FCC Slaps Telecom Firm With $1M Fine for Spreading Fake Biden Robocall
The Federal Communications Commission has fined Lingo Telecom $1 million for transmitting robocalls impersonating President Joe Biden earlier this year, where an AI replica of Biden’s voice was used to trick and persuade voters in the New Hampshire primary election not to go to the polls. Lingo Telecom mislabeled and distributed the robocalls, which were commissioned by a former political consultant who now faces a $6 million fine. The consultant, Steve Kramer, reportedly paid a New Orleans magician about $150 to use AI tech from Eleven Labs to make the fake Biden voice. Kramer has admitted he paid to get the fake voice made, but has not admitted any legal wrongdoing. He faces 26 criminal charges over his actions.
FAA Proposed New Cybersecurity Rules for Airplanes
The Federal Aviation Administration (FAA) has proposed new cybersecurity regulations for transport category airplanes, engines, and propellers. This initiative aims to address the growing threats posed by unauthorized electronic interactions, ensuring the safety and integrity of modern aircraft systems. The proposed rules, detailed in a recent Notice of Proposed Rulemaking, are open for public comment and represent a crucial step in harmonizing U.S. aviation standards with international regulations.
Halliburton probes ‘an issue’ disrupting business ops
American oil giant Halliburton is investigating an “issue,” reportedly a cyberattack, that has disrupted some business operations and global networks. While the energy giant declined to call it a cyberattack, a Halliburton spokesperson told The Register that it was working to address the problem. “We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact,” a Halliburton spokesperson said in an emailed statement. “We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue.”
SolarWinds left critical hardcoded credentials in its Web Help Desk product
SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data. The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the baked-in creds. The security blunder, tracked as CVE-2024-28987, received a 9.1-out-of-10 CVSS severity rating. It affects Web Help Desk 12.8.3 HF1 and all previous versions, and has been fixed in 12.8.3 HF2. The hotfix patch, issued yesterday, has to be manually installed.
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. “The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes,” Quarkslab researcher Philippe Teuwen said.