AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/30/2024

Microsoft: Windows Recall now can be removed, is more secure

Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. Today’s announcement comes in response to customer pushback requesting stronger default data privacy and security protections, which prompted the company to delay its public release by making it first available for preview with Windows Insiders. Redmond also previously revealed that customers would have to opt-in to enable Recall on their computers and that authentication via Windows Hello would be required to confirm the user’s presence in front of the PC.

 

Meta fined $101 million for storing hundreds of millions of passwords in plaintext

The social media giant Meta has been fined €91 million ($101 million) for accidentally storing hundreds of millions of its users’ passwords in plaintext instead of in an encrypted format on its internal systems. Meta first announced discovering the engineering mistake back in 2019. At the time, the company stated it would be notifying everyone whose passwords were stored without protection although it stressed the passwords were only exposed internally at Meta, and there was no evidence that any of them had been abused.

 

Israel army hacked the communication network of the Beirut Airport control tower

The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian plane attempting to land, reported the MiddleEastMonitor website. The Lebanese Ministry of Transport instructed airport authorities to block the Iranian aircraft from entering Lebanese airspace in response to the hack. This decision followed Israeli military warnings about preventing weapons transfers to Hezbollah via Beirut’s airport. “We will not allow the transfer of weapons to Hezbollah in any form. We are aware of Iranian weapons transfers to Hezbollah, and we will work to thwart them,” Israeli army spokesman Daniel Hagari said in a statement. “We declare that we will not allow hostile aircraft carrying weapons to land at the civilian airport in Beirut. This is a civilian airport for civilian use, and it must remain that way,” he added.

 

California Gov. Gavin Newsom shoots down divisive AI safety bill SB 1047

California Governor Gavin Newsom shot down a sweeping bill that was proposed to impose safety vetting requirements on developers of the most powerful artificial intelligence models, taking the side of most though not all of Silicon Valley and a number of leading Democrats. In a message today explaining his decision, Newsom (pictured) argued that the SB 1047 bill doesn’t take into account whether or not AI systems are deployed in high-risk environments, are using sensitive data or involved in critical decision-making. “Instead, the bill applies stringent standards to even the most basic functions, so long as a large system deploys it,” Newsom said in a statement explaining his veto decision. “I do not believe this is the best approach to protecting the public from real threats posed by the technology.”

 

CISA Urges Action as Attackers Exploit Critical Systems Using Basic Tactics

The Cybersecurity and Infrastructure Security Agency (CISA) has once again raised alarms about the ongoing exploitation of operational technology (OT) and industrial control systems (ICS) across critical infrastructure sectors. The warning comes amid an active investigation into a cybersecurity incident at the City of Arkansas’s Water Treatment Facility, which was targeted early Sunday on 22 September, 2024. While the City of Arkansas City has reassured residents that its water supply remains safe and operations continue uninterrupted, the incident shines a light on the fact that malicious actors are targeting vital OT/ICS systems using relatively unsophisticated methods.

Related Posts