This posting is here to collect cyber security news in August 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
309 Comments
Tomi Engdahl says:
Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum https://www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/
The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum. The cache supposedly consists of 1.6 million emails containing conversations and documents marked as sensitive and highly sensitive in nature.
Tomi Engdahl says:
Hacker Returns $600+ Million Haul in Poly Network Cryptocurrency Heist https://www.msspalert.com/cybersecurity-breaches-and-attacks/hacker-returns-600-million-haul-in-poly-network-cryptocurrency-heist/
A hacker atypically has returned all of the more than $600 million in digital coins they stole on Tuesday August 11, 20p21 from Poly Network, a decentralized financial (DeFi) platform, in what’s said to be one of the largest cryptocurrency heists in history.
Tomi Engdahl says:
Network access to Pakistan’s top fed agency FBR sold on Russian forum https://www.hackread.com/network-access-pakistans-top-fbr-russian-forum/
The Federal Board of Revenue (FBR) of Pakistan (fbr.gov.pk) has suffered a large-scale cyber attack. This was revealed after a group of unknown hackers were found selling network access to the agency with more than 1500 computer systems on a Russian cybercrime forum.
Tomi Engdahl says:
Ford bug exposed customer and employee records from internal systems https://www.bleepingcomputer.com/news/security/ford-bug-exposed-customer-and-employee-records-from-internal-systems/
A bug on Ford Motor Company’s website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford’s servers.
Tomi Engdahl says:
Classified info leaked during cyber attack against Foreign Ministry
https://m.delfi.lt/en/article.php?id=87937063
There are certain signs that classified information leaked during a cyber attack against the Foreign Ministry, Lithuanian President Gitanas Nauseda says. “An investigation is ongoing, with no doubt, we well asses that damage done during this cyber attack. But there are certain signs showing that certain information leaked. And that information is deemed classified, ” the president said in an interview with the delfi.lt news website. In his words, the leaked information “might cause serious damage, first of all, for allies”. “But that’s potential damage I still cannot publicly disclose, ” the president said.
Tomi Engdahl says:
Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform https://therecord.media/hackers-tried-to-exploit-two-zero-days-in-trend-micros-apex-one-edr-platform/
Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.
While details about the attacks are currently being kept under wraps, patches for both issues were made available at the end of July.
Tomi Engdahl says:
Huawei stole our tech and created a ‘backdoor’ to spy on Pakistan, claims IT biz https://www.theregister.com/2021/08/13/huawei_accused_of_trade_secret/
A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities.
Tomi Engdahl says:
Windows 365 exposes Microsoft Azure credentials in plain-text https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plain-text/
A security researcher has figured out a way to dump a user’s unencrypted plaintext Microsoft Azure credentials from Microsoft’s new Windows 365 Cloud PC service using Mimikatz.
Tomi Engdahl says:
T-Mobile Confirms It Was Hacked
“We have determined that unauthorized access to some T-Mobile data occurred.”
https://www.vice.com/en/article/y3d4dw/t-mobile-confirms-it-was-hacked
T-Mobile confirmed hackers gained access to the telecom giant’s systems in an announcement published Monday.
The move comes after Motherboard reported that T-Mobile was investigating a post on an underground forum offering for sale Social Security Numbers and other private data. The forum post at the time didn’t name T-Mobile, but the seller told Motherboard the data came from T-Mobile servers.
“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” T-Mobile wrote in its new announcement.
The seller told Motherboard that 100 million people had their data compromised in the breach. In the forum post, they were offering data on 30 million people for 6 bitcoin, or around $270,000.
