AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/6/2024

White House Outlines Plan for Addressing BGP Vulnerabilities

The White House on Tuesday outlined a plan for addressing internet routing security issues, particularly vulnerabilities associated with the Border Gateway Protocol (BGP).  BGP is the protocol used for exchanging routing information between autonomous systems (AS) on the internet. However, this critical component of the web was not created with security in mind and several potentially important vulnerabilities have come to light in the past years. They can enable threat actors to divert internet traffic, allowing them to cause disruption to critical infrastructure, obtain sensitive information, or conduct espionage.  And the risks associated with BGP are not only theoretical. In the real world, BGP issues have caused disruptions and threat actors have been known to abuse BGP, including in profit-driven campaigns. 

 

Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network

A hacker using the alias “HikkI-Chan” has leaked the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The hacker claims that the breach occurred in September 2024 and that the data is up to date. For your information, VK, or VK.com, is a popular social networking service based in Russia. The site functions similarly to Facebook and is one of the largest social media platforms in Russia and other Eastern European countries. VK.com was founded by Pavel Durov in 2006. Durov, a Russian entrepreneur, later co-founded the messaging service Telegram and was arrested in France last week over accusations related to Telegram moderation.

 

How Navy chiefs conspired to get themselves illegal warship Wi-Fi

Today’s Navy sailors are likely familiar with the jarring loss of internet connectivity that can come with a ship’s deployment. For a variety of reasons, including operational security, a crew’s internet access is regularly restricted while underway, to preserve bandwidth for the mission and to keep their ship safe from nefarious online attacks. But the senior enlisted leaders among the littoral combat ship Manchester’s gold crew knew no such privation last year, when they installed and secretly used their very own Wi-Fi network during a deployment, according to a scathing internal investigation obtained by Navy Times.

 

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

Planned Parenthood of Montana’s chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment. This comes as ransomware crew RansomHub boasted it had broken into the nonprofit, and stolen its data, which it is threatening to leak unless payment is made. According to Martha Fuller, CEO and president of the US state’s Planned Parenthood office, a network intrusion – or a “cybersecurity incident” as the org put it – was spotted on August 28. “We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure,” Fuller told The Register in an emailed statement.

 

New AI standards group wants to make data scraping opt-in

The first wave of major generative AI tools largely were trained on “publicly available” data—basically, anything and everything that could be scraped from the Internet. Now, sources of training data are increasingly restricting access and pushing for licensing agreements. With the hunt for additional data sources intensifying, new licensing startups have emerged to keep the source material flowing. The Dataset Providers Alliance, a trade group formed this summer, wants to make the AI industry more standardized and fair. To that end, it has just released a position paper outlining its stances on major AI-related issues. The alliance is made up of seven AI licensing companies, including music copyright-management firm Rightsify, Japanese stock-photo marketplace Pixta, and generative-AI copyright-licensing startup Calliope Networks. (At least five new members will be announced in the fall.)

Related Posts