Polonium APT targets Israel with a new custom backdoor dubbed PapaCreep
The APT group has been employing custom backdoors in attacks aimed at Israeli entities since at least September 2021. Focusing only on Israeli targets, it has launched attacks against organizations in engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. According to Security Affairs, “Microsoft MSTIC researchers believe that the attackers were coordinated with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap and TTPs. This circumstance is confirmed by revelations that emerged in the last couple of years that the Iranian government is using cyber mercenaries for its operations. MSTIC has observed POLONIUM active on or targeting multiple organizations that were previously compromised by Iran-linked MuddyWater APT (aka MERCURY).”
UK government urges action to enhance supply chain security
“Strengthen your supply chain security!” is the message the UK government has for organizations. Its National Cyber Security Centre (NCSC) has issued the alert along with specific guidance as a response to increased supply chain attacks such as the SolarWinds incident in 2020. “Aimed at medium-to-large organizations, the document sets out practical steps to better assess cybersecurity across increasingly complex supply chains. This includes a description of typical supplier relationships and ways that organizations are exposed to vulnerabilities and cyber-attacks via the supply chain, and the expected outcomes and key steps needed to assess suppliers’ approaches to security.”
Digital license plates legalized in California
The pilot program is now complete and the state of California has now legalized digital license plates for private and commercial vehicles. The E Ink digital license plates known as the Rplate, are manufactured by California-based company Reviver. According to The Register, “it can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.”
Thanks to this week’s episode sponsor, Noname Security
Signal will remove support for SMS text messages on Android
Signal will be phasing out SMS and MMS message support from its Android app. This is being done in order to streamline the user experience and prioritize security and privacy. As Bleeping Compuer writes, “while this announcement may surprise those who don’t know Signal can also be used to manage this type of text message, the Signal for Android app could be configured as the default SMS/MMS app since its beginning as TextSecure, an app that used the Axolotl Ratchet protocol.” The company stated, in a blog published yesterday, “We have now reached the point where SMS support no longer makes sense.”
Australian Insurer Medibank hit by targeted cyberattack
The Australian private health insurer in Australia with 3.7 million customers confirmed that it had to take some systems offline and restart them. Medibank provides insurance coverage for accident, hospital stays, optical health, dental work, and more – didn’t provide further details about how the attack played out.
NHS vendor Advanced confirms patient data loss, but remains tight lipped
Following up on a story we brought you in August, the IT service provider for the U.K.’s National Health Service (NHS), named Advanced, has confirmed that attackers stole data from its systems during the August ransomware attack, but refuses to say if patient data was compromised. The attack affected a number of the NHS services, including its Adastra patient management system, used for non-emergency call handlers dispatch ambulances and helps doctors access patient records, and Carenotes, used by mental health trusts for patient information. In an update dated October 12, Advanced said the malware used in the attack was LockBit 3.0.
Meta’s VR headset harvests personal data right off your face
Meta’s latest VR headset, the Quest Pro, includes a set of five inward-facing cameras that watch a person’s face to track eye movements and facial expressions, allowing their avatar to reflect their expressions, more realistically. Researcher Luke Stark, an assistant professor at Western University, in Canada, stated in an interview with Wired, that he suspects that the default “off” setting for face tracking won’t last long and that, “It’s been clear for some years that animated avatars are acting as privacy loss leaders,” he said. Eye-tracking and facial-expression privacy notices that the company published this week state that although raw images get deleted, insights gleaned from those images may be processed and stored on Meta servers.
(Wired)