T‑Mobile Cybersecurity Incident Update
August 16, 2021
https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021
Tomi Engdahl says:
A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance
You may not have the full story about what network you’re on—and how well you’re protected.
https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/?utm_source=facebook&utm_medium=news_tab&utm_content=algorithm
Tomi Engdahl says:
Voltage manipulation can bypass hardware security on AMD’s server CPUs
There’s a joke about “shocking” exploits in here somewhere
https://www.techspot.com/news/90796-voltage-manipulation-can-bypass-hardware-security-amd-server.html
Why it matters: Researchers from the Technische Universität Berlin have demonstrated that AMD’s Secure Encrypted Virtualisation (SEV) technology can be defeated by manipulating input voltages, compromising the technology in a similar way to previous attacks against its Intel counterpart.
SEV relies on the Secure Processor (SP), a humble Arm Cortex-A5, to provide a root of trust in AMD EPYC CPUs (Naples, Rome and Milan — Zen 1 through 3).
The research paper — toting the amusing-yet-wordy title of “One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization” — describes how an attacker could compromise the SP to retrieve encryption keys or execute arbitrary code.
https://arxiv.org/abs/2108.04575
Tomi Engdahl says:
Apple’s Software Chief Explains ‘Misunderstood’ iPhone Child-Protection Features (Exclusive) | WSJ
https://m.youtube.com/watch?v=OQUO1DSwYN0&feature=share
Apple’s tools for flagging child pornography and identifying explicit photos in kids’ messages caused backlash and confusion. In an exclusive interview, Apple software chief Craig Federighi sat down with WSJ’s Joanna Stern to defend the technology and explain how it will work.
Tomi Engdahl says:
Secret terrorist watchlist with 2 million records exposed online
https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/
A secret terrorist watchlist with 1.9 million records, including
classified “no-fly” records was exposed on the internet. The list was
left accessible on an Elasticsearch cluster that had no password on
it.
Tomi Engdahl says:
Microsoft 365: This new one-click button lets businesses report scam
emails
https://www.zdnet.com/article/microsoft-365-this-new-one-click-button-lets-businesses-report-scam-emails/
A new button and add-on for Microsoft 365/Office 365 accounts and
Outlook allows employees to report scam emails directly to the UK’s
National Cyber Security Centre (NCSC). The button is an upgrade to the
NCSC’s existing Suspicious Email Reporting Service (SERS), which has
received over 6.6 million reports since launching in April 2020. As of
30 June, NCSC had removed over 50, 500 scams and 97, 500 URLs.
Tomi Engdahl says:
Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands
of Devices Down the Supply Chain
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
At least 65 vendors affected by severe vulnerabilities that enable
unauthenticated attackers to fully compromise the target device and
execute arbitrary code with the highest level of privilege. Affected
devices implement wireless capabilities and cover a wide spectrum of
use cases: from residential gateways, travel routers, Wi-Fi repeaters,
IP cameras to smart lightning gateways or even connected toys.
Tomi Engdahl says:
Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
https://thehackernews.com/2021/08/dozens-of-starttls-related-flaws-found.html
Security researchers have disclosed as many as 40 different
vulnerabilities associated with an opportunistic encryption mechanism
in mail clients and servers that could open the door to targeted
man-in-the-middle (MitM) attacks, permitting an intruder to forge
mailbox content and steal credentials. The now-patched flaws,
identified in various STARTTLS implementations, were detailed by a
group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and
Sebastian Schinzel at the 30th USENIX Security Symposium. The attacks
require that the malicious party can tamper connections established
between an email client and the email server of a provider and has
login credentials for their own account on the same server. also:
https://nostarttls.secvuln.info/
Tomi Engdahl says:
XSS Bug in SEOPress WordPress Plugin Allows Site Takeover
https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/
A stored cross-site scripting (XSS) vulnerability in the SEOPress
WordPress plugin could allow attackers to inject arbitrary web scripts
into websites, researchers said. SEOPress is a search engine
optimization (SEO) tool that lets site owners manage SEO metadata,
social-media cards, Google Ad settings and more. It’s installed on
more than 100, 000 sites. To protect their websites, users should
upgrade to version 5.0.4 of SEOPress.
