AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/3/2024

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Cybersecurity researchers say they’ve found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights. Ian Carroll and Sam Curry worked on the findings together after the Known Crewmember (KCM) queue caught their attention at an airport during their routine travel. The lane can sometimes be seen at airports and it allows verified pilots and crew to skip the often lengthy security queues, courtesy of a Transportation Security Administration (TSA) initiative.

 

Researcher sued for sharing data stolen by ransomware with media

The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City’s IT network and leaked by the Rhysida ransomware gang. Columbus, the capital and most populous (2,140,000) city in Ohio, suffered a ransomware attack on July 18, 2024, which caused various service outages and unavailability of email and IT connectivity between public agencies. At the end of July, the City’s administration announced that no systems had been encrypted, but they were looking into the possibility that sensitive data might have been stolen in the attack.

 

CrowdStrike exec will testify to Congress about July’s global IT meltdown

A senior CrowdStrike executive will testify before the House Homeland Security Committee next month about the IT outage that grounded planes and workplaces to a halt globally on July 19th. Adam Meyers, CrowdStrike’s senior vice president of counter adversary operations, has agreed to appear before the panel on September 24th at 2PM ET, the committee announced. Committee leaders had previously called on CEO George Kurtz to testify, but he’s not currently listed as a witness.

 

Green Berets storm building after hacking its Wi-Fi

US Army Special Forces, aka the Green Berets, have been demonstrating their hacking chops in the recent Swift Response 24 military exercises in May, the military has now confirmed. The elite team, one of whose remits is unconventional warfare, includes Operational Detachment Alpha (ODA), highly trained, mature soldiers with intensively honed skills. These now include hacking, as the military demonstrated with a target building near Skillingaryd in Sweden stormed by members of the 10th Special Forces Group.

 

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months. Microsoft, which detected the activity on August 19, 2024, attributed it to a threat actor it tracks as Citrine Sleet (formerly DEV-0139 and DEV-1222), which is also known as AppleJeus, Labyrinth Chollima, Nickel Academy, and UNC4736. It’s assessed to be a sub-cluster within the Lazarus Group (aka Diamond Sleet and Hidden Cobra).

Related Posts