Cyber Security Headlines: Experian logins dangerous, NSO deal off

French telco struggling after ransomware attack

On July 4th, a ransomware group hit the French telco La Poste Mobile. While service remains available, the most visible impact is that the company’s website remains down, replaced by a splash screen warning that some customer data may have been accessed in the attack. The carrier says its IT teams are still diagnosing the situation. The LockBit ransomware gang took credit for the attack.

(The Record)

L3Harris ends talks to acquire NSO Group

Sources tell the New York Times that the defense contractor ended talks of acquiring the Israeli spyware maker, after beginning talks on June 14th. Some reports L3Harris was only interested in acquiring NSO’s surveillance technology but not the entire company. Due to the sensitive work of both companies, any deal would have required approval of the US and Israeli governments. Pushback from the White House reportedly scuttled the deal, which reportedly had quiet support from the American intelligence community. Neither company confirmed the report. 

(SiliconAngle, New York Times)

Krebs on Experian security 

Brian Krebs received feedback from readers that their accounts had new email addresses updated on the credit bureau Experian without their consent, despite using password managers with unique passwords. Krebs was able to achieve this simply by signing up for an account using a his personal information and a different email address, it seems malicious actors have been doing the same. This also changed PINs and recovery questions, meaning the only way for victims to validate with Experian is through confirming credit transactions. Equifax and TransUnion were not vulnerable to this exploit. 

(Krebs on Security)

The fallout for Conti after Costa Rica 

The Financial Times looked at the aftermath of Conti’s attack on the Costa Rican government. We’ve been following the daily developments since the story broke. According to the report, Costa Rican infrastructure remains impacted months after the attack, with online tax collection, public healthcare, and public sector pay nowhere close to back to normal. It’s estimated it could take a year to fully decrypt all systems impacted. The report also notes the attack appears to have been the zenith of the Conti ransomware group, which shutdown in the wake of the attack. This came as the group publically aligned itself with Russia in its invasion of Ukraine, which caused pro-Ukranian members to leak chat logs and source code. It’s believed Conti associates fell from over 400 in late 2021 to a few dozens after the Costa Rica attack, although some signs point to Conti members migrating to the BlackBasta ransomware organization. 

(Financial Times)

Thanks to today’s episode sponsor, Edgescan

Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.

Binance kept trading in Iran 

Reuter’s sources say the crypto exchange Binance continued to process trades for clients in Iran despite US sanctions. IN 2018, the US reimposed sanctions on Iran and that November Binance informed trades in the country it would no longer serve them. Several traders speaking to Reuters say they were able to continue trading after the ban, able to register with just an email address and a VPN. Binance is based in the Cayman Islands, and is protected from direct US sanctions, but could be at risk of having sanctions placed on it from the US. Reuters previously reported North Korean hackers used VPNs to launder stolen crypto tokens through Binance in 2020. 

(Reuters)

Myanmar rolls out wider surveillance systems

Reuter’s sources say Myanmar’s government began deploying Chinese-made cameras with integrated facial recognition systems. Since February 2021, local authorities started rolling out wider surveillance systems in at least five major cities. It now plans five additional cities. In procurement documents for the cameras, the government claims these are for crime prevention and safe city projects. The government reportedly plans to add camera surveillance systems for cities in each of Myanmar’s seven states and seven regions. 

(Reuters)

Researchers demos Honda hacking 

A security researcher for Star-V Lab known as Kevin2600 published a technical report and video about an exploit in Honda vehicles called Rolling-PWN, which let the researcher open car doors and start the engine. Like similar car hacking exploits, this uses a software-defined radio to capture the code that opens the doors, which can be replayed up to 98 feet away. Car makers generally use rolling code mechanism to ensure that codes can’t be reused. Other car unlock exploits have generally been used to capture fixed codes. In response, Honda said the video did not include enough evidence to support the researcher’s claims. 

(Vice)

Microsoft calls macros rollback temporary 

Last week, Microsoft confirmed it rolled back a default block of VBA macros in Office apps, citing “feedback” from customers. Microsoft now clarified that this rollback is temporary and that it remains “fully committed to making the default change for all users.” The company also notes admins can block macros by default in Group Policy settings.

In other Microsoft news, the company released its Windows Autopatch service to the public. It’s available to customers running Windows 10 and 11 Enterprise E3 or greater. This moves the update orchestration planning to Microsoft, although admins will have Halt and Rollback features in case of any issues. 

(Bleeping Computer, ZDNet)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.