In today’s cybersecurity news…
Car rental company Avis discloses data breach
According to notification letters sent to customers on Wednesday and filed with California’s Office of the Attorney General, the breach, which was discovered last Thursday, saw the unknown threat actor having access to its business applications from August 3 until August 6, resulting in the theft of “some customers’ personal information, including their names and other undisclosed sensitive data.” This is a developing story.
Microsoft Office 2024 to disable ActiveX controls by default
The October release of Microsoft Office 2024 will include the disabling of the legacy software in Word, Excel, PowerPoint, and Visio client apps. The company will start turning off ActiveX controls in documents opened in Win32 Office desktop apps in October 2024, and will further roll this out to Microsoft 365 apps in April 2025. After this point, existing ActiveX objects will appear as static images in Office documents. This change is thought to be a direct response to vulnerabilities within its controls that were exploited by North Korean hackers as well as being used to install TrickBot malware and Cobalt Strike beacons.
Wisconsin Medicare users had information leaked in MOVEit breach
More fallout from the MOVEIt breach of last year: “the Centers for Medicare & Medicaid Services (CMS), which is a federal agency that manages the Medicare program, as well as the Wisconsin Physicians Service Insurance Corporation (WPS) said on Friday that they have begun notifying people whose personal information leaked after hackers exploited a vulnerability in the MOVEit software.” The discovery follows a second investigation into the breach conducted by WPS in May, after receiving “new information” about the breach.
Huge thanks to our sponsor, Vanta
Quishing threat targets European electric car owners
Quishing, the activity of using QR codes for fraudulent purposes is affecting owners of electric vehicles in Europe who use public charging stations. In this scam, threat actors target the QR code on the charging station intended to help car owners register their vehicle and pay for the charge. The thieves place a modified QR code sticker directly over the original, which leads victims to a spoofed site that gladly accepts their credit card information and other data. Car owners are, of course advised to pay careful attention to the URL that appears on their phone when they use these services.
North Korea uses CovertCatch malware in LinkedIn job scams
We’ve seen this one before: coding tests used as an initial infection vector, in this case a Python coding challenge sent inside a ZIP file, which now contains the CovertCatch malware. This malware works “as a launchpad to compromise the target’s macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons,” said researchers at Mandiant. This technique of offering enticing career opportunities or freelance assignments through LinkedIn is typical of North Korea threat actor groups.
West Virginia police officer sues data broker
A retired police officer in West Virginia has filed a class action lawsuit against Whitepages, a data broker, for publishing his home address, a violation of a 2021 West Virginia statute known as Daniel’s Law. The law is thus named after a similar law passed in New Jersey in 2020 following the murder of a federal judge’s son by a disgruntled lawyer. The West Virginia statute, says that “data brokers and others cannot disclose the home address or personal phone number of any active or retired law enforcement personnel “under circumstances in which a reasonable person would believe that providing such information would expose another to harassment or risk of harm to life or property.” Tom Kemp, a privacy advocate who regularly does battle with data brokers, anticipates a ripple effect in which more states and individuals will take data brokers to task.
RAMBO steals data using RAM in air-gapped computers
For this new side-channel attack, its name is an acronym for Radiation of Air-gapped Memory Bus for Offense, and it generates electromagnetic radiation from a device’s RAM to send data from air-gapped computers to a recipient device located nearby. The technology has been developed by Mordechai Guri and his team at Ben Gurion University. The attack must be deposited on the victim’s system, and the attacker needs to use a “Software-Defined Radio (SDR) with an antenna to intercept the modulated electromagnetic emissions and convert them back into binary information.” Currently, “it would take around 2.2 hours to exfiltrate 1 megabyte of data, so RAMBO is more suitable for stealing small amounts of data like text, keystrokes, and small files.”