Tomi Engdahl says:
Experts: False Claims on Voting Machines Obscure Real Flaws
https://www.securityweek.com/experts-false-claims-voting-machines-obscure-real-flaws
The aftermath of the 2020 election put an intense spotlight on voting machines as supporters of former President Donald Trump claimed victory was stolen from him. While the theories were unproven — and many outlandish and blatantly false — election security experts say there are real concerns that need to be addressed.
In Georgia, for example, election security expert J. Alex Halderman says he’s identified “multiple severe security flaws” in the state’s touchscreen voting machines, according to a sworn declaration in a court case.
Halderman told The Associated Press in a phone interview that while he’s seen no evidence the vulnerabilities were exploited to change the outcome of the 2020 election, “there remain serious risks that policymakers and the public need to be aware of” that should be addressed immediately to protect future elections.
Tomi Engdahl says:
Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK
https://www.securityweek.com/devices-many-vendors-can-be-hacked-remotely-due-flaws-realtek-sdk
A large number of IoT systems could be exposed to remote hacker attacks due to serious vulnerabilities found in software development kits (SDKs) provided to device manufacturers by Taiwan-based semiconductor company Realtek.
Firmware security company IoT Inspector said its researchers have identified more than a dozen vulnerabilities in SDKs provided by Realtek to companies that use its RTL8xxx chips. The security flaws can be exploited to cause a denial of service (DoS) condition and for command injection, and some of them can be leveraged by remote attackers to take complete control of a targeted device, without requiring authentication.
According to IoT Inspector, an internet search revealed nearly 200 unique types of affected devices from a total of 65 different vendors, including IP cameras, routers, residential gateways, Wi-Fi repeaters, and toys. The list of impacted manufacturers and vendors includes ASUS, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE and Zyxel.
The security firm noted that if the impacted vendors sold, on average, 5,000 devices of each affected model, the vulnerabilities would expose nearly one million systems to remote attacks.
Tomi Engdahl says:
Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack
https://www.securityweek.com/colonial-pipeline-confirms-personal-information-impacted-ransomware-attack
Colonial Pipeline has started sending out notification letters to inform more than 5000 people that their personal information was compromised in a ransomware attack earlier this year.
The attack, which took place in May 2021, involved the Darkside ransomware and resulted in the Georgia-based company temporarily shutting down operations and paying $5 million to the attackers to recover stolen information. Most of the money was recovered, the US announced in June.
In a notification letter sent to the Maine Attorney General’s Office, Colonial Pipeline said that personal information belonging to 5,810 people was compromised in the attack.
“On May 6, 2021, an unauthorized third party acquired certain records stored in our systems,” the company said in the letter.
Tomi Engdahl says:
T-Mobile Acknowledges Breach of Customer Data, Launches Probe
https://www.securityweek.com/t-mobile-acknowledges-breach-customer-data-launches-probe
Tomi Engdahl says:
Eihän puhelimesi pääsykoodi ole tällä listalla? Vaihda se heti
Ihmiset käyttävät yhä todella helposti arvattavia pääsykoodeja.
https://www.iltalehti.fi/tietoturva/a/5f9bd2a2-443e-485e-9784-bc192e4655f2
Käytetyimmät 4-numeroiset koodit
1234
0000
2580
1111
5555
5683
0852
2222
1212
1998
These are the 20 most common phone PINs: Is your device vulnerable?
https://www.pocket-lint.com/phones/news/148224-these-are-the-20-most-common-phone-pins-is-your-device-vulnerable
Tomi Engdahl says:
Ax Sharma / BleepingComputer:
Researcher finds a terrorist watchlist of 1.9M people, including “no-fly” records, on an unsecured Elasticsearch cluster; DHS later took the server offline — A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.
Secret terrorist watchlist with 2 million records exposed online
https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/
A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Millions of people on no-fly and terror watchlists exposed
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.
