This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Andrew Storms, VP of security, Replicated
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
MOVEit maker announces new critical vulnerability on a different file transfer tool
Bad news for Progress Software and its clients with the news late yesterday of another critical vulnerability affecting a different file transfer tool made by them. This time it is the WS_FTP Server that has eight vulnerabilities that “need to be patched immediately.” The issues all have CVE numbers, and two of them have severity scores of 9.9 and 10. The company states that all versions of WS_FTP Server are affected by these vulnerabilities, and that they have made version-specific hotfixes available.
Chinese hackers stole emails from US State Dept in Microsoft breach
A Senate staffer has told Reuters that Chinese hackers who breached Microsoft’s email platform earlier this year stole 60,000 emails from 10 U.S. State Department accounts, 9 belonging to officials who were working on East Asia and the Pacific issues, and one belonging to a Europe-focused official. The hackers also “obtained a list containing all of the department’s emails.” Senator Eric Schmitt, whose staffer was allegedly the person who spoke to Reuters, said, through a statement, that “we need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point.”
(Reuters)
Johnson Controls faces $51 million ransomware demand
The multinational that secures industrial control systems, security equipment, fire safety and air conditioning systems is now the latest victim of a cyberattack that shut down parts of its IT systems and encrypted data. According to Bitdefender, “the Dark Angels ransomware group has claimed responsibility for the attack and claims to have exfiltrated over 25 TB of data from the company. If the ransom is not paid, they threaten to publish the data on a leak site. Graham Cluley points out that Dark Angels “may have bitten off more than they can chew” with this attack, since many of Johnson Controls’ customers use their technology to secure state and federal buildings, as well as critical infrastructure. This means the attack and potential exfiltration and publication of highly sensitive data could be considered a risk to national security.
H&R Block, Google, Meta face RICO class-action data privacy lawsuit
The case alleges that the tax preparation firm H&R Block worked with Meta and Google to “embed spyware on its website to make money from scraped tax return data.” The suit alleges that this “should be considered a pattern of racketeering on a massive scale,” which is why it is being filed under the Racketeer Influenced and Corrupt Organizations Act (RICO), which is usually applied to organized crime cases. A statement from Google confirms that it has strict policies around collection of data, and noted that “site owners, as opposed to Google, control what information they collect.”
Thanks to today’s episode sponsor, AppOmni
Details about Scattered Spider emerge
In further hotel-related cybersecurity news, the group behind the recent attacks on the Caesar’s and MGM hotel chains is being described by Palo Alto Networks as sophisticated and organized, and who use social engineering techniques to pose as employees who have lost their login details and worm their way in through the helpdesk. They are also skilled at bypassing MFA. Kevin Mandia, founder of Mandiant, points out that they are also ruthless, overwhelming security teams, leaving threatening messages and even Swating the homes of executives of the targeted companies. CrowdStrike estimates that many of its members are between 17 and 22 years old. There is still much mystery around the reach and impact of Scattered Spider around the world – Las Vegas was far from their only conquest. Wendi Whitmore, senior vice president at Palo Alto Networks’ Unit 42 describes them as similar to Lapsu$ in their operations.
(Reuters)
Kia and Hyundai exploit linked to massive car thefts
In January 2022, thieves stole 85 Kia and Hyundai vehicles in Chicago. By October that spiked to over 1,400. Milwaukee saw thefts of the brands jum 2,500% to account for two-thirds of all cars stolen. Other metro areas saw other astronomical jumps. These thefts are possible because over 9 million vehicles from the brands shipped in the US without an engine immobilizer, allowing anyone with a simple USB connection to a phone to hotwire a car. Kia and Hyundai released a software update to add an ignition kill feature to prevent thefts, but roughly two million of these vehicles cannot receive the update. In July Carfax reported five million vehicles either didn’t receive or weren’t eligible for the update.