Cyber Security Headlines – January 7, 2022

Honda, Acura cars hit by Y2K22 bug that rolls back clocks

Starting on January 1st, the date on Acura and Honda navigation systems changed to January 1st, 2002, with the time resetting to 12:00, 2:00, 4:00, or other times based on the model or possibly the region the car is located. Honda and Acura car owners report that the Y2K22 bug affects almost all older cars, including Honda Pilot, Odyssey, CRV, and Ridgeline, and Acura MDX, RDX, CSX, and TL models, and that there is no way to change it. This might be the same bug that affected Microsoft Exchange on the same date, but Honda customer service has said their clock problem should resolve itself in August 2022, indicating it may be a different issue.

(Bleeping Computer)

New trick could let malware fake iPhone shutdown to spy on users

Researchers at ZecOps have disclosed via a proof of concept, a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. Dubbed “NoReboot” the technique makes it possible to simulate an iOS rebooting operation, deceiving the user into believing that the phone has been powered off when, in reality, it’s still running. “Despite that we disabled all physical feedback, the phone still remains fully functional and is capable of maintaining an active internet connection,” the researchers explained. “The malicious actor could remotely manipulate the phone in a blatant way without worrying about being caught because the user is tricked into thinking that the phone is off, either being turned off by the victim or by malicious actors using ‘low battery’ as an excuse.”

(The Hacker News)

Attackers exploit flaw in Google Docs’ comments feature

Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Attackers target users of Google Docs by adding a comment to a document that mentions the targeted user with an “@,” which automatically sends an email to that person’s inbox. That email, which comes from Google, includes text as well as the malicious links. The same method is being used to exploit Google Slides. The technique allows bad actors to impersonate legitimate entities to target victims, making it harder for anti-spam filters to judge, and even harder for the end-user to recognize that the message is malicious.”

(Threatpost)

IBM tries to sell Watson Health again

Big Blue wants out of health care, after spending billions to stake its claim, just as rival Oracle is moving big into the sector via its $28 billion bet for Cerner. IBM spent more than $4 billion to build Watson Health via a series of acquisitions. The business now includes health care data and analytics business Truven Health Analytics, population health company Phytel, and medical imaging business Merge Healthcare. In late 2021 IBM engaged BofA Securities to find a buyer for Watson Health, with insiders suggesting that the technology is too difficult to make profitable.

(Axios)

Thanks to our episode sponsor, deepwatch

Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.

Privacy-focused Brave browser records massive growth in 2021

The company reached 50 million monthly active users for the first time in 2021. Brave is based on Chromium and it comes with nearly all features available in popular browsers like Chrome or Microsoft Edge, but it does not track searches or share any personal or identifying data with third-party companies like Google or Microsoft. With the increasing reports of data breaches and online tracking, people have increasingly become concerned about how their data is being used online and this has contributed to the growth of Brave and the search tool DuckDuckGo.

(Bleeping Computer)

North Korean hackers greet Russian diplomats with malware

Security experts uncovered a North Korean-linked cyberespionage group targeting Russian embassy diplomats with weaponized email attachments. Dubbed Konni, the threat actor group reportedly sent New Year greeting emails embedded with malware to infect the victim’s device. The Konni malware campaign has been active since December 2021, according to researchers from Cluster25. The attackers allegedly distributed malicious ZIP files containing a Windows screensaver (.scr) file citing holiday greetings. Once the user opens the file, the Konni remote access trojan (RAT) malware automatically gets downloaded onto the device.

(CISOMag)

‘Elephant Beetle’ lurks for months in networks

Researchers at the Sygnia Incident Response team have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity. Elephant Beetle doesn’t use exploits, but instead used more than 80 unique tools and scripts to operate undetected “for vast amounts of time” as they plant bogus transactions, blending in with the target’s environment and going completely undetected while it quietly removes exorbitant amounts of money.

(Threatpost)

Morgan Stanley agrees to $60 million settlement in data breach lawsuit

Morgan Stanley has agreed to a settlement figure of $60 million to resolve a data breach lawsuit dealing with improper disposal of decommissioned assets. According to the motion, legacy equipment was decommissioned in 2016 and 2019 that contained the personally identifiable information (PII) of clients. However, the equipment was not wiped clean of this sensitive information prior to sale and the datasets may have then been exposed, in an unencrypted fashion, and available to view by the purchasing parties. Following notification, a class-action lawsuit was launched in 2020. Separately, a $60 million fine was issued by the OCC for data protection failures.

(ZDNet)