Hackers breached Pepsi Bottling network
Pepsi Bottling Ventures (PBV) has disclosed a breach of its network in an email sent to consumers this past Friday (February 10). On January 10, the company discovered that info-stealing malware had been deployed to its network back in December last year. Pepsi Bottling confirmed that a threat actor accessed systems and downloaded information belonging to former and current employees including names, home and email addresses, financial account information, government IDs, digital signatures, benefits and medical information.
AI has successfully piloted an F-16 fighter jet
The US Department of Defense’s (DoD) research agency, DARPA, announced that they’ve successfully completed several AI-controlled flights with their F-16 test aircraft (known as the X-62A or VISTA), at Edwards Air Force Base, California. DARPA said it doesn’t expect the plane to fly without a pilot, but the AI will control the jet and provide flight data while the “human pilot focuses on larger battle management tasks in the cockpit.” Back in 2018, the government committed to a 5-year, $2 billion AI spending plan. DARPA said that AI-powered L-39s will participate in a live dogfight above Lake Ontario in 2024.
Hyundai and Kia to update anti-theft software on millions of vehicles
Hyundai and its subsidiary Kia are now offering free software updates for their cars in response to a rash of car thefts after the so-called “Kia Challenge” went viral on TikTok. Thieves known as “the Kia Boyz” posted instructional videos showing how to bypass the vehicles’ security system using simple tools like a USB cable. The security update that will activate an “ignition kill” feature to effectively neutralize the now popularized theft techniques. The car manufacturers are offering the software upgrade free of charge for a total of 8.3 million eligible cars. Previously, Hyundai was charging car owners $170 for the software upgrade, in addition to any labor costs to install it.
Russian businessman found guilty of insider trading scheme
On Tuesday, Vladislav Klyushin, a 42-year-old Russian millionaire with ties to Vladimir Putin, was found guilty on charges of wire and securities fraud, in a Boston federal court. Klyushin participated in a scheme where he and other cyber criminals hacked into vendor computer systems and obtained financial disclosures for hundreds of companies, including Microsoft, Tesla, Kohls, Ulta Beauty and Sketchers, before they were filed to the SEC. Klyushin personally used the information to cheat the stock market, turning a $2 million investment into nearly $21 million. Altogether, the group raised a total of about $90 million.
And now a word from our sponsor, US, yes, CISO Series
MortalKombat ransomware found punching targets worldwide
Researchers from Cisco’s Talos security team said that, over the past month, they’ve observed a threat actor deploying MortalKombat ransomware. The researchers say that MortalKombat is novel ransomware and, based on its name and the wallpaper it drops, the malware is definitely linked to the popular video game and movie franchise. Most of the victims are in the US, while a smaller percentage come from the UK, Turkey and the Philippines. Though little is known about the threat actors, they are scanning for organizations who leave remote desktop protocols (RDP) exposed to the internet.
Microsoft delivers 75-count box of patches for Valentine’s Day
February’s Patch Tuesday fell on Valentine’s Day this year and saw Microsoft deliver an assortment of 75 security patches, nine of which are rated “critical” and 66 “important.” Three of the bugs addressed are under active exploitation but are not the most severe issues fixed this month (each rated less than 8.0 CVSS).
Microsoft warned, however, that some WSUS servers running on Windows Server 2016 and 2019 might fail to push Windows 11, version 22H2 Patch Tuesday updates. Microsoft is currently working on a fix for the issue.
Meanwhile, Adobe has patched practically every product it makes this month, but none of the 28 CVEs it fixed has an active exploit.
SAP joined in on the patching love on Tuesday, issuing 21 new security notes, the worst of which is a privilege escalation vulnerability in SAP Start Service, with an 8.8 CVSS rating.
Also on Tuesday, Intel dropped more than 30 security fixes while AMD fixed two security issues related to its Epyc and Ryzen processors and tools.
(The Register and Bleeping Computer)
Royal Mail refused to pay ‘absurd’ LockBit ransom
Chat logs from ransom negotiations between LockBit ransomware gang and Royal Mail, reveal that the British postal service’s negotiator refused to meet the $80 million ransom demand. The negotiator told Lockbit that they inadvertently attacked Royal Mail International, a small subsidiary of Royal Mail and, “Under no circumstances will we pay you the absurd amount of money you have demanded.” Lockbit slightly lowered its ransom demand before negotiations stalled on February 9. LockBit claims to have published the stolen data to its leak site, though it cannot yet be viewed. Royal Mail said Tuesday, its international services were reinstated for online purchase, but that it is still unable to process some new parcels and large letters.
Google launches first Android beta for ad-tracking overhaul
Google says the first beta for Privacy Sandbox on Android started rolling out on Tuesday to a limited number of Android 13 devices. The Privacy Sandbox on Android is a set of tools that aim to create a new standard for how advertisers and websites access information about consumers without compromising user privacy. Google says the Android Privacy Sandbox has similar privacy goals as its web sandbox but that the two features are based on separate technology.