Cyber Security Headlines: FBI nabs Huawei, Android leaks Twitterers, Microsoft’s printer warning

FBI uncovers Chinese and Huawei misdeeds

Since at least 2017, federal officials have been investigating Chinese land purchases near critical infrastructure, and pursuing what they saw as clear efforts to plant listening devices near sensitive military and government facilities.  Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons. In addition a proposed $100 million ornate Chinese garden at the National Arboretum in Washington DC included a pagoda, which investigators noted would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection.

(CNN) 

5.4 million Twitter accounts available for sale

A threat actor is now offering the stolen data for sale on a popular hacking forum. In January, a report published on HackerOne claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The bug existed in the authorization process of the Android Twitter client, within the procedure of checking for duplication of a Twitter account.” Twitter confirmed the existence of this vulnerability and awarded the bug hunter a $5,040 bounty. The flaw has since been patched.

(Security Affairs)

Microsoft warns that new Windows updates may break printing

Microsoft has warned that starting with this week’s optional preview updates, temporary mitigation provided one year ago to address Windows Server printing issues on non-compliant devices will be removed, potentially causing print and scan failures on multiple Windows Server versions after installing the July 2021 security updates on Windows domain controllers (DCs). The known issue impacts printers, scanners, and multifunction devices non-compliant with CVE-2021-33764 hardening changes and using smart card (PIV) authentication. 

(Bleeping Computer)

Massive Microsoft 365 outage caused by faulty ECS deployment

Following up on a story we brought you last week, Microsoft has revealed, in a preliminary post-incident report, that last week’s 5-hour-long Microsoft 365 worldwide outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that led to cascading failures and availability impact across multiple regions. ECS is an internal central configuration repository designed to enable Microsoft services to make wide-scope dynamic changes across multiple services and features, as well as targeted ones such as specific configurations per tenant or user. As a result, users worldwide began reporting that they could not use Microsoft Teams and multiple Microsoft 365 services or features.

(Bleeping Computer)

Thanks to today’s episode sponsor, Snyk

Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk.
Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.

Code, dependencies, containers, cloud infrastructure… all of it.

And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places.

Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.

Magecart serves up card skimmers on restaurant-ordering systems

Two separate Magecart campaigns have been skimming payment-card credentials of unsuspecting customers using three online restaurant-ordering systems, affecting over 300 restaurants that use the services and compromising up to 50,000 user cards so far, researchers have found. The campaigns have injected e-skimmer scripts into the online ordering portals of restaurants using three separate platforms: MenuDrive, Harbortouch, and InTouchPOS, researchers from Recorded Future revealed in a blog post this week. One appears to have begun last November, and the other in January.

(ThreatPost)

Google fires software engineer who claimed AI chatbot was ‘sentient’

Last month, as we reported, Google put a senior software engineer, Blake Lemoine, on paid administrative leave after he published a paper claiming that the company’s controversial artificial intelligence (AI) model, LaMDA (Language Model for Dialogue Applications) had become ‘sentient’ and was a self-aware person. On Friday, Google publicly announced that it has now fired Lemoine for “violating the company’s confidentiality policy”. It highlighted that the engineer’s claims were “wholly unfounded” and that the company worked with him for “many months” to clarify this. Lemoine had posted an article on Medium in which he stated his conversations with LaMDA revealed the bot’s desire for rights and personhood as well as its fear of death from being shut down.

(Techworm.net)

BMW’s heated seats as a service model has drivers seeking hacks

BMW owners are feeling hot under the collar in response to news that BMW will now charge owners a subscription to use the heated seats in their cars if they weren’t a paid-for option when new. The German carmaker has been putting extra software-based features like high-beam assist behind a paywall for a couple of years now, but heated seats are hardware that will not benefit from software updates or regular over-the-air upgrades. Rather than being a service, BMW’s move is being seen as a simple way to raise additional revenue. In the UK, the fee for heated BMW seats is the pound sterling equivalent of $18 a month, $180 a year, and for a new 1-series, they can only be ordered as part of a $720 “comfort pack.”

(Wired)

Last week in ransomware

New ransomware operations continued to be launched last week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers. We also learned how the Conti ransomware gang breached the Costa Rican government’s systems and that the FBI recovered $500,000 in ransoms paid by health care to the Maui ransomware operation. The big attack that went public last week was against digital security firm Entrust, which disclosed they suffered a security incident on June 18th that led to data being stolen. Other attacks we learned about last week include building materials giant Knauf, an attack on the town of St. Marys, and an attack on the town of Frederick, Colorado.

(Bleeping Computer)