The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list:
The researcher told BleepingComputer that given the nature of the exposed fields (e.g. passport details and “no_fly_indicator”) it appeared to be a no-fly or a similar terrorist watchlist.
“That was the only valid guess given the nature of data plus there was a specific field named ‘TSC_ID’,” Diachenko told BleepingComputer, which hinted to him the source of the recordset could be the Terrorist Screening Center (TSC).
FBI’s TSC is used by multiple federal agencies to manage and share consolidated information for counterterrorism purposes.
The agency maintains the classified watchlist called the Terrorist Screening Database, sometimes also referred to as the “no-fly list.”
Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.
Server taken offline 3 weeks after DHS notified
The researcher discovered the exposed database on July 19th, interestingly, on a server with a Bahrain IP address, not a US one.
However, the same day, he rushed to report the data leak to the U.S. Department of Homeland Security (DHS).
“I discovered the exposed data on the same day and reported it to the DHS.”
“The exposed server was taken down about three weeks later, on August 9, 2021.”
“It’s not clear why it took so long, and I don’t know for sure whether any unauthorized parties accessed it,” writes Diachenko in his report.
The researcher considers this data leak to be serious, considering watchlists can list people who are suspected of an illicit activity but not necessarily charged with any crime.
America’s secret terrorist watchlist exposed on the web without a password: report
https://www.linkedin.com/pulse/americas-secret-terrorist-watchlist-exposed-web-report-diachenko/
On July 19, 2021 I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it.
The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country’s no-fly list, which is a subset of the larger watchlist. A typical record in the list contains a full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more.
I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work. The DHS did not provide any further official comment, though.
Tomi Engdahl says:
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency
(“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality.
These further attacks could include actions that would allow an adversary to remotely control affected devices. At the time of writing this blog post, ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on their platform.
Tomi Engdahl says:
T-Mobile Investigating Claims of Massive Data Breach https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/
On Sunday, Vice.com broke the news that someone was selling data on
100 million people, and that the data came from T-Mobile. In a statement published on its website today, the company confirmed it had suffered an intrusion involving “some T-Mobile data, ” but said it was too soon in its investigation to know what was stolen and how many customers might be affected. also:
https://www.wired.com/story/t-mobile-hack-data-phishing/
Tomi Engdahl says:
Hospitals hamstrung by ransomware are turning away patients https://arstechnica.com/gadgets/2021/08/hospitals-hamstrung-by-ransomware-are-turning-away-patients/
Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations.
Tomi Engdahl says:
Healthcare provider expected to lose $106.8 million following ransomware attack https://therecord.media/healthcare-provider-expected-to-lose-106-8-million-following-ransomware-attack/
Scripps Health, a California-based nonprofit healthcare provider that runs five hospitals and 19 outpatient facilities, said it expects to lose an estimated $106.8 million following a ransomware attack that hit the organization in May 2021. “Operating revenues and operating expenses for the quarter ended June 30, 2021 were significantly impacted by lost revenues and incremental expense incurred during the cyber security incident that occurred in May 2021, ” the company said in its quarterly financial and operating filings last week.
Tomi Engdahl says:
Brazilian National Treasury hit with ransomware attack https://www.zdnet.com/article/brazilian-national-treasury-hit-with-ransomware-attack/
The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13).
Tomi Engdahl says:
Colonial Pipeline sends breach letters to more than 5, 000 after ransomware group accessed SSNs, more https://www.zdnet.com/article/colonial-pipeline-sends-breach-letters-to-more-than-5000-after-ransomware-group-accessed-ssns-more/
Colonial Pipeline said the leaks involved the personal information of current and former employees.
