AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/15/2023

Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles 

American car maker Ford says that a vulnerability in the Wi-Fi driver of the SYNC 3 infotainment system on certain Ford and Lincoln vehicles does not pose a safety risk. Tracked as CVE-2023-29468, the bug impacts the Texas Instruments-supplied Wi-Fi driver used in the infotainment system of at least a dozen vehicles. The issue is described as a buffer overflow that could lead to remote code execution. An attacker within wireless range of an impacted device can trigger the flaw using a specially crafted frame. In its advisory, TI explains that the CVSS score of the vulnerability ranges from 8.8 to 9.6, depending on the confidentiality and integrity impact of affected systems. In response to TI’s disclosure of the bug, Ford announced that it has been working with the chip maker to develop and validate “measures to address the vulnerability”. 

 

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks 

Germany’s Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. “The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran,” the agency said in an advisory. The intrusions have been attributed to a threat actor called Charming Kitten, which is also tracked under the names APT35, Mint Sandstorm, TA453 and Yellow Garuda. While Iranian nation-state actors lag behind their Russian and Chinese counterparts in sophistication, they have demonstrated a continued advancement of tools and techniques, adding an arsenal of custom malware to facilitate information gathering and rapidly exploiting n-day security flaws to obtain initial access. 

 

US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator 

According to court documents, the domain had been used for roughly a decade to provide customers with secure web hosting services that facilitated cybercriminal activities, including the distribution of ransomware and information stealers, phishing, and distributed denial-of-service (DDoS) attacks. An indictment unsealed on Friday claims that the domain LolekHosted.net was registered in 2014 by Artur Karol Grabowski, 36, a Polish national who allegedly operated the web hosting service company until the domain’s seizure. Grabowski allegedly allowed LolekHosted clients to register accounts using false information, did not maintain IP address logs of client servers, changed those IP addresses, ignored abuse complaints from third parties and notified his clients of the legal inquiries he received. 

 

China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says 

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly warned that the Chinese government would consider destructive or disruptive attacks on American pipelines, railroads and other critical infrastructure if it believed the U.S. would get involved during a potential invasion of Taiwan. During the DEF CON security conference this weekend, Easterly spoke alongside Transportation Security Administration (TSA) administrator David Pekoske about efforts to both address the country’s cybersecurity gaps and convince the hacker community to lend a helping hand. 

 

This devious ransomware is spreading through fake Tripadvisor complaints 

Restaurant owners are being targeted by redesigned ransomware in a new campaign that impersonates TripAdvisor, experts have found. Cybersecurity researchers from Sophos found a new phishing campaign in which victims are getting emails claiming to come from TripAdvisor and holding complaints from customers. The emails will try to deliver an attachment named “TripAdvisorComplaint.zip” which, if downloaded, will either hold an executable file called “TripAdvisor Complaint – Possible Suspension.exe”, or an HTML file of a similar name. 

 

US Cyber Safety Board to Review Cloud Attacks 

The US government announced on Friday that the DHS’s Cyber Safety Review Board (CSRB) will conduct a review on malicious attacks targeting cloud environments. The initiative will focus on providing recommendations for government, industry, and cloud services providers to improve identity management and authentication in the cloud. Initially, the review will focus on the recent Microsoft cloud hack, but will then expand to “issues relating to cloud-based identity and authentication infrastructure affecting applicable CSPs and their customers”. 

 

FTC accuses Experian of spamming customers with no way out 

Credit protection giant Experian Consumer Services spammed consumers with marketing emails without offering them a chance to unsubscribe, according to the Federal Trade Commission. In a complaint filed by the Department of Justice on behalf of the FTC, prosecutors allege that the company violated the CAN-SPAM Act, a 2003 law that sets guidelines around commercial emails. Under the law, any commercial message must include a valid return email address that a recipient could contact to unsubscribe. At the bottom of emails referenced in the complaint, Experian claims its communications are not related to marketing materials but instead “contain important information about [a consumer’s] account,” which would exempt them from needing to offer a way to unsubscribe. 

Related Posts