This blog is an update to the Global security news and provides you with information regarding Leaks and Breaches, Identity News, Facial Recognition, Technical Updates, Toolkits and White Papers
Leaks and Breaches:
Breaches:
AU: Data of 300k digiDirect customers leaked in alleged attack - https://www.csoonline.com/article/3543250/data-of-300k-digidirect-customers-leaked-in-alleged-attack.html
Data Breach at Hungarian Headhunting Company, Switch
https://telex.hu/techtud/2024/10/01/kiberbiztonsag-adatvedelem-adatszivargas-szemelyes-adatok-switch-it-fejvadasz-ceg (in Hungarian)
Dutch Police Hacked, 63,000 Officers’ Details Exposed
Fan forum leaks Miami Dolphins supporters’ private messages
AU: Radiology provider exposed tens of thousands of patient files
Comcast and Truist Bank customers caught up in FBCS data breach
Ransomware:
Patelco Credit Union Data Breach Impacts Over 1 Million People
Other Breaches:
Unsecured WordPress folder exposes ChoiceDNA records
Bitcoin Whale Loses $238M in Shocking Hack: Is the Crypto Industry Facing a Security Crisis?
Red Barrels suffers cybersecurity incident, production timeline hit significantly
LEGO's website hacked to promote fake cryptocurrency
Zero-Day Breach at Rackspace Sparks Vendor Blame Game
U.S. Wiretap Systems Targeted in China-Linked Hack
IN: Uttarakhand: Cyberattack cripples entire IT system of state
Identity News:
Germany to develop state-run European digital identity wallet
Digital Identity Observatory issues model on EUDI wallet adoption in the private sector
Zetrix Launches Chinese Digital ID Identity Verification Service on ZCert
EFF to Fifth Circuit: Age Verification Laws Will Hurt More Than They Help
23andMe is on the brink. What happens to all its DNA data?
US: Voter ID kerfuffles erupt across US, as Republicans reject digital ID
US: Governments need digital ID verification strategies to beat rampant fraud
Humanity Protocol launches testnet
Papua New Guinea advances digital ID, wallet and govt platform to pilot
Bosnia is leapfrogging neighbors with digital ID wallet launch: Identyum CEO
Wallet wars or digital public infrastructure? Orchestrating a digital identity data ecosystem from a government perspective
Facial Recognition:
Call for probe into Police Scotland's 'Orwellian' plan to use AI and facial recognition technology
Police arrest two Chelmsford women using new technology
England hooligan banned after first use of face technology overseas
https://www.thetimes.com/sport/football/article/england-football-hooligan-banned-euro-2024-9wfx0z3fn
UK police organized crime unit seeks new facial recognition software
‘No human could do this’: how facial recognition is transforming policing
US: Police seldom disclose use of facial recognition despite false arrests
US: Maryland Policy Will Dictate Police Use of Facial Recognition
US: MLB Hopes Facial Recognition Program Scores With Fans
Hong Kong plans to install thousands of surveillance cameras. Critics say it’s more proof the city is moving closer to China
India to pilot Digi Yatra for foreign nationals in 2025
Ryanair's use of biometric 'verification' including facial recognition to be investigated by DPC
Other News:
How 2 Students Used The Meta Ray-Bans To Access Personal Information
Brazil’s Drex CBDC: Innovating Decentralization, Privacy, and Programmability
PayPal Completes Its First Business Transaction Using Stablecoin
World Wide Web Foundation closes so Tim Berners-Lee can spend more time with his protocol
California Adds Neural Data to Consumer Privacy Law Protections
https://www.extremetech.com/internet/california-adds-neural-data-to-consumer-privacy-law-protections
Detroit Cops Misused ALPR Tech To Seize An Innocent Person’s Car For Three Weeks
Cloudflare reports mitigation of largest documented DDoS attack at 3.8 Tbps
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders
Hackers pose as British postal carrier [Royal Mail] to deliver Prince ransomware in destructive campaign
Computer Scientists Combine Two ‘Beautiful’ Proof Methods
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
We hacked a robot vacuum — and could watch live through its camera
MoneyGram and Post Office split after cybersecurity incident
https://www.paymentscardsandmobile.com/moneygram-and-post-office-split-after-cybersecurity-incident/
Google Pay alarms users with accidental ‘new card’ added emails
FCA fines Starling Bank due to financial crime failings
Technical:
SB24-274: Vulnerability Summary for the Week of September 23, 2024
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns
When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users
Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale
New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing
Operation WordDrone – Drone manufacturers are being targeted in Taiwan
The PrintNightmare is not Over Yet
Exploiting trust: Weaponizing permissive CORS configurations
Vesta Admin Takeover: Exploiting Reduced Seed Entropy in bash $RANDOM
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Obfuscating API Patches to Bypass New Windows Defender Behavior Signatures
FIN7 hosting honeypot domains with malicious AI DeepNude Generators – New Silent Push research
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Effective Fuzzing: A Dav1d Case Study
Finding a needle in a haystack: Machine learning at the forefront of threat hunting research
VMK extractor for BitLocker with TPM and PIN
Network traffic large model TrafficLLM
Modern iOS Pentesting: No Jailbreak Needed
SMTP downgrade attacks and MTA-STS
Web PKI: How to protect a popular security service?
