AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/25/2019

Avid Users Are Suddenly Finding That Their Macs Won’t Boot

Avid video editors have started reported that when they shutdown their Macs, they will no longer boot up afterwards.  It is not known exactly what is causing this issue, but it appears to be affecting older versions of Mac OS X who have the Avid Media Creator software installed. As reported by Variety, film and TV editors all over the world suddenly found yesterday that after shutting down, they could no longer boot their Macs if they had Avid Media Composer installed on the computer. 


Kik Messenger Shutting Down as Company Pivots to Focus on ‘Kin’ Cryptocurrency

Kik Messenger CEO Ted Livingston has announced that the iOS and Android messaging service will be shut down. The decision to shutter Kik was made not because the app receives poor engagement or user downloads, but because the company is in the midst of a legal battle with the SEC over its “Kin” cryptocurrency. In a blog post, Livingston explained that at this point Kik is one of the largest apps in the United States, with industry leading engagement amid a recent growth period over the past few months. Nevertheless, the team has decided to shut down Kik, reduce the company from over 100 employees to just 19, and focus on converting more users into Kin buyers.


Verizon’s Incident Preparedness And Response Report Urges Businesses To ‘Be Prepared, Be Proactive And Practice, Practice, Practice’

Businesses are more aware than ever of how cybercrime could impact their reputation, and their bottom line. Annual reports such as the Verizon Data Breach Investigations Report and the Verizon Insider Threat Report continue to flag those cyber-threats and trends that should be on every organization’s radar. However, while knowledge is essential in understanding the cyber-threat landscape, being prepared to deal with a cyber-security incident requires a much more comprehensive approach.


Amazon, Microsoft, Salesforce, and others launch initiative to bring multiple voice assistants to devices

Amazon and more than 30 other industry partners hope to give consumers more choice in voice services. To this end, they together announced the Voice Interoperability Initiative this morning, a new program to ensure that voice-enabled products like smart speakers and smart displays provide users with “choice and flexibility” through multiple, interoperable intelligent assistants.


New file-encrypting attack has links to GandCrab malware

A new form of ransomware shares a number of links with the GandCrab malware according to security company researchers, even though the developers of that infamous piece of ransomware earlier this year claimed to have retired. Now security researchers in the Secureworks Counter Threat Unit have detailed what they believe to be links which demonstrate that the developers of GandCrab – who they refer to as Gold Garden – are also responsible for REvil, which could have started life as a new version of GandCrab.


Several months after the fact, CafePress finally acknowledges huge data theft to its customers

Several CafePress punters told us they had received an email this morning warning them the company had lost customer names, emails, physical addresses, phone numbers and unencrypted passwords. Some customers have also had the last four numbers of payment cards and expiry dates nabbed by hackers. The email, addressed to “Dear Valued Customer”, says that the incident happened “on or about February 19”. But fear not: “We have been diligently investigating this incident with the assistance of outside experts.”


27 Countries Issue Joint Statement on ‘Advancing Responsible State Behavior in Cyberspace’

The joint statement was released on Monday at the United Nations ahead of the UN General Assembly’s General Debate calling on all states to support the evolving framework and to join in ensuring “greater accountability and stability in cyberspace.” Kevin Collier reporting in CNN: “While views of what constitutes acceptable state-sponsored hacking vary, the US and its allies generally agree on a basic rules. It’s fair game for intelligence services to hack targets purely to spy and to attack military targets, but attacking civilian infrastructure or to give a country an economic advantage is off limits.” 


Microsoft releases out-of-band security update to fix IE zero-day & Defender bug

Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug. The updates stand out because Microsoft usually likes to stay the course and only release security updates on the second Tuesday of every month. The company rarely breaks this pattern, and it’s usually only for very important security issues.


Google Contractors Officially Vote to Unionize

Eighty Google contract workers in Pittsburgh employed by HCL America voted Tuesday to unionize with the United Steel Workers (USW). They will organize under the name Pittsburgh Association of Tech Professionals (PATP).The vote to unionize is historic for white collar tech workers, and could spur others in the industry to take similar action.


U.S. securities chief ‘not prepared’ to say if Facebook’s Libra a security

The head of the U.S. Securities and Exchange Commission repeatedly refused to tell a congressional panel on Tuesday whether or not Facebook’s Libra would be regulated as a security under his watch.  Appearing alongside other SEC commissioners before the House Financial Services Committee, Chairman Jay Clayton said that while he had not yet discussed Facebook’s digital currency plan with the social-media giant, he has an “open door” policy. Asked directly if he believed Libra would be a security, he said, “I’m not prepared to make a decision like that here.”


Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites

An anonymous security researcher has published details about a zero-day in vBulletin, today’s most popular internet forum software. Because of this individual’s actions, security experts are now concerned that the publication of details about this unpatched vulnerability could trigger a wave of forum hacks across the internet, with hackers taking over forum installations and stealing user information in bulk, as a result.


Related Posts