Mercedes-Benz exposes sensitive data, source code
Researchers at RedHunt Labs discovered, during a routine internet scan, an authentication token belonging to a Mercedes employee that had been left exposed in a public GitHub repository. Speaking to TechCrunch, Shubham Mittal, co-founder and chief technology officer of RedHunt Labs stated, “the GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server…the repositories include a large amount of intellectual property… connection strings, cloud access keys, blueprints, design documents, single sign-on passwords, API Keys, and other critical internal information.” It’s not known if any customer data was contained within the repositories. TechCrunch alerted Mercedes on Monday, and on Wednesday, a Mercedes spokesperson confirmed that the company “revoked the respective API token and removed the public repository immediately.”
Juniper Networks issues out-of-band fix for high severity flaws
Thes vulnerabilities, tracked as CVE-2024-21619 and 21620 “are rooted in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series. These are flaws that “could be exploited by a threat actor to take control of susceptible systems.” “Cybersecurity firm watchTowr Labs has been credited with discovering and reporting the issues.” As a temporary workaround until the patches are deployed, Juniper recommends that users “that users disable J-Web or restrict access to only trusted hosts.”
New ZLoader malware, now with 64-bit Windows compatibility
Two years after the ZLoader botnet was dismantled, this new variant comes with changes to the loader module, which “adds RSA encryption, updates the domain generation algorithm, and is now compiled for 64-bit Windows operating systems.” This is according to researchers at Zscaler ThreatLabz. Paraphrasing ZLoaders analysis for brevity here, some of its new features include, junk code and string obfuscation to resist analysis efforts, with each artifact expected to have a specific filename to be executed on the compromised host, it encrypts the static configuration using RC4 with a hard-coded alphanumeric key to conceal information related to the campaign name and the command-and-control (C2) servers, and has been observed relying on an updated version of the domain generation algorithm as a fallback measure in the event the primary C2 servers are inaccessible.
Semron seeks to replace chip transistors with memcapacitors
The German company Semron has created “3D-scaled” chips that can run AI models on smartphones, earbuds, VR headsets and mobile devices. These chips use electrical fields to perform calculations, rather than currents, which allows for greater efficiencies in operation and manufacture. As described in TechCrunch, the chips use a memcapacitor, a capacitor with memory to run computations. The majority of computer chips are made of transistors, which unlike capacitors can’t store energy; they merely act like “on/off” switches. A link to the article which has more details about this technology is available in the show notes to this episode.
Huge thanks to this week’s episode sponsor, Vanta
ChatGPT leaks passwords from users’ private conversations
In a story relayed to Ars Technica, a person by the name of Chase Whiteside described his discovery while using ChatGPT to devise clever names for colors in a palette. Upon returning to his research the following morning, conversations appeared in his history that had not been there before. These chats were private conversations that “contained multiple pairs of usernames and passwords that appeared to be connected to a support system used by employees of a pharmacy prescription drug portal.” The conversations appeared to belong to people trying to troubleshoot the portal due to its poor design. An OpenAI representative said the company was investigating the report.
Keenan warns of data breach after summer cyberattack
The California-based insurance brokerage and consulting firm that focuses primarily on education, healthcare, and public agencies sectors, is warning 1.5 million customers that hackers accessed their personal information in a recent cyberattack. The company, which has, since 2017, been part of AssuredPartners NL, one of the largest brokerage firms in the U.S. says the stolen information is PII including social security numbers, passport numbers and driver’s license numbers. They are offering two-year identity theft protection and remind people to be vigilant regarding phishing attempts.
Last year was a record breaker for ransomware, says Corvus
The cyber underwriter’s analysis of ransomware attacks for 2023 describes it as at a record high, with activity surpassing 2022 totals by 68 percent. Despite takedowns by law enforcement of ALPHV/BlackCat and Qakbot, a total of 4,496 total leak site victims was reported. Key driving factors, the report says, are threat actor resilience and more active ransomware groups. The transportation, logistics, and storage industries experienced consistent ransomware increases throughout 2023, especially with LockBit 3.0, largely due to their sensitivity to business interruption, which “presents an attractive target to threat actors.” A link to the report is available in the show notes to this episode.
Canadian malware actor gets 2 years
The Ontario Court of Justice imposed the sentence on Matthew Philbert, 33, who pled guilty in October charges of fraud and unauthorized access to computers, and who left more than 1,100 victims in his wake. Among these was a family form whom he stole $10,000, three Canadian police departments and the Ronald McDonald House charity in Halifax, Nova Scotia. Philbert has also been indicted by the state of Alaska, for attempting to “cause damage without authorization to a protected computer owned by the State of Alaska in 2018, potentially affecting medical data.” His activities, which allegedly involve unnamed co-conspirators, were based on phishing emails containing resumés that delivered malware that allowed takeovers of victims’ computers.