AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/20/2024

The US wants to use facial recognition to identify migrant children as they age 

The US Department of Homeland Security (DHS) is looking into ways it might use facial recognition technology to track the identities of migrant children, “down to the infant,” as they age, according to John Boyd, assistant director of the department’s Office of Biometric Identity Management (OBIM), where a key part of his role is to research and develop future biometric identity services for the government. As Boyd explained at a conference in June, the key question for OBIM is, “If we pick up someone from Panama at the southern border at age four, say, and then pick them up at age six, are we going to recognize them?” 

 

Iran named as source of Trump campaign phish, leaks 

US authorities have named Iran as the likely source of a recent attack on the campaign of the US Republican Party’s presidential nominee, Donald Trump. A joint statement published on Monday by the Office of the Director of National Intelligence (ODNI), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) re-affirmed past warnings that “Iran seeks to stoke discord and undermine confidence in our democratic institutions.” Tehran’s at it again, the agencies warned, as “Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests.” 

 

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions 

Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system. An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. Permissions regulate whether an app can access resources such as the microphone, camera, folders, screen recording, user input and more. So if an adversary were to gain access to these, they could potentially leak sensitive information or, in the worst case, escalate privileges. This post also provides an overview of the macOS security model and illustrates how vulnerabilities within macOS applications could be exploited by adversaries to steal app permissions. 

 

Geopolitical Tensions Drive Explosion in DDoS Attacks 

Web distributed denial of service (DDoS) attacks rose by 265% in the first half of 2024 compared to H2 2023, according to new findings from Radware. Application-layer DNS DDoS activity also tripled from H2 2023 to H1 2024, while a 16% increase in locked network-layer DDoS attacks was observed in the same period. The researchers highlighted growing worldwide geopolitical tensions as a major driver of this trend, with hacktivist groups claiming between 1000 to 1200 DDoS attacks per month in the first six months of 2024. 

 

CISA warns of Jenkins RCE bug exploited in ransomware attacks 

CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it’s actively exploited in attacks. Jenkins is a widely used open-source automation server that helps developers automate the process of building, testing, and deploying software through continuous integration (CI) and continuous delivery (CD). Tracked as CVE-2024-23897, this flaw is caused by a weakness in the args4j command parser that unauthenticated attackers can exploit to read arbitrary files on the Jenkins controller file system through the built-in command line interface (CLI). 

 

Related Posts