CYBER SECURITY NEWS – WEEK OF DECEMBER 05, 2022
Several car brands exposed to hacking by flaw in Sirius XM connected vehicle service
- Cybersecurity researchers discovered that several car brands were exposed to remote hacker attacks due to a vulnerability in a connected vehicle service provided by Sirius XM.
- Sirius XM claims on its website that its connected services are used by more than 12 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota cars.
- Researcher Sam Curry on Wednesday described a recent car hacking project targeting Sirius XM, which he and his team learned about when looking for a telematic solution shared by multiple car brands.
- An analysis led to the discovery of a domain used when enrolling vehicles in the Sirius XM remote management functionality, Curry said in a Twitter thread.
Mitsubishi electric PLCs exposed to attacks by engineering software flaws
- Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.
- Nozomi researchers identified three security holes — tracked as CVE-2022-29831, CVE-2022-29832 and CVE-2022-29833 — that could allow an attacker to obtain information from GX Works3 project files to compromise connected safety CPU modules.
- The project files for these modules are encrypted and a user-configured username and password are required to open them.
- However, Nozomi discovered hardcoded password, cleartext storage, and insufficient credential protection issues that expose these credentials and other sensitive information.
French hospital cancels operations after cyberattack
- A hospital complex in Versailles, near Paris, had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said.
- The Hospital Centre of Versailles, which consists of Andre-Mignot Hospital, Richaud Hospital and the Despagne Retirement Home — was affected by the hacking attempt, said the complex’s management.
- The regional health agency (ARS) said the Andre-Mignot Hospital had cancelled operations, but was doing everything possible to keep walk-in services and consultations running.
- The cyberattack had led to a “total reorganisation of the hospital”, said Health Minister Francois Braun.
Albanian IT staff charged with negligence over cyberattack
- Albanian prosecutors asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers.
- Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.
- They are accused of “abuse of post,” which can attract a prison sentence of up to seven years.
Rackspace shuts down hosted exchange systems due to security incident
- Cloud company Rackspace is investigating a cybersecurity incident that forced it to shut down its Hosted Exchange environment.
- The company confirmed the problems early in the day and told customers that it had to shut down the Exchange environment due to what it described as “significant failure”.
- Rackspace has not said whether this is a ransomware or other type of cyberattack, and it’s also unclear if there was any data breach involving customer or other type of information.
Hackers dump Australian health data online, declare ‘Case Closed’
- The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:”Case closed.”
- In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet — or one dollar for each of the company’s impacted customers, which included Prime Minister Anthony Albanese.
- Medibank refused to pay at the urging of the federal government, which at the height of the crisis considered making it illegal for hacked companies to hand over ransoms.
- The first batches of stolen data started appearing on a dark web forum on November 9, in curated posts highlighting medical records about drug addiction, pregnancy terminations and sexually transmitted infections.