Ford says cars with WiFi vulnerability still safe to drive
The Ford Motor Corporation is warning of a buffer overflow vulnerability in its SYNC3 infotainment system that is built into used in many Ford and Lincoln vehicles, but it says that vehicle driving safety isn’t impacted. The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car’s infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame. The vulnerability affects a range of vehicles from the 2021-2022 model years. Ford says it will make a software patch available soon, which customers will be able to load on a USB stick and install on their vehicles.
Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack
This review board will examine the operation that caused the breach of Microsoft’s email authentication system that included the emails of many American officials. This announcement was made by the Department of Homeland Security on Friday. The Cyber Safety Review Board was established via presidential executive order in 2021 following the SolarWinds breach and was launched in early 2022. It plans to review the incident as part of a broader assessment of the “malicious targeting of cloud computing environments” in order to see how “government, industry, and Cloud Service Providers” can work together to “strengthen identity management and authentication in the cloud,” the agency said in a statement.
Knight ransomware distributed in fake TripAdvisor complaint emails
Knight ransomware is a rebrand of the Cyclop Ransomware-as-a-Service, which changed its name in July. This new email spam campaign pretends to be a TripAdvisor complaint. The emails include a ZIP file attachment or an HTML link. This leads to fake browser window that pretends to be a complaint submitted to a restaurant, asking the user to review it. However, clicking the ‘Read Complaint’ button will download an Excel XLL file which leads to file encryption.
Experts ask FTC to modernize health breach notification rules
The window for public comments regarding the Federal Trade Commission’s proposed changes to its health breach notification rules closed Tuesday. A number of consumer protection and privacy organizations asked for the adoption of these changes, mentioning the inadequacy of current health privacy regulations. Numerous apps collect health data and share it with third parties for marketing and other purposes, the agency said in a press release, and many of these practices are not covered by the narrowly defined Health Insurance Portability and Accountability Act. Changes proposed by FTC has proposed include revising several definitions to “clarify that the health breach notification rule can be applied to health apps and similar technologies not covered by HIPAA; clarifying that a ‘breach of security’ under the rule includes the unauthorized acquisition of identifiable health information triggered by a data security breach or an unauthorized disclosure; and expanding requirements for what consumers whose data has been breached should be told.”
Thanks to this week’s episode sponsor, Veza
New SystemBC malware variant targets southern African power company
A currently unknown threat actor is being linked to a cyberattack on a power generation company in “southern Africa” using a variant of the SystemBC malware called DroxiDat as a setup for a suspected ransomware attack. This is according to Kurt Baumgartner, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said. He points out that the attack, which took place in late March 2023, “was in its early stages and involved the use of DroxiDat to profile the system and proxy network traffic using the SOCKS5 protocol to and from command-and-control (C2) infrastructure.” Kaspersky has not yet named the country in question.
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
Following up on a story we brought you last week, it appears that every student who attended Colorado public schools between 2004 and 2020 had their personal information accessed by criminal hackers. The Colorado Department of Higher Education (CDHE) published a notice on Friday saying it had been attacked by a ransomware gang in mid-June. “Also affected are certain cohorts of higher education students, as well as some recipients of General Education Development certificates and teacher’s licenses.”
Zoom ZTP and AudioCodes phones flaws uncovered, exposing users to eavesdropping
Security vulnerabilities have been identified in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be exploited to conduct remote attacks. SySS security researcher Moritz Abrell said in an analysis published Friday, “an external attacker who leverages these vulnerabilities can gain full remote control of the devices.” This access could be used to eavesdrop on rooms or phone calls, move through devices and attack corporate networks, or even build a botnet of infected devices. The research was presented at the Black Hat USA security conference last week.
Last week in ransomware
Last week saw attacks on hospitals from the new ransomware gang Rhysida, which is believed to be behind the attacks on Prospect Medical Group, impacting 17 hospitals and 166 clinics across the United States. Additional reports described ransomware on TargetCompany, code leaks impacting the RaaS ecosystem, and a new threat actor that is using a customized version of Yashma ransomware. The Clop MOVEit data-theft story now includes Missouri’s Department of Social Services. Europol and the U.S. Department of Justice announced the takedown of the LOLEKHosted bulletproof hosting provider, specifying that that one of the people arrested had “facilitated Netwalker ransomware attacks by hosting storage servers for the gang.”