Tomi Engdahl says:
Chinese espionage tool exploits vulnerabilities is 58 widely used websites https://therecord.media/chinese-espionage-tool-exploits-vulnerabilities-is-58-widely-used-websites/
A security researcher has discovered a web attack framework developed by a suspected Chinese government hacking group and used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents. Named Tetris, the tool was found secretly uploaded on two websites with a Chinese readership. “The sites both appear to be independent newsblogs, ” said a security researcher going online under the pseudonym of Imp0rtp3, who analyzed the Tetris attack framework for the first time in a blog post earlier this month. also:
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Tomi Engdahl says:
Rural Sewage Plants Hit by Ransomware Attacks in Maine
https://www.securityweek.com/rural-sewage-plants-hit-ransomware-attacks-maine
A pair of ransomware attacks on sewage treatment plants in rural Maine communities demonstrates that small towns need to be just as vigilant as larger communities in protecting against hackers, local officials said.
The attacks occurred in April in Mount Desert and on the Fourth of July in Limestone, and no money was paid and no customer data was compromised, officials said Monday.
“It’s like an arms race between the good guys and the bad guys,” said Mount Desert Town Manager Durlin Lunt Jr. ”Fortunately, in this case, they didn’t get anything.”
In northern Maine, the town of Limestone was hit on a holiday.
Tomi Engdahl says:
High-Severity Command Injection Vulnerability Found in Fortinet Firewall
https://www.securityweek.com/high-severity-command-injection-vulnerability-found-fortinet-firewall
Researchers have discovered a vulnerability in Fortinet’s FortiWeb web application firewall (WAF), and while it has been classified as high severity, the actual risk of exploitation in the wild seems low.
Tomi Engdahl says:
FBI Reportedly Exposed Secret Terrorist Watchlist
https://www.securityweek.com/fbi-reportedly-exposed-secret-terrorist-watchlist
Tomi Engdahl says:
https://www.securityweek.com/adobe-plugs-critical-photoshop-security-flaws
Tomi Engdahl says:
Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability
https://www.securityweek.com/millions-iot-devices-exposed-attacks-due-cloud-platform-vulnerability
Home › ICS/OT
Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability
By Eduard Kovacs on August 17, 2021
Researchers at FireEye’s threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks.
The flaw was found in a core component of the Kalay cloud platform for IoT devices offered by ThroughTek, a Taiwan-based company that provides IoT and M2M solutions for surveillance, security, smart home, cloud storage, and consumer electronics systems.
Mandiant researchers discovered in late 2020 that the platform, which is used by millions of IoT devices from many vendors, is affected by a critical vulnerability that can be exploited to remotely hack affected systems. Since many of the impacted devices are video surveillance products — this includes IP cameras, baby monitors and digital video recorders — exploiting the vulnerability could allow an attacker to intercept live audio and video data.
The vulnerability is tracked as CVE-2021-28372 and it has been assigned a CVSS score of 9.6. In order to exploit it, an attacker needs to somehow obtain the Kalay unique identifier (UID) of the targeted user. An attacker could obtain this UID using social engineering, or through other methods.
Tomi Engdahl says:
The Intercept:
Sources: the Taliban have seized US military biometric devices, known as HIIDE, that could aid in the identification of Afghans who supported coalition forces — The Taliban have seized U.S. military biometrics devices that could aid in the identification of Afghans who assisted coalition forces …
The Taliban Have Seized U.S. Military Biometrics Devices
https://theintercept.com/2021/08/17/afghanistan-taliban-military-biometrics/
Biometric collection and identification devices were seized last week during the Taliban’s offensive.
Tomi Engdahl says:
Amy Thomson / Bloomberg:
T-Mobile says an investigation found 7.8M current users and 40M past and prospective users who applied for credit had information stolen in a cyberattack — – About 7.8 million current customers had information stolen — Records from former and prospective users also accessed
T-Mobile Says Over 40 Million Customer Records Affected in Hack
https://www.bloomberg.com/news/articles/2021-08-18/t-mobile-says-over-40-million-customer-records-affected-in-hack
T-Mobile US Inc. said an investigation confirmed about 7.8 million current users had information stolen along with more than 40 million records from past or prospective customers who’d applied for credit in a cyberattack.
