AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/24/2024

Microsoft ends development of Windows Server Update Services (WSUS)

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. This move isn’t surprising, as Microsoft first listed WSUS as one of the “features removed or no longer developed starting with Windows Server 2025” on August 13. In June, the company also revealed that it would also soon deprecate WSUS driver synchronization. Introduced in 2005 as Software Update Services (SUS), WSUS allows IT administrators to manage and distribute updates for Microsoft products across large corporate networks that require consistent and controlled updates for large numbers of Windows devices. 

 

Hackers stole over $44 million from Asian crypto platform BingX

Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. In a post, the company said it detected abnormal network activity on September 20, 2024, at around 04:00 (UTC+8), indicating a potential hack targeting their hot wallet. BingX immediately responded to the incident, secured its asset transferring to a cold wallet and temporarily suspended the withdrawals. While there was a minor asset loss, the exact amount is still being calculated.

 

Hacker behind Snowflake customer data breaches remains active

The hacker behind the bulk of the Snowflake customer data theft earlier this year remains active as of this week, a researcher tracking the suspect said Friday. The hacker — known primarily “Judische,” but who also used other names online, including “Waifu” — continues to target software-as-a-service providers and other entities “as recently as today,” Austin Larsen, a senior threat analyst with Mandiant, said during a presentation at SentinelOne’s LABScon security conference. 

 

US to ban Chinese connected car software and hardware, citing security risks

The US government is readying its latest measure to defend local automotive manufacturing. In May, US President Joe Biden levied new 100 percent tariffs targeted at specific Chinese automakers. Now, the US Commerce Department is set to enact a de facto ban on most Chinese vehicles, by prohibiting Chinese connected car software and hardware from operating on US roads, according to Reuters. The rationale? National security concerns. “When foreign adversaries build software to make a vehicle [connected], that means it can be used for surveillance, can be remotely controlled, which threatens the privacy and safety of Americans on the road,” said Commerce Secretary Gina Raimondo.

 

So how’s Microsoft’s Secure Future Initiative going?

Microsoft took a victory lap today, touting the 34,000 full-time engineers it has dedicated to its Secure Future Initiative (SFI) since it launched almost a year ago and making public its first progress report on efforts to improve security in its products and services. As Register readers likely remember, SFI was rolled out in November 2023 following widespread criticism of Microsoft’s security failings – the most recent (at the time) being Chinese spies compromising tens of thousands of Microsoft-hosted email accounts belonging to government officials. That was before it came to light that Kremlin spies broke into Microsoft’s network and stole source code via an account that didn’t have multi-factor authentication (MFA) enabled.

 

Kaspersky deletes itself, installs UltraAV antivirus without warning

Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers’ computers across the United States and automatically replaced it with UltraAV’s antivirus solution. This comes after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees in response to the U.S. government adding Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations deemed a national security concern” in June. On June 20, the Biden administration also announced a ban on sales and software updates for Kaspersky antivirus software in the United States starting September 29, 2024, over potential national security risks.

Related Posts