AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/8/2024

This Attack Pushes Windows Update to the Dark Side

If a powerful program reached into your Windows operating system and made fundamental changes to its functionality, including changes to security, you might consider it a dangerous attack on system integrity. But when that powerful program is Windows Update, well, it’s just fine. Every month, sometimes more often, Windows Update does its thing. Alon Leviev, Security Researcher at SafeBreach, scrutinized the process for ways malware coders might misuse it. At the Black Hat conference here, he revealed multiple techniques that force Windows Update to downgrade system security.

 

Hackers Allegedly Steal Billions of Personal Records From Fla. Security Firm

A little-known company in Florida allegedly lost records on 2.9 billion individuals to hackers, according to a class-action lawsuit. National Public Data specializes in background checks and fraud prevention. But the data it collects appears to have ended up in the hands of a hacking group called “USDoD.” It began selling access to the stolen data in April, claiming to have info on users in the US, UK, and Canada. It has since been hit with a class-action lawsuit, Bloomberg Law reports. California resident Christopher Hoffman filed after his identity protection provider notified him that his personal data had been compromised in the breach. 

 

Ronin Network hacked, $12 million returned by “white hat” hackers

Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. This figure corresponds to the maximum amount of ETH and USDC that can be withdrawn from the bridge via a single transaction, so this critical security measure prevented the theft of potentially astronomical figures. The white-hat hackers informed the Ronin Network about an exploit on the bridge as they performed their attack demonstration. After verification, the bridge was paused for 40 minutes.

 

Apple to Address ‘0.0.0.0’ Security Vulnerability in Safari 18

Apple plans to block websites from attempting to send malicious requests to the IP address 0.0.0.0 on macOS Sequoia, according to Forbes. The means the change will be part of Safari 18, which will also be available for macOS Sonoma and macOS Ventura. This decision comes after researchers from Israeli cybersecurity startup Oligo Security said they discovered a zero-day security vulnerability that allows a malicious actor to access private data on a user’s internal private network. The researchers will present their findings this weekend at the DEF CON hacking conference in Las Vegas. “Exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors,” said Avi Lumelsky, a researcher at Oligo Security.

 

Pig-butchering scammer targets BBC journalist

BBC News cybersecurity journalist Joe Tidy has found himself in the unusual position of being targeted by a scammer calling herself “Jessica”, he revealed in a report this week. According to Tidy, someone posing as an attractive, 36-year-old woman claiming to be based in Chicago contacted him via Instagram. For weeks, “Jessica” would contact Tidy every day at around 4pm, oblivious to the fact that he was a cybersecurity correspondent with a history of researching scammers. “Jessica” did her best to flatter Tidy, describing him as “beautiful”.  According to the journalist, she was “very flirty.”

Related Posts