In today’s cybersecurity news…
Recall redesign: reinforced and removable
Responding to customer reaction to the release of its new AI-powered feature, Microsoft has now announced improvements to Recall including stronger default protection and the ability for it to be removed, and that it will be an opt-in feature by default. Microsoft’s vice president for Enterprise and OS Security, David Weston, revealed on Friday that the revised release will also automatically filter sensitive content, and will allow users to exclude specific apps, websites, or private browsing sessions.
Storm-0501 moves ransomware attacks to cloud environments
Microsoft is warning that the threat actor is now focusing on hybrid cloud environments. This gang, which first appeared in 2021 is known to be an affiliate of the Sabbath ransomware operation, and has a number of malware tools in its collection, including malware from Hive, BlackCat, LockBit, and Hunters International gangs. It is known also for targeting “hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States.” Microsoft says that the group tends to gain access to victims’ networks through stolen or purchased credentials, or by exploiting known vulnerabilities.
Dallas suburb deals with ransomware attack
The suburb of Richardson, which is home to around 120,000 people, suffered a cyberattack that gave hackers access to some government servers on Wednesday morning and which attempted to encrypt files on the network. City officials said, in a statement, “Automated security systems immediately responded, containing the impact to a small number of files,” and added there was no early indication sensitive data was accessed.” City Manager Don Magner said the attack is something officials “have been diligently preparing for” and explained that their security protocols appear to have minimized the impact.
Huge thanks to our sponsor, SpyCloud
Kia cars hacking vulnerability through license plate numbers
Earlier this month we covered a story about SQL injections performed on airport security systems to allow unauthorized individuals to bypass security and even enter cockpits. The researchers behind this story, Sam Curry and Ian Carroll, have also discovered a technique by which you can start any KIA brand car made after 2014 by simply scanning its license plate, and this could have happened regardless whether the vehicle has and active Kia Connect subscription. In brief, the vulnerability would allow someone to find out the car owner’s victim’s name, phone number, email address, and physical address, and could “allow the attacker to add themselves as an invisible second user on the victim’s vehicle without their knowledge.” This was a proof of concept only. Curry and his team send to KIA, who fixed the problem immediately. A full writeup of this experiment is available on Sam Curry’s blog site. The link is available in the show notes.
Kuwait Health Ministry suffers cyberattack
The attack, which happened last week, disabled systems at several of the country’s hospitals, as well as the Sahel healthcare app. Backups helped to restore systems at the Kuwait Cancer Control center and at the offices that manage the national health insurance system and expatriate check-up system. The hackers were stopped from reaching “essential databases,” according to a statement released Wednesday, but the ministry said it had to shut down certain systems to install needed updates. No ransomware gang has taken credit for the attack.
Progress Software fixes six vulnerabilities in WhatsUp Gold
These vulnerabilities exist in versions below 24.0.1 of the network monitoring solution. Two of the vulnerabilities had a CVS severity score of 9.8, and all were addressed on September 20. Progress Software is now reaching out to its WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20.” A link to their advisory is available in the shownotes.
(Security Affairs and Progress Software advisory)
Irish Data Protection Commission fines Meta for plaintext passwords
Ninety-one million Euros, equivalent to $102 million USD is the fine levied by the Irish Data Protection Commission, following an investigation that found that “Meta’s handling of passwords violated several obligations under Europe’s General Data Protection Regulation.” A spokesperson for Meta, speaking to CyberScoop on Friday said that the company “found that a subset of Facebook users’ passwords was temporarily logged in a readable format within our internal data systems.” The representative further stated that Meta took immediate action to fix the error, proactively flagged this issue to the DPC and “there is no evidence that these passwords were abused or accessed improperly.”