Cyber Security Headlines Week in Review: Dutch Police Trick DeadBolt, GenZ meh on Cybersecurity, Submarine cable severed

This week’s Cyber Security Headlines – Week in Review, October 17-21, is hosted by Rich Stroffolino with our guest, Lee Parrish, CISO, Newell Brands

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

Taiwan touts $900 million in new business from Silicon Valley meetings

Taiwan’s economy minister Wang Mei-hua met with top executives from NVIDIA, Cisco, Applied Materials, and Synopsys, adding that she “got great interest” from them. The visits are expected to bring back U.S. research and development investment and orders in Taiwan worth more than $900 million, although the island’s position as a producer has prompted worries in the United States that it is too reliant on Taiwan, especially as China ramps up military drills to assert its sovereignty claims.

(Reuters)

Dutch Police trick DeadBolt ransomware out of decryption keys

The Dutch National Police, in collaboration with cybersecurity firm Responders.NU, tricked the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments. This was achieved by making the payments in bitcoin but canceling the transactions before they were included in a block. This meant, the decryption key is sent immediately without waiting for a blockchain confirmation that the bitcoin transaction was legitimate. Responders.NU security expert Rickey Gevers told BleepingComputer “the attacker found out within several minutes, but we were able to grab 155 keys.” That meant that 90% of the victims who reported the deadbolt attack to the police got the decryption key for free.”

(The Hacker News)

Verizon notifies customers their accounts were breached

This week, Verizon warned an undisclosed number of customers  that, between October 6 and October 10, 2022, a hacker gained access to their accounts and may have processed unauthorized SIM card changes. Verizon indicated that the threat actor may have also accessed customer names, telephone numbers, billing addresses, price plans, and other service-related information. The company says they’ve reset account PINs and reversed any unauthorized account changes. At least one customer reported that they believe their crypto account was accessed using details exposed during the Verizon breach. 

(Bleeping Computer)

European police arrest suspected car hackers

European police have arrested 31 suspects for their alleged participation in a sophisticated plot to steal connected vehicles. Car thieves targeted two unnamed French car manufacturers, using a tool marketed as an ‘automotive diagnostic solution’ to replace legitimate software loaded onto vehicles. This software enabled them to open the doors and start the ignition without needing to use the key fob. Evidence suggests that the hacking tool in question was being sold to third parties online. Authorities seized more than €1m in criminal assets and arrested not only some of the suspected car thieves but also the suspected malware developers and resellers.
(Infosecurity Magazine)

Thanks to this week’s episode sponsor, SafeBase

Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That’s where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It’s the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com

Gen Z and millennials less serious about cybersecurity on work-issued devices

A new report from Ernst & Young has revealed that while most US employees understand their employers cybersecurity protocols, Gen Z and millennial workers are least likely to prioritize or adhere to them.  Roughly half of Gen Z (48%) and about one-third of millennial employees (39%) admit to taking cybersecurity protection on their personal devices more seriously than on their work devices, potentially putting companies at risk. Gen Z and millennial workers are also more likely than older generations to use the same password for both a professional and personal accounts and to accept web browser cookies on their work-issued devices.

(EY)

Venus ransomware targets Remote Desktop

This ransomware family only recently appeared on the scene, with operations first noticed in mid-August 2022. According to the security analyst going by linuxct and reports from victims, Venus gains access to corporate networks through Windows Remote Desktop protocol. Once on a network, Venus will attempt to terminate processes associated with database servers and Office, delete event logs, and disable Data Execution Prevention. This will add a .venus extension to encrypted files, and upload a ransom note to the Temp folder. The group appears active, with new submissions uploaded to ID Ransomware daily. Victims noted Venus targeted RDP even running on non-standard TCP ports. 

(Bleeping Computer)

Internet connectivity worldwide impacted by severed EU subsea cables

A major internet subsea fiber cable in the South of France was severed yesterday at 20:30 UTC, causing connectivity problems in Europe, Asia, and the United States, including data packet losses and increased website response latency. Repair crews moved quickly on the scene but had to wait for the police to collect evidence before they were allowed to work on restoring the damage. At the same time, another subsea cable linking the Shetland Islands to the Scottish mainland has been damaged, too, leaving netizens on the island isolated from the rest of the world. This latter case has been confirmed to have been caused by a fishing trawler.

(Bleeping Computer)

Microsoft BlueBleed customer data leak claimed to be ‘one of the largest’ in years

Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem. In a report released this week, threat intelligence firm SOCRadar revealed that the misconfigured server exposed sensitive data including proof-of-execution and statement-of-work documents, user information, product offers and orders, project details, personally identifiable information (PII), and possibly intellectual property. SOCRadar said that its Cloud Security Module monitors “public buckets” to detect exposed customer data and that six large public buckets contained information from more than 150,000 companies in 123 countries. The company is collectively referring to the leaks as “BlueBleed”.

(The Register)

Health system data breach due to Meta Pixel hits 3 million patients

Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3,000,000 patients. The incident was caused by the improper use of Meta Pixel on AAH’s websites, where patients log in and enter sensitive personal and medical information. Meta Pixel is a JavaScript tracker that helps website operators understand how visitors interact with the site, helping them make targeted improvements, however, the tracker also sends sensitive data to Meta (Facebook) and is then shared with a massive network of marketers who target patients with advertisements that match their conditions. This privacy breach has taken the U.S. by storm, as Meta Pixel is used by many hospitals in the country, exposing millions of people to third parties and sparking class action lawsuits against the responsible organizations.

(Bleeping Computer)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.