Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could
Data Security
Privacy Tip #408 – Russian Cybercriminals Get 69% of Ransom Payments
Anecdotally, we know that cybercriminals hailing from Russia are a significant risk to U.S.-based and world companies and governmental entities. With two convicted Russian cybercriminals being released this week in the prisoner swap I was curious just how significant Russian cybercriminals play in cybercrime chaos.
According to Bleeping Computer, “Russian-speaking threat actors accounted…
CrowdStrike Customers Targeted by Threat Actors Using Fake Help Websites
If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage of the situation by using fake websites and domains, sending phishing emails impersonating CrowdStrike, and offering malicious products…
Scattered Spider Using RansomHub and Qilin Ransomware Against Victims
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that since the second quarter of 2024, Scattered Spider is now using RansomHub and Qilin ransomware against victims. Scattered Spider is suspected of attacking hundreds of organizations since its…
Tracfone Settles FCC Investigation for $16 Million
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.
The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming…
Advocate Aurora Health $12.2M Pixel Litigation Settlement Approved by Court
On July 10, 2024, the U.S. District Court for the Eastern District of Wisconsin granted plaintiffs’ Motion for Final Approval of a $12.2 million proposed settlement by Advocate Aurora Health to settle allegations against the 27-hospital system that it disclosed personal information of more than 2.5 million people to Meta and Google without consent.
The…
Privacy Tip #407 – Social Media Fake Check Scam
It is sometimes hard to identify a scam, especially when it involves payment with a check. We are all wary of promises to pay electronically and to provide our bank account numbers for direct access to our bank account (well, we all should be).
A new scam being reported to the FTC is targeting young…
Mercedes-Benz Source Code Potentially Compromised in GitHub Token Exposure
Mercedes-Benz reportedly suffered a security incident that exposed confidential source code on an Enterprise Git server. The incident occurred due to a compromised GitHub exposed by an employee. Although the incident occurred on September 29, 2023, it wasn’t discovered until January 11, 2024. A cybersecurity firm discovered the token during an internet scan and informed…
Red Cross Creates Rules for Civilian Hackers in Conflict Zones
The International Committee of the Red Cross (ICRC) has taken a new step to regulate the activities of civilian hackers in conflict zones. To address the rise in the involvement of civilian hackers in inter-state conflicts, the ICRC has come up with eight directives to ensure that these hackers don’t end up harming non-combatants.
According…
Growing Calls to Ban Chinese Owned TikTok App and Other Software Apps Considered to be National Security Threats
Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than…