This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

18th August 2003: The Nachi worm began infecting Windows computers to remove the Blaster worm and patch the vulnerability Nachi and Blaster exploited. Yes, you read that right. Yes, this happened. Gotta love it!

https://twitter.com/todayininfosec/status/1163142725740331008

17th August 2007: Drew Curtis, founder of http://Fark.com, accused Darrell Phillips, reporter at Fox13, of hacking into the social networking news site

On getting farked?

https://twitter.com/todayininfosec/status/1162868155015761920

Rant of the Week

PC store told it can't claim full cyber-crime insurance after social-engineering attack

A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.

SJ Computers alleged in a November lawsuit [PDF] that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.

According to its website, SJ Computers is a Microsoft Authorized Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.

Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted [PDF] with prejudice last Friday.

Billy Big Balls of the Week

Janet Jackson music video declared a cybersecurity exploit

The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.

"A colleague of mine shared a story from Windows XP product support," wrote Microsoft blogger Raymond Chen.

The story detailed how "a major computer manufacturer discovered that playing the music video for Janet Jackson's Rhythm Nation would crash certain models of laptops."

Further investigation revealed that multiple manufacturers' machines also crashed. Sometimes playing the video on one laptop would crash another nearby laptop. This is mysterious because the song isn't actually that bad.

Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive.

"It turns out that the song contained one of the natural resonant frequencies for the model of 5400 RPM laptop hard drives that they and other manufacturers used," Chen wrote.

The manufacturer that found the problem apparently added a custom filter in the audio pipeline to detect and remove the offending frequencies during audio playback.

CVE-2022-38392

Industry News

Critical Infrastructure at Risk as Thousands of VNC Instances Exposed

Three Extradited from UK to US on $5m BEC Charges

Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels

Water Company Says Supply Safe After Ransom Group Claims

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data

Bug Bounty Giant Slams Quality of Vendor Patching

Suspected Russian Money Launderer Extradited to US

Hackers Deploy Bumblebee Loader to Breach Target Networks

Tweet of the Week

https://twitter.com/dildog/status/1560025574437015553

Come on! Like and bloody well subscribe!