Car audio manufacturer Clarion hacked – ALPHV claims responsibility
The Japan-based company that in addition to car audio, makes back-up cameras, navigation systems and video systems for vehicles including Suzuki, Toyota, Subaru, Ford, Volkswagen, was added to the ALPHV Tor-based victims list yesterday. ALPHV/Black cat claims it is in possession of “the engineering information of the company’s customers,” and adds that in 2 days the data will be “transferred to interested parties and partially posted in the public domain.” They included some screenshots as evidence.
High-ranking Egyptian politician targeted by Predator spyware
In their blog post, Citizen Lab stated that “recent attempts to hack former Egyptian lawmaker Ahmed Altantawy involved configuring his connection to the Vodaphone Egypt mobile network to automatically infect his devices with the Predator spyware if he visited certain websites not using the secure HTTPS protocol.” This comes after Altantawy announced a presidential bid. The discovery was made by Citizen Labs together with Google’s Threat Analysis Group. The spyware exploit chain was apparently sent to Altantawy’s phone via SMS and WhatsApp links from within Egypt.
(Security Week and Citizen Lab)
City of Dallas issues report on May cyberattack
The City of Dallas, which was hit by a ransomware in May of this year has released its report on the incident, stating, “the Royal ransomware group gained access to the City’s infrastructure using a stolen domain service account.” The report adds, “Royal was then able to traverse the internal City infrastructure during the surveillance period using legitimate third-party remote management tools.” The attack did not affect 911 operations, but PII of up to 30,000 people was affected. The city has approved $8.5 million for expenses related to mitigation of the attack.
Bermuda blames system outages on Russia-based attackers
The premier of Bermuda, David Burt, said on Thursday, that an attack that has affected internet service on the island can be attributed to threat actors based in Russia. The attack has slowed or stopped some government services such as payroll and vendor payments, and even brought the government’s own website down.
Thanks to this week’s episode sponsor, AppOmni
Hotel scam raises the stake in social engineering
A sophisticated social engineering-based theft campaign has been discovered by researchers at Perception Point and Akamai that significantly raises the stakes for hotels and those in the travel industry. In essence, a request to make or change a hotel reservation gives criminals access to travelers who are then sent a convincing email from that hotel urging them to send documents to a URL that leads to info-stealing malware. This then allows the criminals to point victims to a fake Booking.com site. The software behind the ruse contains sophisticated anti-analysis features to make detection difficult.
Details about Scattered Spider emerge
In further hotel-related cybersecurity news, the group behind the recent attacks on the Caesar’s and MGM hotel chains is being described by Palo Alto Networks as sophisticated and organized, and who use social engineering techniques to pose as employees who have lost their login details and worm their way in through the helpdesk. They are also skilled at bypassing MFA. Kevin Mandia, founder of Mandiant, points out that they are also ruthless, overwhelming security teams, leaving threatening messages and even Swating the homes of executives of the targeted companies. CrowdStrike estimates that many of its members are between 17 and 22 years old. There is still much mystery around the reach and impact of Scattered Spider around the world – Las Vegas was far from their only conquest. Wendi Whitmore, senior vice president at Palo Alto Networks’ Unit 42 describes them as similar to Lapsu$ in their operations.
(Reuters)
California court ruling on child online safety laws has ripple effects
A federal judge struck down the California Age-Appropriate Design Code (CAADC) last week on First Amendment grounds. But experts suggest this could lead to a “domino effect,” referring to laws in Connecticut and Florida that are similar to the CAADC in their own consumer privacy laws. The ruling may also have a negative effect on the Kids Online Safety Act, currently being negotiated by Congress.
DeadGlyph spies on the Middle East
Researchers at ESET have uncovered this backdoor being used for espionage by the Stealth Falcon group. Deadglyph uses numerous languages along with other counter-detection mechanisms. Stealth Falcon is a nation-state actor that has been active for over a decade and targets political activists and journalists in the Middle East.