Broward Health discloses major data breach
The Florida-based healthcare system disclosed the breach impacted over 1.3 million individuals, dating back to a cyberattack on October 15, 2021. Broward Health discovered the breach on October 19th and immediately notified the FBI and US DOJ. The intrusion point was determined to be a third-party medical provider. Information exfiltrated includes names, addresses, dates of birth, social security numbers, bank information, medical information, and driver’s license number. Broward said there is no evidence of misuse of the data from its analysis. The organization announced it implemented additional minimum-security requirements for third-party devices and is offering typical two-year identity theft protection services to those impacted.
Beware of the command line copy-paste backdoor
HomeKit bug can crash iOS devices
Security researcher Trevor Spiniolas documented a vulnerability in Apple’s HomeKit API, which could let an attacker create a HomeKit device with an extremely long name, resulting in a connecting iOS device becoming unresponsive upon reading it. The device name is about 500,000 characters, so not something that would likely happen simply by mistake. Once the device goes unresponsive, it enters into a cycle of freezing and rebooting, only resolved with a full wipe and restore. Since HomeKit device names are backed up to iCloud, signing into an iCloud account upon restoring a device would trigger the cycle again. The researcher recommends rejecting any invitations from an unfamiliar home network.
AT&T and Verizon respond to requests to delay 5G at airports
In a further development to the coverage of 5G rollouts at airports, AT&T and Verizon announced they would not comply with a request from the FAA and Department of transportation to postpone deploying new 5G service in those areas. The carriers did say they might be willing to pause deployments near certain airports for six-months “on the condition that the FAA and the aviation industry are committed to doing the same without escalating their grievances, unfounded as they are, in other venues.” As a reminder, airlines argue that 5G signals use frequencies that are close to altitude-sensing radar altimeters and could interfere with landing operation, while the carriers say power levels and the gap in frequencies are adequate to prevent interference.
Thanks to our episode sponsor, deepwatch
Microsoft fixes Exchange’s New Year malaise
Yesterday we covered reports that a bug in Exchange’s FIP-FS engine started blocking email delivery on January 1st. Microsoft issued an emergency patch to resolve the issue, although this is considered a temporary fix. Admins can apply a PowerShell script named ‘Reset-ScanEngineVersion.ps1’ which will stop and replace Exchange’s antivirus scanning version causing the issue. Microsoft is working on an update which will automatically resolve the issue. Microsoft warned that emails will begin sending once this script is applied, however depending on the number of emails in the transport queue, it could take some time to clear the backlog.
US charges Kremlin insider tied to 2016 DNC hack
US officials unsealed charges against a Russian IT executive Vladislav Klyushin, who’d recently been extradited from Switzerland on December 18th. He’s accused of insider trading. Bloomberg’s sources say Klyushin has close ties to the Kremlin, and could provide Americans with an insider view of 2016 election manipulation. He’s believed to have access to documents related to the Russian attack against Democratic Party servers in 2016, as well as other Russian GRU military intelligence operations.
CrowdStrike using CPU telemetry to detect software exploits
The anti-malware stalwart announced that it is using Intel Processor Trace data from CPUs as part of its new Hardware Enhanced Exploit Detection feature. This feature is available on Intel CPUs sixth generation and newer, and records code execution on the processor. Traditionally this has been used for performance diagnostics. The company claims this feature lets it reconstruct the exact control flow on a CPU to detect more advanced software exploits like shellcode injection and code reuse attacks that bypass traditional OS-based defenses.
Legacy Blackberry devices shuffle off this mortal coil
Devices branded as Blackberry have been running Android for a number of years now, dating back to the 2015 Blackberry Priv. Older Blackberry devices have remained functional thanks to maintenance of legacy services. These services have been shutdown as of today, January 4th, impacting “devices running BlackBerry 7.1 OS and earlier software, BlackBerry 10 software, and BlackBerry PlayBook OS.” The move to shutter these services was first announced in September 2020, with Blackberry warning that even emergency services calls would be unreliable.