AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/5/2024

Twilio says hackers identified cell phone numbers of two-factor app Authy users

Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. On Tuesday, Twilio confirmed to TechCrunch that “threat actors” were able to identify the phone number of people who use Authy, a popular two-factor authentication app owned by Twilio. In a post on a well-known hacking forum, the hacker or hackers known as ShinyHunters wrote that they hacked Twilio and obtained the cell phone numbers of 33 million users. Twilio spokesperson Kari Ramirez told TechCrunch that the company “has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.”


Traeger security bugs bad news for grillers with neighborly beef

Keen meatheads better hope they haven’t angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks. With summer in full swing in the northern hemisphere, it means BBQ season is upon us, and with Traeger being one of the most trusted brands in grilling and smoking, there’s a good chance that many backyard cookouts could be ruined if crafty crims have their way.


Microsoft’s Midnight Blizzard source code breach also impacted federal agencies

In March, Microsoft notified the US Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg. Already assigned blame for the earlier SolarWinds attack, the group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches. The VA department found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials told Bloomberg that the account was accessed for just one second, presumably to see if the credentials worked — they have since been updated.


Japan’s Government Just Stopped Using Floppy Disks

You might have presumed it happened years or even decades ago; however, on June 28, Japan officially stopped using floppy disks in government offices. “We have won the war on floppy disks on June 28!” Japan’s Digital Minister Taro Kono said in a statement to Reuters after replacing the final disk. Kono has been very vocal about replacing analog technology in government. In addition to his war on floppy disks, he’s also an advocate for getting rid of fax machines, which, yes, the Japanese government still uses. Kono’s role was created during the pandemic, and he officially took over in August 2022 after declaring war on floppy disks in 2021. Up until last month, 1,035 regulations in Japan involved the use of floppy disks.


California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition

California lawmakers voted to advance legislation Tuesday that would require artificial intelligence companies to test their systems and add safety measures to prevent them from being potentially manipulated to wipe out the state’s electric grid or help build chemical weapons — scenarios that experts say could be possible in the future as technology evolves at warp speed. The first-of-its-kind bill aims to reduce risks created by AI. It is fiercely opposed by venture capital firms and tech companies, including Meta, the parent company of Facebook and Instagram, and Google. They say the regulations take aim at developers and instead should be focused on those who use and exploit the AI systems for harm.

Related Posts