Cyber Security Headlines – January 4, 2022

Broward Health discloses major data breach

The Florida-based healthcare system disclosed the breach impacted over 1.3 million individuals, dating back to a cyberattack on October 15, 2021. Broward Health discovered the breach on October 19th and immediately notified the FBI and US DOJ. The intrusion point was determined to be a third-party medical provider. Information exfiltrated includes names, addresses, dates of birth, social security numbers, bank information, medical information, and driver’s license number. Broward said there is no evidence of misuse of the data from its analysis. The organization announced it implemented additional minimum-security requirements for third-party devices and is offering typical two-year identity theft protection services to those impacted.

(Bleeping Computer)

Beware of the command line copy-paste backdoor

Gabriel Friedlander of the security awareness platform Wizer demonstrated a potential backdoor from the common practice of copy-pasting terminal commands from a web page. He points out sites could covertly replace content of what goes on your clipboard, resulting in different commands getting pasted on the user’s side. On his site, Friedlander demonstrates that a simple copy-paste for a basic sudo apt update command could actually paste a curl command pulling down content from a malicious URL. Friedlander did this with a JavaScript “event listener” that captured the copy event and replaced the clipboard data.

(Bleeping Computer)

HomeKit bug can crash iOS devices

Security researcher Trevor Spiniolas documented a vulnerability in Apple’s HomeKit API, which could let an attacker create a HomeKit device with an extremely long name, resulting in a connecting iOS device becoming unresponsive upon reading it. The device name is about 500,000 characters, so not something that would likely happen simply by mistake. Once the device goes unresponsive, it enters into a cycle of freezing and rebooting, only resolved with a full wipe and restore. Since HomeKit device names are backed up to iCloud, signing into an iCloud account upon restoring a device would trigger the cycle again. The researcher recommends rejecting any invitations from an unfamiliar home network. 

(The Verge)

AT&T and Verizon respond to requests to delay 5G at airports

In a further development to the coverage of 5G rollouts at airports, AT&T and Verizon announced they would not comply with a request from the FAA and Department of transportation to postpone deploying new 5G service in those areas. The carriers did say they might be willing to pause deployments near certain airports for six-months “on the condition that the FAA and the aviation industry are committed to doing the same without escalating their grievances, unfounded as they are, in other venues.” As a reminder, airlines argue that 5G signals use frequencies that are close to altitude-sensing radar altimeters and could interfere with landing operation, while  the carriers say power levels and the gap in frequencies are adequate to prevent interference.

(Bloomberg)

Thanks to our episode sponsor, deepwatch

Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.

Microsoft fixes Exchange’s New Year malaise 

Yesterday we covered reports that a bug in Exchange’s FIP-FS engine started blocking email delivery on January 1st. Microsoft issued an emergency patch to resolve the issue, although this is considered a temporary fix. Admins can apply a PowerShell script named ‘Reset-ScanEngineVersion.ps1’ which will stop and replace Exchange’s antivirus scanning version causing the issue. Microsoft is working on an update which will automatically resolve the issue. Microsoft warned that emails will begin sending once this script is applied, however depending on the number of emails in the transport queue, it could take some time to clear the backlog. 

(Bleeping Computer)

US charges Kremlin insider tied to 2016 DNC hack

US officials unsealed charges against a Russian IT executive Vladislav Klyushin, who’d recently been extradited from Switzerland on December 18th. He’s accused of insider trading. Bloomberg’s sources say Klyushin has close ties to the Kremlin, and could provide Americans with an insider view of 2016 election manipulation. He’s believed to have access to documents related to the Russian attack against Democratic Party servers in 2016, as well as other Russian GRU military intelligence operations.  

(Bloomberg)

CrowdStrike using CPU telemetry to detect software exploits

The anti-malware stalwart announced that it is using Intel Processor Trace data from CPUs as part of its new Hardware Enhanced Exploit Detection feature. This feature is available on Intel CPUs sixth generation and newer, and records code execution on the processor. Traditionally this has been used for performance diagnostics. The company claims this feature lets it reconstruct the exact control flow on a CPU to detect more advanced software exploits like shellcode injection and code reuse attacks that bypass traditional OS-based defenses. 

(Security Week)

Legacy Blackberry devices shuffle off this mortal coil

Devices branded as Blackberry have been running Android for a number of years now, dating back to the 2015 Blackberry Priv. Older Blackberry devices have remained functional thanks to maintenance of legacy services. These services have been shutdown as of today, January 4th, impacting “devices running BlackBerry 7.1 OS and earlier software, BlackBerry 10 software, and BlackBerry PlayBook OS.” The move to shutter these services was first announced in September 2020, with Blackberry warning that even emergency services calls would be unreliable.

(XDA Developers)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.