Unplugging the Internet, Bombing Hackers, Cyber NTSB, & Best Practices – PSW #695
This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, and more!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Emerson Patches Several Vulnerabilities in X-STREAM Gas AnalyzersEmerson says it has released firmware updates to address six vulnerabilities rated as high or severe affecting its Rosemount X-STREAM gas analyzer. In the case of CVE-2021-27459, arbitrary code execution is possible, but it requires a high privilege level and the code only executes in a limited context.
- 2. Knopp Resigns as Wyoming CIO After Major Health Data LeakA Wyoming Health Department (WHD) employee appeared to have improperly handled the data by uploading it to public and private repositories on GitHub
- 3. Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID DocumentsAn unsecured AWS S3 bucket belonging to Primrose Hill, London-based recruitment firm FastTrack Reflex Recruitment (now TeamBMS) containing some 5GB of data that includes 21,000 files containing CVs and PII
- 4. New Zealand’s hospitals battle daily cyber attacks: Ministry of Health – NZ HeraldAccording to Waikato DHB chief executive Kevin Snee, it appears that attackers managed to breach the health provider's networks via a malicious email attachment.
- 5. Student health insurance carrier Guard.me suffers a data breachStudent health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' PII
- 6. Herff Jones Credit Card Breach: College Students Across the US AffectedAccording to reports, the credit card breach affects students attending Purdue, IU, Boston, Towson University, University of Houston, Lehigh, Misericordia, Cornell, Wake Forest, Florida State University, and Sonoma State university.
- 7. Irish health service hit by cyber attackIrelands' Health Service Executive (HSE) says it was forced to temporarily shut down its IT systems in an effort to protect those systems from further compromise after experiencing a "significant cyber attack" on May 13.
- 8. Expert released PoC exploit code for Windows CVE-2021-31166 bugA security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166.
- 9. Two flaws could allow bypassing AMD SEV protection systemAMD has issued guidance to customers for dealing with two new vulnerabilities (CVE-2020-12967 and CVE-2021-26311) affecting its Secure Encrypted Virtualization (SEV) protection technology that could be exploited by attackers to completely bypass SEV and execute arbitrary code on targeted systems.
- 10. Eufy security cameras suddenly start showing live feeds to strangersOwners of security cameras from smart device maker Eufy have reported on Reddit and Twitter that they were able to access video cameras belonging to complete strangers rather than their own video feeds.
- 11. Insurer AXA hit by ransomware after dropping support for ransom paymentsBranches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. Avaddon operators stated on their website that they had stolen 3TB of sensitive customer information from AXA branches in Thailand, the Philippines, Hong Kong and Malaysia, and encrypted these entities' systems with ransomware.
- 12. Ransomware’s Dangerous New Trick Is Double-Encrypting Your DataResearchers say they have identified ransomware operators encrypting victims' data twice (i.e., double-encrypting) at the same time during ransomware attacks in an effort to get the most money possible from targeted organizations.
- 13. Popular Russian hacking forum XSS bans all ransomware topicsAccording to a forum post from XSS forum owner "Admin" announcing the move, all "Ransomware affiliate programs," "Ransomware rental," and the "sale of lockers (ransomware software)" are prohibited, and any existing ransomware topics will be deleted.
- 14. Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector – CyberScoopPakistani government-linked APT group "Transparent Tribe" has spent the past 18 months using its hacking tool in cyber espionage campaigns leveraging catfishing that are designed to steal data from and take screenshots of compromised systems in India as well as to target Indian military personnel, defense contractors, and individuals attending Indian government-sponsored conferences and events.
- 15. Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attackRapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack.