to guide the development of AI systems, ensuring they are tested for discriminatory tendencies, security vulnerabilities, and potential national security risks. The principles outlined in the guidelines call for companies to share the results of AI system tests with governments, civil society, and academia. This level of transparency is intended to foster an environment of accountability and peer review, promoting the development of safer and more reliable AI technologies. The safeguards Apple and other tech companies have agreed to also include commitments to test their AI systems for biases and security concerns.

Related Posts