IT Security Newsletter - 1/24/2024
US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker
A Russian national has been identified and sanctioned by Australia, the United Kingdom, and the United States for his role in the data breach of an Australian health insurance giant. Aleksandr Gennadievich Ermakov, born May 16, 1990, is a former member of the bygone REvil ransomware gang. Online, he goes by various monikers: GustaveDore, aiiis_ermak, blade_runner, and JimJones. According to authorities, he is responsible for quarterbacking an October 2022 breach of Medibank. READ MORE...
COVID-19 test lab accused of exposing 1.3 million patient records to open internet
A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility. Among the information revealed in the publicly accessible and seemingly insecurely configured database were 118,441 coronavirus test certificates, 506,663 appointment records, 660,173 testing samples and "a small number" of internal files. READ MORE...
Water services giant Veolia North America hit by ransomware attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. After detecting the attack, Veolia has implemented defensive measures, temporarily taking some systems offline to contain the breach. Veolia is now working with law enforcement and third-party forensics experts to assess the extent of the attack's impact on its operations and systems. READ MORE...
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team (@Synacktiv) took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem. They also used two unique two-bug chains to hack a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station, earning an additional $120,000. READ MORE...
CISA Director Jen Easterly Targeted in Swatting Incident
On Dec. 30, CISA Director Jen Easterly was the target of a swatting incident in her home, sources have revealed. A 911 call was placed before 9 p.m. with false claims that a shooting occurred in a house on Easterly's block, targeting the Easterly residence in particular. When officers showed up at the house, Easterly was home alone. Once the responding officers spoke with Easterly, they determined that no shooting had taken place and there were no injuries. READ MORE...
Break the fake: The race is on to stop AI voice cloning scams
Would you fall for a faked call from your CEO asking you to wire money? As our colleague Jake Moore found out, you might. As computers with spare compute cycles get fed more and more training data, deepfakes get better and better. Feed them a long CEO speech and they gain inflection, tone, and other nuanced speech patterns that that can eventually make them quite convincing. READ MORE...
Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
Three vulnerabilities in the Lamassu Douro bitcoin ATMs could allow an attacker with physical access to take over devices and steal user assets, cybersecurity firm IOActive reports. Due to the identified security defects, which are tracked as CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177, an attack could be executed using the same level of physical access that a regular customer would have. READ MORE...
Ambient light sensors can reveal your device activity. How big a threat is it?
An overwhelming majority of handheld devices these days have ambient light sensors built into them. A large percentage of TVs and monitors do, too, and that proportion is growing. The sensors allow devices to automatically adjust the screen brightness based on how light or dark the surroundings are. That, in turn, reduces eye strain and improves power consumption. READ MORE...
- ...in 1908, the first Boy Scout troop is organized in England by Robert Baden-Powell.
- ...in 1947, singer-songwriter Warren Zevon ("Werewolves of London", "Lawyers, Guns and Money") is born in Chicago, IL.
- ...in 1978, comedian and cartoon voice artist Kristen Schaal ("Bob's Burgers", "Gravity Falls") is born in Longmont, CO.
- ...in 1984, the Apple Macintosh personal computer is first sold in the United States.