AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/10/2023

Top SaaS Cybersecurity Threats in 2023: Are You Ready? 

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. Web applications are at the core of what SaaS companies do and how they operate, and they can store some of your most sensitive information such as valuable customer data. 

 

Researchers Could Track the GPS Location of All of California’s New Digital License Plates 

A team of security researchers managed to gain “super administrative access” into Reviver, the company behind California’s new digital license plates which launched last year. That access allowed them to track the physical GPS location of all Reviver customers and change a section of text at the bottom of the license plate designed for personalized messages to whatever they wished, according to a blog post from the researchers. 

 

Supreme Court allows WhatsApp lawsuit over ‘Pegasus’ spyware to move forward 

The Supreme Court on Monday allowed Meta to pursue a lawsuit alleging that an Israeli company unlawfully accessed WhatsApp servers when installing spyware on users’ devices. The justices turned away NSO Group Technologies’ appeal arguing it was immune from the lawsuit Meta, which owns the WhatsApp messaging platform as well as social media sites Facebook and Instagram, because it was acting on behalf of unidentified foreign governments. The case will now move forward in the U.S. District Court for the Northern District of California. 

 

Chinese researchers’ claimed quantum encryption crack looks unlikely 

Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. The occasion was the publication of an academic paper by no less than two dozen authors affiliated with seven different research institutions in China. The paper, titled “Factoring integers with sublinear resources on a superconducting quantum processor,” suggests that the application of Claus Peter Schnorr’s recent factoring algorithm, in conjunction with a quantum approximate optimization algorithm (QAOA), can break asymmetric RSA-2048 encryption using a non-fault tolerant (NISQ, or noisy intermediate scale quantum) quantum computer with only 372 physical quantum bits or qubits. 

 

Identity Thieves Bypassed Experian Security to View Credit Reports 

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number. 

 

Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans 

The Serbian government announced on Saturday that the website and IT infrastructure of its Ministry of Internal Affairs had been hit by several “massive” distributed denial-of-service (DDoS) attacks. “So far five large attacks aimed at disabling the IT infrastructure of the Ministry of Interior have been repelled,” said Belgrade, adding that government employees and staff from state-owned Telekom Srbija (Telecom Serbia) were able to counter the attacks. “Enhanced security protocols have been activated, which can lead to slower work and occasional interruptions of certain services, all in order to protect the data of the Ministry of Internal Affairs,” the Serbian government added. 

 

JsonWebToken Security Bug Opens Servers to RCE 

A high-severity vulnerability (CVE-2022-23529) has been discovered in the popular JsonWebToken (JWT) open source encryption project, which could be used by attackers to achieve remote code execution (RCE) on a target encryption server. The JWT open standard defines a method of transferring information securely by encoding and signing JSON data. According to researchers at Palo Alto Networks’ Unit 42, an exploit for the vulnerability results in the server verifying a maliciously crafted JSON web token request. 

 

Apple accused of ‘systematic violations’ of user privacy in new class action lawsuit 

Apple is facing another class action lawsuit over its practice of allegedly collecting and sending analytics data from iPhone users, regardless of whether or not the user gave consent. This lawsuit was filed last week in the Pennsylvania Eastern District Court, and it follows a separate class action suit filed in November. The lawsuit focuses on findings from security researcher and developer Tommy Mysk, who published findings in November, claiming that Apple apps are collecting and sending data regardless of whether or not the user consents to Apple collecting analytics data during the setup process of a new iPhone. 

 

Hive claims stealing Consulate Health data; provider reports vendor incident 

The Hive ransomware threat group claims to have stolen 550 GB of data from Consulate Health Care. The actors’ dark web posting appeared around the same time a notice was posted on the Consulate website that warned patients of potential access to their data. Consulate Health owns 140 nursing homes across the country and also provides other senior care services. A STAT report from August shows the company has been dealing with financial issues in recent years, including filing for bankruptcy at six of its care sites. The size of the organization may have widespread data impacts, but the number of patients has not yet been listed on the Department of Health and Human Services breach reporting tool. Consulate Health has also not confirmed whether the vendor incident is tied to the Hive posting. 

 

Colonoscopy Prep Retail Website Breach Festered for Years 

As if colonoscopies weren’t invasive enough, nearly a quarter-million patients who underwent an intestinal probe since 2019 now must grapple with a data breach tied to a hacking incident at a third-party vendor to gastroenterologists. Kansas-based Captify Health is notifying approximately 244,300 patients that their payment card and other personal information may have been compromised in a data security incident that started as far as back as 2019 involving its colonoscopy prep kit online retail business. 

Related Posts