Ransomware gangs switching to new intermittent encryption tactic
More and more ransomware groups are now using a technique to encrypt victims’ systems faster while reducing the chances of being caught. Called intermittent encryption, the technique involved encryption of just parts of victims’ content, which makes the data unrecoverable but which does not need a valid decryptor. As Bleeping Computer writes, “by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good. Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.”
Firmware bugs in many HP computer models left unfixed for over a year
The bugs, which all carry high-severity ratings, affect HP Enterprise devices. They are not as yet patched, even thought they have been public knowledge since July 2021. Firmware flaws are noted to be especially dangerous because “they can lead to malware infections that persist even between OS re-installations, or allow long-term compromises that would not trigger standard security tools.” The vendor has not yet released security updates for its impacted models. The researchers at Binarly “reported three bugs to HP in July 2021 and the other three in April 2022, giving the vendor four months and a full year, respectively, to push updates for all affected devices.”
U.S. SEC to set up new office for crypto filings
The SEC is going to establish set up two new offices “to deal with filings related to crypto assets and the life sciences sector,” the agency announced on Friday. Named the “Office of Crypto Assets” and the “Office of Industrial Applications and Services,” these departments will connect with seven other offices within the Securities and Exchange Commission (SEC) department which handles corporate disclosure filings.
(Reuters)
Draft EU AI Act regulations could have a chilling effect on open-source software
The American think tank Brookings suggests that these new rules, put out by the European Union with the goal of regulating AI, could instead prevent developers from releasing open-source models. The proposed EU AI Act, yet to be signed into law, says that open source developers must ensure their AI software is accurate, secure, and that the companies must be transparent about risk and data use in clear technical documentation. Brookings suggests “if a private company were to deploy the public model or use it in a product, and it somehow gets in trouble, the company would then probably try to blame the open source developers and sue them.” This, they say, “might force the open source community to think twice about releasing their code, and would, leave the development of AI to be driven by private companies.”
Thanks to our episode sponsor, Edgescan
Student loan breach exposes 2.5M records
Two student loan authorities, EdFinancial and the Oklahoma Student Loan Authority (OSLA) are now notifying over 2.5 million loanees that their personal data has been exposed in a data breach. They said the target of the breach was Nelnet Servicing, which functions as a servicing system and web portal provider for the loan organizations. Nelnet revealed the breach to affected loan recipients on July 21, 2022 via a letter, but no mention has been made as to the cause of the vulnerability and the breach.
FCC proposes cybersecurity changes to emergency alert system
Following up on a story we brought you a month ago, Federal Communications Commission (FCC) chair Jessica Rosenworcel “has proposed several changes to the U.S. Emergency Alert System (EAS) and Wireless Emergency Alerts, designed to beef up the cybersecurity of the systems” following the discovery last month by FEMA of vulnerabilities. The systems are designed to assist the federal government, the president or state-level officials to send out emergency warnings about issues such as potential weather events or AMBER alerts. FEMA’s warning stated that the vulnerabilities could enable threat actors to issue alerts over TV, radio, and cable networks.
Code conference discussion calls for TikTok ban
This year’s Code Conference in Los Angeles, featured some of the world’s top tech and media CEOs, along with prominent political voices, sharing their concerns about the power, rapid growth and surveillance capabilities of the Chinese-owned TikTok. Some of them called for the platform to be banned altogether. TikTok was not present. “The reason why this has been so challenging for companies to respond to in the United States, but also around the world, is the scale of TikTok’s investment,” said Snap CEO Evan Spiegel, which recently laid off some 20% of its own workforce, adding, “what nobody had anticipated in the United States was the level of investment that ByteDance made into the U.S. market, and Europe, because it was just something that was unimaginable.”
(Forbes)
Last week in ransomware
A busy week in ransomware saw attacks against NAS devices, and IHG Hotel Group, parent company of Holiday Inn and Intercontinental, among others, disrupting their online reservation systems. Also attacked was technology infrastructure of the Los Angeles Unified School District, although schools remained open. The VICE Society claimed responsibility for the LA schools attack. We also saw some new ransomware research released this week, including Play, BlackCat, ex-Conti members targeting Ukraine, and a new Monti ransomware operation.