Cyber attack disrupts German oil firm operations
On Tuesday, two German oil storage and logistics firms, Oiltanking GmbH Group and Mabanaft Group indicated they are investigating a cyber-incident that occurred this past Saturday. Head of Germany’s IT security agency, Arne Schoenbohm, indicated that 233 German gas stations were affected by the incident, inhibiting their ability to change gas prices or accept credit card payments from customers forcing some affected stations to accept cash payments only. The companies have hired computer forensic specialists to investigate the incident, which according to industry officials,did not pose a threat to the country’s overall fuel supplies.
Tesla recalls Full Self Driving feature that lets cars roll through stop signs
Tesla is issuing an over-the-air update to recall a “Full Self-Driving” (FSD) beta feature that allowed cars to roll through stop signs at 4-way intersections at speeds of up to 5.6 MPH. Tesla reportedly agreed to the recall after two meetings with National Highway Traffic Safety Administration (NHTSA) officials. The issue affects nearly 54,000 vehicles including 2016-2022 Model S and X EVs, 2017-2022 Model 3s and 2020-2022 Model Ys. Tesla said it is not aware of any injuries or crashes caused by the flawed feature.
FBI recommends using burner phones at the Olympics
In the wake of a Citizen Lab report which found the official app for the Beijing 2022 Winter Olympics, dubbed My 2022, to have a number of significant security weaknesses, the FBI issued a warning on Tuesday, urging athletes to use a burner phone while at the Olympic Games and to leave their personal devices at home. Use of the My 2022 app is mandated for all athletes, spectators, and members of the press. The FBI’s warning also signaled the potential risk of cyber attacks by financially motivated or nation-state threat actors attempting to disrupt or block live broadcasts of the event, exfiltrate sensitive information from IT systems, or impact digital infrastructure supporting the Olympics.
100 day cybersecurity resilience plan for water and wastewater sector
Several federal agencies, including the EPA, CISA and National Security Council (NSC) have joined forces to develop a plan to better protect US water infrastructure. The ‘Water and Wastewater Sector Action Plan’, which is part of the Biden administration’s Industrial Control Systems (ICS) Initiative, focuses on numerous high impact activities which can be addressed within the next 100 days. The plan calls for establishing a task force of water sector leaders, implementing pilot projects to accelerate the adoption of incident monitoring, improving information sharing and data analysis, and providing technical support to water systems.
Thanks to our episode sponsor, Pentera
State-sponsored Iranian hackers targeting Turkish organizations
Researchers from Cisco Talos said that MuddyWater, an advanced persistent threat (APT) group with ties to Iran’s Ministry of Intelligence and Security (MOIS), has been targeting private organizations in Turkey alongside the country’s government. MuddyWater, also known as Mercury or Static Kitten, has been active since 2017 and has been tied to past attacks against organizations in the US, Israel, Europe, and the Middle East. MuddyWater’s latest campaign, which started back in November, comes in the form of phishing emails armed with malicious PDFs and Microsoft Office documents to trigger code which creates registry keys to gain persistence and uses Living Off the Land Binaries (LOLBins) to hijack the machine. The researchers note that MuddyWater’s main objectives include conducting cyberespionage, stealing intellectual property, and deploying ransomware.
(ZDNet)
Data leak exposes IDs of airport security workers
A team of researchers recently discovered a misconfigured Amazon Web Services S3 bucket belonging to Swedish security giant Securitas, which was left wide open without any authentication required to view the contents. The researchers found 3TB of personally identifiable information (PII) belonging to employees of Securitas and at least four airports across Peru (Aeropuerto Internacional Jorge Chávez) and Colombia (El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport) dating back to November 2018. After being notified by the researchers on October 28 2021, Securitas managed to secure the database on November 2.
Telco fined €9 million for hiding cyberattack impact
Greece’s largest technology company, OTE Group, has been fined €9.1 million ($10.2 million) by the Greek data protection authority for leaking 48 GB of sensitive customer data back in a 2020 cyberattack that stemmed from a hacker social engineering one of its employees through LinkedIn. The agency said that the Greek telcom infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident. The probe by the data protection agency also found that OTE Group’s customer data was not properly anonymized and that established data retention periods were not adhered to.
Public exploit released for Windows 10 bug
After reports of Microsoft’s January’s Patch Tuesday breaking servers, some organizations may have opted to hold back on deploying the security fixes, however, one of the associated vulnerabilities now has a proof-of-concept exploit available in the wild. The exploit for the privilege-escalation bug in Windows 10, tagged as CVE-2022-21882, was released by Gil Dabah, founder and CEO of Privacy Piiano, who tweeted that he initially decided not to report the bug two years ago, but apparently had a change of heart after finding it difficult to get paid on other bug bounties through the Microsoft program.