The stolen information included customers’ full names, dates of birth, social security numbers, and IDs such as drivers licenses, the Bellevue, Washington-based company said in a statement on Wednesday. The hack doesn’t appear to have included credit card details or other financial information, it said.
The company said earlier this week that it was investigating claims that a widescale data breach had exposed customer details to hackers who were selling information online. The company is offering people affected by the attack two years of identity protection services and boosting security protocols on accounts that make it more difficult for fraudsters to take control.
Tomi Engdahl says:
Terabytes of Deleted Case Data Forces Dallas PD to Revise Policy
https://www.govtech.com/public-safety/terabytes-of-deleted-case-data-forces-dallas-pd-to-revise-policy#:~:text=A%20Dallas%20Police%20employee%20accidentally,to%20migrate%20data%20between%20servers.&text=According%20to%20an%20Aug.%2011,occurred%20before%20July%2028%2C%202020
A Dallas Police employee accidentally deleted 22 TBs of case files when trying to migrate data between servers. Officials say they’re now working to recover what they can and prevent future issues.
A Dallas Police Department (DPD) employee attempting to move older case files out of a cloud-based archive and onto an on-premise server housed in the city’s data center accidentally deleted 22 terabytes worth of files, the DPD told media in an emailed statement.
Police recovered 14 terabytes, but DPD believes the remaining 8 terabytes are “permanently deleted and unrecoverable from the archive location,” per its statement.
The impacted files include audio recordings, case notes, images, videos and other materials, the DPD said. According to an Aug. 11 memo released by the Dallas County Criminal District Attorney’s Office, the data loss affects prosecution of cases for which the offending event occurred before July 28, 2020.
Tomi Engdahl says:
CISA releases alert on BadAlloc vulnerability in BlackBerry products
https://www.zdnet.com/article/cisa-releases-alert-on-badalloc-vulnerability-in-blackberry-products/
The affected BlackBerry software is in nearly 200 million cars as well as thousands of industrial control devices, medical tools and more.
CISA has released an alert about a slate of BlackBerry products affected by the BadAlloc vulnerability, which was spotlighted by Microsoft researchers earlier this year.
On Tuesday, BlackBerry released an advisory explaining that its QNX Real Time Operating System — which is used in medical devices, cars, factories and even the International Space Station — can be affected by BadAlloc, which is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. BlackBerry recently boasted that the QNX Real Time Operating System is used in 200 million cars.
CISA added that IoT devices, operational technology and some industrial control systems have incorporated QNX Real Time Operating System, making it urgent for measures to be taken to protect systems. BlackBerry released a full list of the affected products.
https://www.qnx.com/support/knowledgebase.html?id=5015Y000001SX2z
Tomi Engdahl says:
T-Mobile: Breach Exposed SSN/DOB of 40M+ People https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/
T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than
48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.
Tomi Engdahl says:
North Korean APT InkySquid Infects Victims Using Browser Exploits https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. This post provides details on the different exploits used in the SWC, as well as the payload used, which Volexity calls BLUELIGHT. Volexity attributes the activity described in this post to a threat actor Volexity refers to as InkySquid, which broadly corresponds to activity known publicly under the monikers ScarCruft and APT37.
Tomi Engdahl says:
China Propaganda Network Targets BBC Media, UK in Large-Scale Influence Campaign https://www.recordedfuture.com/china-propaganda-targets-bbc-uk/
Recorded Future’s Insikt Group has discovered a large-scale, likely state-sponsored influence operation against the British Broadcasting Company (BBC) and the United Kingdom (UK). The campaign involves hundreds of websites and social media accounts and thousands of comments across state-affiliated news sources, fake news websites, and Chinese and Western social media platforms.
