Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Uber suffers serious cyberattack
Uber has confirmed it suffered a cyberattack. Screenshots of the attack seen by Bleeping Computer show full access to Uber IT systems like its AWS console, VMware virtual machines, Slack server, and HackerOne bug bounty program. The New York Times reportedly spoke with the attacker, who claims to be 18 years old and gained access through social engineering.
The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber’s slack indicate that these announcements were first met with memes and jokes as employees had not realized an actual cyberattack was taking place.
Ransomware gangs switching to new intermittent encryption tactic
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor. For example, by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good. Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail. SentinelLabs has posted a report examining an intermittent encryption trend started by LockFile in mid-2021 that has now been adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick.
Draft EU AI Act regulations could have a chilling effect on open-source software
New rules drafted by the European Union aimed at regulating AI could prevent developers from releasing open-source models, according to American think tank Brookings. The proposed EU AI Act, yet to be signed into law, states that open source developers have to ensure their AI software is accurate, secure, and be transparent about risk and data use in clear technical documentation. Brookings argues that if a private company were to deploy the public model or use it in a product, and it somehow gets in trouble, the company would then probably try to blame the open source developers and sue them. This might force the open source community to think twice about releasing their code, and would, leave the development of AI to be driven by private companies.
Commerce Department readies new chip sanctions
Earlier this month it was reported that the US Commerce Department sent letters to Nvidia and AMD, asking them to stop shipments of enterprise-grade AI chips to China. Now Reuters’ sources say the US Commerce Department intends to publish new rules that would codify restrictions on shipments of these enterprise AI chips and sub-14 nanometer chipmaking tools to China without a license. The initial letters restricted individual companies from shipping these chips. The rules would apply to all US companies.
Thanks to today’s episode sponsor, Edgescan
Extreme California heat knocks key Twitter data center offline
Extreme heat in California has left Twitter without one of its key data centers, and a company executive warned in an internal memo obtained by CNN that another outage elsewhere could result in the service going dark for some of its users. A memo sent from Carrie Fernandez, the company’s vice president of engineering, to Twitter engineers on Friday stated that as a result of the outage in Sacramento, Twitter is in a “non-redundant state.” She explained that Twitter’s data centers in Atlanta and Portland are still operational but warned, “If we lose one of those remaining datacenters, we may not be able to serve traffic to all Twitter’s users.”
New phishing scheme uses ‘herd mentality’ approach to dupe victims
Hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. The cybersecurity firm Proofpoint has identified the group deploying these so-called “multi-persona impersonation” emails as TA453. The company previously linked TA453 to Iran and says their activities overlap with other groups called Charming Kitten, Phosphorous and APT42. The tactic is designed to create a stronger impression that the activity is real, the researchers said, by employing a psychological phenomenon known as “social proof.” Sometimes referred to as “herd mentality,” the idea is that people are more likely to engage if they see others doing it, too.
Teams stores tokens in cleartext
A security researcher at the firm Vectra released a report detailing how the Microsoft app stores authentication tokens in cleartext. This impacts versions of the app on Windows, macOS and Linux. The researcher found the tokens in an ldb file. Further investigation found them in the Cookies folder, along with account information, session data, and marketing tags. The researcher advised Microsoft of the findings in August. Microsoft disagreed to the severity of the finding, so don’t expect a patch. The report recommends users switch from the Electron desktop app to the browser-based version in Edge, which offers additional protections against tokens leaking.