AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/07/2023

US ‘lagging behind’ on Border Gateway Protocol security practices, CISA and FCC chiefs say 

The U.S. government is lagging behind other countries in instituting more stringent cybersecurity measures governing Border Gateway Protocol (BGP) – a set of technical rules responsible for routing data efficiently. BGP is one of the most important facets of the internet, serving as the underpinning for everyday actions like banking, telemedicine visits and more. This week, FCC Chairwoman Jessica Rosenworcel and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly convened a meeting of senior government officials, internet service providers (ISPs) and cloud content providers, and nonprofits to discuss needed BGP security improvements that are underway and planned. 

 

Google explains how Android malware slips onto Google Play Store 

The Google Cloud security team acknowledged a common tactic known as versioning used by malicious actors to slip malware on Android devices after evading the Google Play Store’s review process and security controls. The technique works either by introducing the malicious payloads through updates delivered to already installed applications or by loading the malicious code from servers under the threat actors’ control in what is known as dynamic code loading (DCL). 

 

A cyberattack has disrupted hospitals and health care in several states 

Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted. Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it. 

 

Spyware maker LetMeSpy shuts down after hacker deletes server data 

Poland-based spyware LetMeSpy is no longer operational and said it will shut down after a June data breach wiped out its servers, including its huge trove of data stolen from thousands of victims’ phones. In a notice on its website in both English and Polish, LetMeSpy confirmed the “permanent shutdown” of the spyware service and that it would cease operations by the end of August. The notice said LetMeSpy is blocking users from logging in or signing up with new accounts. A separate notice on LetMeSpy’s former login page, which no longer functions, confirmed earlier reports that the hacker who breached the spyware operation also deleted the data on its servers. 

 

Colorado Department of Higher Education warns of massive data breach 

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023. “On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems,” explains the data breach notification. 

 

New acoustic attack steals data from keystrokes with 95% accuracy 

A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%. When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium. Such an attack severely affects the target’s data security, as it could leak people’s passwords, discussions, messages, or other sensitive information to malicious third parties. 

 

Tesla infotainment jailbreak unlocks paid features, extracts secrets 

Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all recent Tesla car models and make it run any software they choose. Additionally, the hack allows the researchers to extract the unique hardware-bound RSA key that Tesla uses for car authentication in its service network, as well as voltage glitching to activate software-locked features such as seat heating and ‘Acceleration Boost’ that Tesla car owners normally have to pay for. The German researchers shared the full details of their hack with BleepingComputer, which will be published in an upcoming BlackHat 2023 presentation scheduled for August 9, 2023, titled ‘Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.’ 

 

Google Gmail continuously nagging to enable Enhanced Safe Browsing 

Google is urging users to activate its Enhanced Safe Browsing feature via numerous alerts in Gmail that keep coming back, even after you acknowledge them. Enhanced Safe Browsing was released in 2007 as an upgrade to Google’s standard Safe Browsing feature that warns users when they visit known phishing and malware sites. The difference between the two security features is that Safe Browsing will compare a visited site to a locally stored list of domains, compared to Enhanced Safe Browser, which will check if a site is malicious in real-time against Google’s cloud services. 

 

Related Posts