Here’s a … not breach. SOCRadar responded to claims by a threat actor alleging the scraping of 330 million emails, confirming that their internal systems were not breached. The actor accessed the platform using a legitimate license, collecting publicly available email addresses from Telegram channels without exploiting any vulnerabilities. SOCRadar has found no risk to customer data and is enhancing security measures while maintaining communication with law enforcement. They are committed to client security and will provide updates as necessary.
A security researcher revealed at Black Hat 2024 that two zero-day vulnerabilities in Windows allow downgrade attacks, enabling attackers to “unpatch” fully updated systems and reintroduce old vulnerabilities. Microsoft has issued advisories for these vulnerabilities (CVE-2024-38202 and CVE-2024-21302) but has not yet released a fix. The downgrade attacks can compromise critical OS components and disable Windows virtualization-based security, making previously patched systems susceptible to exploitation. Microsoft is working on mitigations but acknowledges the significant implications for Windows and other operating systems.
Other highlights from DefCon and Black Hat included the hacking of Ecovac robots for surveillance, a security researcher’s infiltration of the LockBit ransomware gang, the development of a laser microphone for keystroke surveillance, and a prompt injection technique that exploits Microsoft Copilot. Additionally, vulnerabilities in ransomware leak sites helped save six companies from ransom payments.
Why do we care?
SOCRadar’s answer is certainly something. Not a breach, and using the product legitimately, email addresses were collected. And they’re enhancing security. Huh.
I’m thankful for ethical security researchers spending time on making infrastructure safer.
