5G network security vulnerabilities discovered, impacting chipset vendors and smartphones
Discovered by researchers at the Singapore University of Technology and Design, the vulnerabilities exist within the firmware of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm. This means smartphones, CPE routers, and USB modems may be impacted. Named 5Ghoul, this is a group of 14 implementation-level vulnerabilities that threat actors can exploit to block or freeze connections. The vulnerabilities may also impact smartphones from vendors including Samsung, Apple, and Google.
SLAM Spectre-based vulnerability affects CPUs
This new side-channel attack is described as an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as similar processes in AMD and Arm CPUs. According to researchers from the Vrije University in Amsterdam, SLAM could be exploited to leak sensitive information from kernel memory. Quoted in The Hacker News, the researchers stated that while LAM is presented as a security feature, their study found that it “dramatically increases the Spectre attack surface, resulting in a transient execution attack, which exploits speculative execution to extract sensitive data via a cache covert channel.”
CISA adds Qlik bugs to exploited vulnerabilities catalog
Qlik is a data analytics tool used in government and large businesses, but when the two vulnerabilities are exploited together, they may allow threat actors to gain access, and in fact, the company itself stated in an advisory released December 5, that “it has received reports that this vulnerability may be being used by malicious actors.” The vulnerabilities added to the CISA KEV catalog are numbered CVE-2023-41266 and 41265 and that carry CVSS ratings of 8.2 and 9.6 respectively. Qlik also reminded users that their tools “should not be exposed to the public internet,” however, researcher Kevin Beaumont posted on Mastodon that Shodan searched have showed that many U.S-based organizations did have their instances thusly exposed.
(The Record and Qlik)
Cyberattack hits Irish water utility
This particular infrastructure attack hit a very small water utility in north western Ireland, that by its ow admission did not have the level of cybersecurity protection that the national waters utilities would have. According to the local news outlet, Westen People, the hackers targeted a Eurotronics water pumping system, and announced the hack by writing over the user interface. The attackers said they targeted the system due to it being made in Israel.
(Security Week and Western People)
Huge thanks to this week’s episode sponsor, Barricade Cyber Solutions
Outlook email users with many folders experience issues when sending
This is a new issue, recognized by Microsoft, in which users of Outlook for Microsoft 365 who maintain numerous nested folders in their primary mailbox sometimes receive a Non-Delivery Report (NDR) that includes the error code 0x80040305, upon sending emails. Microsoft says this issue is likely related to an older issue regarding mailboxes with more than 500 shared folders. The limit had been lifted in 2019, but according to Bleeping Computer, Microsoft may have failed to consider cases where users would also have that many folders in their primary mailbox.
Central Virginia transit system with possible ransomware
Another victim of the Thanksgiving holiday, the Greater Richmond Transit Company announced a network disruption that “temporarily impacted certain applications and parts of the GRTC network.” The outage was restored quickly, and GRTC has declined to clarify whether it was a ransomware attack and whether data was stolen. However, the Play ransomware group, which is known for targeting municipal infrastructure including Oakland and Dallas, have posted GRTC on its leak site along with a December 13 deadline for payment.
Booking.com suffers booking scam
Another variation on the hotel booking scam, thieves are targeting the accounts of Booking.com. According to researchers at SecureWorks, “customers of multiple properties received email or in-app messages from Booking.com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays.” Thsee victims were then directed to malicious URLs for inputting the information, which was then used to withdraw money from their accounts. An earlier version of this scam from September of this year involved an innocent email purportedly from a former guest, free of links or attachments, which was intended to gain a hotel employee’s trust. This would be followed by a second email with what was described as passport photos and scans of login details, but which also carried the Vidar infostealer.
Norton Healthcare says summer cyber security breach was a ransomware attack
The healthcare system that serves Kentucky and southern Indiana has now confirmed that a breach that occurred in May of this year was indeed a ransomware attack. In a press release, the company states that it does not believe the attackers accessed patient’s personal information, but they will send letters to those they think could have been affected. The breach, which affected network storage devices was accompanied by a fax communication containing threats and demands.