Ford WiFi vulnerability, Gov’t reviews Azure hack, TripAdvisor ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Ford says cars with WiFi vulnerability still safe to drive

Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn’t impacted. The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car’s infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame. The vulnerability affects a range of vehicles from the 2021-2022 model years. Ford the carmaker promises to make a software patch available soon, which customers will be able to load on a USB stick and install on their vehicles.

(Bleeping Computer)

Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack

A U.S. government review board will examine the suspected-Chinese cyberespionage operation that breached Microsoft’s email authentication system and nabbed American officials’ emails, the Department of Homeland Security announced Friday. The Cyber Safety Review Board — a public/private entity established via presidential executive order in 2021 in the wake of the SolarWinds breach and launched in early 2022 — will review the incident as part of a broader look at the “malicious targeting of cloud computing environments” and “focus on approaches government, industry, and Cloud Service Providers (CSPs) should employ to strengthen identity management and authentication in the cloud,” the agency said in a statement.


Knight ransomware distributed in fake TripAdvisor complaint emails

Knight ransomware is a recent rebrand of the Cyclop Ransomware-as-a-Service, which switched its name at the end of July 2023. This new email spam campaign pretends to be a TripAdvisor complaint. The emails include a ZIP file attachment or an HTML link. This leads to fake browser window that pretends to be a complaint submitted to a restaurant, asking the user to review it. However, clicking the ‘Read Complaint’ button will download an Excel XLL file which leads to file encryption.

(Bleeping Computer)

Experts urge FTC to modernize health breach notification rules as comment period closes

The public comment period for the Federal Trade Commission’s (FTC) proposed changes to its health breach notification rules closed Tuesday, with a variety of consumer protection and privacy organizations urging their adoption, while highlighting how inadequate health privacy regulations are for the digital age. Numerous apps collect an unprecedented amount of health data and share it with third parties for marketing and other purposes, the agency said in explaining the proposed update to the rules. Many of these practices are not covered by the narrowly defined Health Insurance Portability and Accountability Act (HIPAA), the agency said in a press release. Among the changes the FTC has proposed: revising several definitions to clarify the health breach notification rule can be applied to health apps and similar technologies not covered by HIPAA; clarifying that a “breach of security” under the rule includes the unauthorized acquisition of identifiable health information triggered by a data security breach or an unauthorized disclosure; and expanding requirements for what consumers whose data has been breached should be told.

(The Record)

Thanks to this week’s episode sponsor, Veza

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.

New SystemBC malware variant targets southern African power company

An unknown threat actor has been linked to a cyber-attack on a power generation company in “southern Africa” with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. This is according to Kurt Baumgartner, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said. The Russian cybersecurity company said the attack, which took place in late March 2023, was in its early stages and involved the use of DroxiDat to profile the system and proxy network traffic using the SOCKS5 protocol to and from command-and-control (C2) infrastructure. Kaspersky has not yet named the country in question.

(The Hacker News)

Hackers accessed 16 years of Colorado public school student data in June ransomware attack

Following up on a story we brought you last week, it appears that every student who attended Colorado public schools between 2004 and 2020 had their personal information accessed by criminal hackers. The Colorado Department of Higher Education (CDHE) published the revelation in a notice on Friday, saying it was attacked by a ransomware gang during an eight day period in mid-June. Also affected are certain cohorts of higher education students, as well as some recipients of General Education Development certificates and teacher’s licenses.

(The Record)

Zoom ZTP and AudioCodes phones flaws uncovered, exposing users to eavesdropping

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. SySS security researcher Moritz Abrell said in an analysis published Friday, “an external attacker who leverages these vulnerabilities can gain full remote control of the devices.” Such unfettered access could then be weaponized to eavesdrop on rooms or phone calls, pivot through the devices and attack corporate networks, and even build a botnet of infected devices. The research was presented at the Black Hat USA security conference last week.

(The Hacker News)

Last week in ransomware

Last week saw attacks on hospitals from a relatively new ransomware gang named Rhysida, most prominently, they are believed to be behind the attacks on Prospect Medical Group, impacting 17 hospitals and 166 clinics across the United States. We also saw additional reports on ransomware about TargetCompany, code leaks impacting the RaaS ecosystem, and a new threat actor using a customized version of Yashma ransomware. Ongoing fallout from Clop’s MOVEit data-theft attacks now includes Missouri’s Department of Social Services warning that data was stolen from IBM’s MOVEit server. Europol and the U.S. Department of Justice announced the takedown of the LOLEKHosted bulletproof hosting provider, saying that one of the arrested admins facilitated Netwalker ransomware attacks by hosting storage servers for the gang.

(Bleeping Computer and Cyber Security Headlines)


Click Here For The Original Source.

National Cyber Security