AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/6/2024

Apache OFBiz Users Warned of New and Exploited Vulnerabilities

Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole. The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints),” developers said in an advisory

 

Tech contractor exposes data of 4.6 million US voters

A US technology contractor has exposed the data of 4.6 million voters and election documents from multiple counties in Illinois, raising serious concerns about election security and voter privacy. The exposed databases, managed by the technology contractor Platinum Technology Resource, were discovered to be non-password-protected and linked to counties in Illinois. The data breach was identified by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor. “I found a collection of different documents, including voting records, ballot templates, and voter registrations, all from a single county in Illinois,” Fowler said in the report. “Further investigation revealed a total of 13 open databases and 15 others that exist but are not publicly accessible.”

 

CrowdStrike says it’s not to blame for Delta’s days-long outage

CrowdStrike refutes Delta Air Lines’ allegations that the cybersecurity firm is to blame for a dayslong flight disruption following last month’s catastrophic system outage, saying that the airline rejected repeated offers to help restore impacted systems. In an interview with CNBC last week, Delta CEO Ed Bastian said the outage cost the company $500 million after more than 6,000 flights were grounded, and that the airline has “no choice” but to seek legal compensation from CrowdStrike and Microsoft. 

 

Keytronic reports losses of over $17 million after ransomware attack

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. The American technology company started as an Original Equipment Manufacturer (OEM) of keyboards and mice in 1969 but has since become one of the largest manufacturers of printed circuit board assembly (PCBA) worldwide, with facilities in the United States, Mexico, China, and Vietnam. In a Friday filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said it detected the incident on May 6 after disruptions at its Mexico and U.S. sites impacted business applications supporting bot operations and corporate functions.

 

Every Microsoft employee is now being judged on their security work

Microsoft made it clear earlier this year that it was planning to make security its top priority, following years of security issues and mounting criticisms. Starting today, the software giant is now tying its security efforts to employee performance reviews. Kathleen Hogan, Microsoft’s chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. “Everyone at Microsoft will have security as a Core Priority,” says Hogan. “When faced with a tradeoff, the answer is clear and simple: security above all else.”

 

Ford wants patent for tech allowing cars to surveil and report speeding drivers

Ford Motor Company is seeking a patent for technology that would allow vehicles to track the speed of surrounding cars, photograph them and relay detailed information to police, making it easier for law enforcement to surveil action on the road. The patent application, filed with the U.S. Patent and Trademark Office on July 18, is titled “Systems and Methods for Detecting Speeding Violations,” and describes how photographs of speeding cars would be packaged in a report that includes the time, location and speed of an offending vehicle. That report would be sent via the internet to automated trackers placed along the road, Ford’s patent application says, allowing the digest to be easily shared between police officers.

Related Posts