SIM / USIM cards
Portable Hacking Lab: Control The Smallest Kali Linux With a Smartphone
MikroPhone – Open, Secure, Simple Smartphone
OpenID Connect specifications published as ISO standards
Tools:
WhoYouCalling - Records an executable's network activity into a Full Packet Capture file (.pcap)
Venator - A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm
EchoStrike – a Go-based tool for ethical hacking and Red Team operations
Nameless C2 - A C2 with all its components written in Rust
better-auth - The most comprehensive authentication library for TypeScript
Slack-watchman - Slack enumeration and exposed secrets detection tool
cloudprefixes - a lightweight tool designed to assist in recon by handling IP prefixes published by cloud and hosting providers
Halberd - Multi-Cloud Security Testing Tool to execute a comprehensive array of attack techniques across multiple surfaces via a simple web interface.
kamal - Deploy web apps anywhere
Papers:
Audit: Enhancing Productivity with AI During the Development of an ISMS: Case Kempower
Cloud: OnePath: Efficient and Privacy-Preserving Decision Tree Inference in the Cloud
Crypto: Bit Security: optimal adversaries, equivalence results, and a toolbox for computational-statistical security analysis
Crypto: Key Collisions on AES and Its Applications
Crypto: Challenges in Timed-Cryptography: A Position Paper
Crypto: Robust AE With Committing Security
Crypto: Breaking, Repairing and Enhancing XCBv2 into the Tweakable Enciphering Mode GEM
Crypto: A Simple Framework for Secure Key Leasing
Crypto: Fiat-Shamir in the Wild
Crypto: How to Recover the Full Plaintext of XCB
Crypto: Partial Exposure Attacks on a New RSA Variant
DNS: Networking: DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names
DNS: DomainHarvester: Harvesting Infrequently Visited Yet Trustworthy Domain Names
E-Money: Security Perceptions of Users in Stablecoins: Advantages and Risks within the Cryptocurrency Ecosystem
E-Money: Anchoring UK Retail Digital Money
Identity: Revisiting Keyed-Verification Anonymous Credentials
Identity: A Systematisation of Knowledge: Connecting European Digital Identities with Web3
Identity: Unlocking Digital Identity Insights from Use Cases for Enhanced Implementation, Trustworthiness and Individual Empowerment
IoT: Machine Learning-Assisted Intrusion Detection for Enhancing Internet of Things Security
Lattice: Lattice-Based Vulnerabilities in Lee Metric Post-Quantum Cryptosystems
Legal: From Global Standards to Local Safeguards: The AI Act, Biometrics, and Fundamental Rights
Machine-Learning: Privacy Attack in Federated Learning is Not Easy: An Experimental Study
Machine-Learning: Efficient Backdoor Defense in Multimodal Contrastive Learning: A Token-Level Unlearning Method for Mitigating Threats
Machine-Learning: Fine-Tuning Personalization in Federated Learning to Mitigate Adversarial Clients
Mobile: Decoding Android Malware with a Fraction of Features: An Attention-Enhanced MLP-SVM Approach
Mobile: Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study
Mobile: MaskDroid: Robust Android Malware Detection with Masked Graph Representations
Networking: Revolutionizing Payload Inspection: A Self-Supervised Journey to Precision with Few Shots
Networking: Adversarial Challenges in Network Intrusion Detection Systems: Research Insights and Future Prospects
Neural Nets: Membership Privacy Evaluation in Deep Spiking Neural Networks
Neural Nets: Nonideality-aware training makes memristive networks more robust to adversarial attacks
Neural Nets: “No Matter What You Do!”: Mitigating Backdoor Attacks in Graph Neural Networks
Privacy: Federated Online Prediction from Experts with Differential Privacy: Separations and Regret Speed-ups
Privacy: Differentially Private Bilevel Optimization
Privacy: Differentially Private Active Learning: Balancing Effective Data Selection and Privacy
Quantum: Hard Quantum Extrapolations in Quantum Cryptography
Quantum: A New World in the Depths of Microcrypt: Separating OWSGs and Quantum Money from QEFID
Quantum: Quantum Fast Implementation of Private Information Retrieval and Functional Bootstrapping
Quantum: The Role of piracy in quantum proofs
Quantum-Crypto: Quantum Cryptography from Meta-Complexity
Quantum-Crypto: Interfering-or-not-interfering quantum key distribution with advantage distillation
SecMisc: Towards Personal Data Sharing Autonomy: A Task-driven Data Capsule Sharing System
SecMisc: Adaptive Exploit Generation against Security APIs
SecMisc: LightSC: The Making of a Usable Security Classification Tool for DevSecOps
SecMisc: Alignment of Cybersecurity Incident Prioritisation with Incident Response Management Maturity Capabilities
Social Networks: Architecture for Protecting Data Privacy in Decentralized Social Networks
SQL: Evaluating Leakage Attacks Against Relational Encrypted Search
SQL: Findex: A Concurrent and Database-Independent Searchable Encryption Scheme
SQL: Understanding Leakage in Searchable Encryption: a Quantitative Approach
SSO: Formal Security Analysis of the OpenID FAPI 2.0 Family of Protocols: Accompanying a Standardization Process
TEEs: TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems
TLS: Clid: Identifying TLS Clients With Unsupervised Learning on Domain Names
Comments