FBI uncovers Chinese and Huawei misdeeds
An ongoing investigation dating back to at least 2017 has seen federal officials investigating purchases made by Chinese organizations of land near critical infrastructure. The officials have been pursuing what they believed to be efforts to plant listening devices near sensitive military and government facilities. Among their discoveries: Chinese-made Huawei equipment installed on cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter quoted by CNN, “the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons.” In addition a proposed $100 million ornate Chinese garden at the National Arboretum in Washington DC included a pagoda, which investigators noted would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection.
(CNN)
5.4 million Twitter accounts available for sale
A threat actor who exploited a now-fixed vulnerability within the Twitter platform, has put the stolen data up for sale on a popular hacking forum. A report published on HackerOne in January claimed “the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options.” This bug was part of the authorization process of the Android Twitter client, part of the procedure of checking for duplication of a Twitter account. Twitter confirmed the existence of this vulnerability and awarded the bug hunter a $5,040 bounty. The flaw has since been patched.
Microsoft warns that new Windows updates may break printing
Microsoft has issued a warned in relation to this week’s optional preview updates, that temporary mitigation provided one year ago to address Windows Server printing issues on non-compliant devices will be removed, potentially causing “print and scan failures on multiple Windows Server versions after installing the July 2021 security updates on Windows domain controllers (DCs).” The known issue impacts printers, scanners, and multifunction devices non-compliant with CVE-2021-33764 hardening changes and using smart card (PIV) authentication.
Massive Microsoft 365 outage caused by faulty ECS deployment
Following up on a story we brought you last week, Microsoft has revealed, in a preliminary post-incident report, that last week’s 5-hour-long Microsoft 365 worldwide outage was triggered by “a faulty Enterprise Configuration Service (ECS) deployment that led to cascading failures and availability impact across multiple regions.” Per Bleeping Computer, “ECS is an internal central configuration repository designed to enable Microsoft services to make wide-scope dynamic changes across multiple services and features, as well as targeted ones such as specific configurations per tenant or user.” As a result, users worldwide began reporting that they could not use Microsoft Teams and multiple Microsoft 365 services or features.
Thanks to today’s episode sponsor, Snyk
Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.
Code, dependencies, containers, cloud infrastructure… all of it.
And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places.
Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.
Magecart serves up card skimmers on restaurant-ordering systems
Two separate Magecart campaigns have been skimming payment-card credentials of unsuspecting customers using three online restaurant-ordering systems, affecting over 300 restaurants that use the services and compromising up to 50,000 user cards so far, researchers have found. The campaigns have injected e-skimmer scripts into the online ordering portals of restaurants using three separate platforms: MenuDrive, Harbortouch, and InTouchPOS, researchers from Recorded Future revealed in a blog post this week. One appears to have begun last November, and the other in January.
Google fires software engineer who claimed AI chatbot was ‘sentient’
Last month, as we reported, “Google put a senior software engineer, Blake Lemoine, on paid administrative leave after he published a paper claiming that the company’s controversial artificial intelligence (AI) model, LaMDA (Language Model for Dialogue Applications) had become ‘sentient’ and was a self-aware person.” On Friday, Google publicly announced that it has now fired Lemoine for “violating the company’s confidentiality policy,” adding the engineer’s claims were “wholly unfounded” and that the company worked with him for “many months” to clarify this. Lemoine had posted an article on Medium in which he stated his conversations with LaMDA revealed the bot’s desire for rights and personhood as well as its fear of death from being shut down.
BMW’s heated seats as a service model has drivers seeking hacks
BMW owners are feeling hot under the collar in response to news that BMW will now charge owners a subscription to use the heated seats in their cars if they weren’t a paid-for option when new. The German carmaker has been “putting extra software-based features like high-beam assist behind a paywall for a couple of years now,” but heated seats are hardware that will not benefit from software updates or regular over-the-air upgrades. Rather than being a service, BMW’s move is being seen as a simple way to raise additional revenue. In the UK, the fee for heated BMW seats is the pound sterling equivalent of $18 a month, $180 a year, and for a new 1-series, they can only be ordered as part of a $720 “comfort pack.”
(Wired)
Last week in ransomware
New ransomware operations continued to appear, with tLuna ransomware targeting both Windows and VMware ESXi servers. The Conti ransomware gang “breached the Costa Rican government’s systems and that the FBI recovered $500,000 in ransoms paid by health care to the Maui ransomware operation”. Digital security firm Entrust, disclosed they suffered a security incident on June 18th that led to data being stolen.