Tomi Engdahl says:
This Russian Cyber Mogul Planned To Take His Company Public. Then America Accused It Of Hacking For Putin’s Spies https://www.forbes.com/sites/thomasbrewster/2021/08/18/this-russian-cyber-mogul-planned-to-take-his-company-public-then-america-accused-it-of-hacking-for-putins-spies/
The tycoon whose Positive Technologies was recently hit with U.S.
sanctions insists he just wants to help protect all companies from hackers. U.S. security officials don’t buy it.
Tomi Engdahl says:
Poliisi varoittaa: pankkitunnukset varastava haittaohjelma leviää sähköpostissa https://www.iltalehti.fi/tietoturva/a/365c371d-03ff-4b68-993a-9d66e08dde3d
Poliisi varoittaa liikkeellä olevista huijausviesteistä. Rikolliset lähestyvät suomalaisia sähköpostiviesteillä, joissa yritetään saada avaamaan liitetiedosto tai linkki. – Linkin tai liitteen avaaminen asentaa laitteeseen haittaohjelman, jolla pystytään saamaan haltuun käyttäjän pankkitunnukset, Poliisin tiedotteessa kerrotaan.
Tomi Engdahl says:
Report: Census Hit by Cyberattack, US Count Unaffected
https://www.securityweek.com/report-census-hit-cyberattack-us-count-unaffected
U.S. Census Bureau computer servers uninvolved with the 2020 census were exploited last year during a cybersecurity attack, but hackers’ attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday.
The attack took place in January 2020 on the bureau’s remote access servers.
Tomi Engdahl says:
BadAlloc Flaw Impacts Many Systems Running BlackBerry’s QNX Embedded OS
https://www.securityweek.com/badalloc-flaw-impacts-many-systems-running-blackberrys-qnx-embedded-os
BlackBerry this week informed customers that the QNX embedded operating system is affected by a BadAlloc vulnerability leading to arbitrary code execution or denial of service.
Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to gain control of highly sensitive systems.
The issue affects C standard library (libc) implementations, real-time operating systems (RTOS), and embedded software development kits (SDKs), and could be exploited to execute arbitrary code or cause systems to crash.
On Tuesday, BlackBerry revealed that the QNX RTOS is affected by a BadAlloc vulnerability tracked as CVE-2021-22156 (CVSS score of 9.0). The flaw, an integer overflow bug, impacts the C runtime library present in various BlackBerry QNX products.
QNX-2021-001 Vulnerability in the C Runtime Library Impacts BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
Tomi Engdahl says:
ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities
https://www.securityweek.com/ics-vendors-assess-impact-infrahalt-vulnerabilities
Several major industrial control system (ICS) vendors have issued security advisories in response to the discovery of the NicheStack vulnerabilities collectively tracked as INFRA:HALT.
Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing, and DNS cache poisoning.
In an attack scenario described by the researchers, the attacker remotely exploits one of the INFRA:HALT vulnerabilities to crash a programmable logic controller (PLC) and disrupt the associated physical process.
Some websites suggest that as many as 200 companies could be using NicheStack in their products, and a Shodan search showed thousands of internet-exposed devices that could be vulnerable to attacks.
https://www.securityweek.com/vulnerabilities-nichestack-tcpip-stack-affect-many-ot-device-vendors
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12450-verkkorikolliset-hyokkaavat-nyt-kouluihin
Tomi Engdahl says:
https://www.securityweek.com/hacker-dubbed-mr-white-hat-return-entire-stolen-crypto-fortune
A firm specializing in transferring cryptocurrency said Thursday that a hacker they are calling “Mr White Hat” was giving back all $613 million in digital loot from a record haul.
Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned.
“As our communication with Mr. White Hat is going on, the remaining user assets on Ethereum are gradually transferred,” Poly Network said in a tweet.
“We look forward to Mr. White returning all the remaining user assets, as stated by him.”
Tomi Engdahl says:
https://www.securityweek.com/trend-micro-confirms-wild-zero-day-attacks