Windows downloads blocked in Russia
Russia’s TASS news agency reported that users in Russia can no longer download Windows 10 or 11 image files and installation tools for Microsoft. Bleeping Computer confirmed this finding using a VPN server located in the country. Users attempting to reach these assets from Microsoft either receive a 404 error or a warning that “There was a problem with your request.” There has been no statement from Microsoft why these downloads appear to be blocked, so it could be either a technical mistake or an intentional effort. The company has said it would meet its contractual obligations in Russia, while suspending all sales in Russia since March and scaling back its operations in the country.
The importance of receipts
When a reader passed on a sign from a Missouri Jimmy John’s that was closed due to a fraud scam, Brian Krebs thought it was related to a Business Email Compromise scheme. But after investigating, he found a decidedly more low-tech approach that proved costly to the establishment. The store’s owner noticed that after agreeing to give a husband-and-wife manager team two days off, the cash receipts at the end of the nights were “substantially larger” than when he wasn’t at the till, something that proved consistent over several weeks. He found that one of the managers would take an order at the drive-thru, make change for the transaction, but then delete the order before it could be completed in the system. He estimated the employees stole almost $100,000 in cash receipts. Krebs notes that businesses looking for a discrete law enforcement response should contact the IRS, who are obligated to investigate all notifications from employers about unreported income.
Chrome extensions can be used for fingerprinting
There have long been ways to use browser information to fingerprint users. However a web developer who goes by ‘z0ccc’ released the site “Extension Fingerprint,” which can generate a tracking hash based on a browser’s installed Chrome extensions alone. Some extensions use a secret token that is required for external pages to view if it’s installed, but z0ccc found that comparing loading times for the protection extensions can reveal which ones are installed. Bleeping Computer found that installing 3 to 4 extensions brough the percentage of users with the same extensions to as low as 0.006%. The approach works for Chrome and Edge browsers, but not on Firefox, which use unique Firefox extension IDs for every browser instance. The developer claims that while every browser can’t be uniquely identified by extensions alone, it could be easily combined with other information to create a truly unique ID.
TikTok migrates to Oracle
TikTok announced “100% of US user traffic is being routed to Oracle Cloud Infrastructure.” This announcement doesn’t materially change the location of data storage for the popular app, as it was already storing US user data domestically, and maintained that it didn’t share data with the Chinese government. Backups of US user data remain in Singapore, but the company plans to “fully pivot” to Oracle server in the US, and eventually delete all US users’ private data from its own data centers. A TikTok spokesperson also said that with this shift, it’s taken measures to minimize data access across regions.
(Cnet)
Thanks to today’s episode sponsor, Optiv
• Increasing security
• Decreasing risk
• Lowering cost
Learn more at www.optiv.com/IAM-Microsoft.
Flagstar discloses another data breach
The bank notified 1.5 million customers of the breach. This occurred back in December, when intruders breached its corporate network. The bank discovered on June 2nd that threat actors accessed names, social security numbers, and other sensitive customer information. Flagstar said it alerted law enforcement and did not see any signs of misuse of the data. No word on exactly what data was accessed and why it took six months to discover. This is the second major data breach by Flagstar in as many years, with the ransomware gang Clop accessing its servers through an Accellion FTA zero-day, which resulted in names, tax records, and Social Security numbers exposed on its leak site.
Solend protocol reverses user takeover vote
We’ve seen a number of crypto firms struggling with liquidity issues as the crypto market has declined. Over the weekend, the Solend lending protocol based on Solana, held a governance vote that approved taking over a large user loan to prevent an on-chain liquidation event. This came from an unknown user who held a $108 million stablecoin loan backed up by 5.7 million Solana tokens worth $170 million. This user had 95% of the token collateral in Solend’s main pool, which would liquidate if SOL dropped significantly. After receiving criticism from commentators that this undermined the decentralized nature of the project, a second governance vote was held, with 99% voting to invalidate the prior proposal.
Capital One hacker found guilty
A jury found former Amazon software engineer Paige Thompson guilty of seven federal crimes in relation to her 2019 hack of Amazon Web Services accounts, including wire fraud, illegally accessing a protected computer and damaging a protected computer. Thompson created a tool to search for misconfigured accounts on AWS, letting her access accounts from 30 Amazon clients, including Capital One. This access eventually led her to obtain 120,000 Social Security numbers and 77,000 bank account numbers. She also used those servers to mine cryptocurrency. As part of the extensive paper trail left by Thompson, prosecutors found her bragging about the heist on GitHub. She is set to be sentenced on September 15th.
(CNBC)
You “Should Have Patched” Tuesday update
CISA informed organizations that AutomationDirect patched several high-severity vulnerabilities in their programmable logic controller and human-machine interface products, commonly used in industrial control systems. Google’s Project Zero disclosed an Apple Safari vulnerability being actively exploited in the wild, which was initially patched in 2013 but reintroduced with a bypass in 2016, and then patched by Apple in February 2022. Ninja Forms released a back-ported security update to its popular WordPress plugin to patch a code injection vulnerability, believed to be actively exploited.
(Security Week, Security Affairs [1,2])