WEEK OF AUGUST 15, 2022
Cisco confirms data breach, hacked files leaked
- Ransomware gang gained access to the company’s VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
- The attacker compromised a Cisco employee’s personal Google account, which gave them access to the worker’s business credentials through the synchronized password store in Google Chrome.
- To bypass the MFA protecting access to Cisco’s corporate VPN, the attacker attempted voice phishing, or vishing, and repeatedly pushed MFA authentication requests to the employee’s phone. Eventually, the worker either inadvertently, or through alert fatigue, accepted the push request, giving the attacker access to Cisco’s network.
Starlink successfully hacked using $25 modchip
- Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system.
- Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal (UT)—or satellite dish people use to access the system – that allowed him to break into the dish and explore the Starlink network from there, he revealed in a presentation called “Glitched on Earth by Humans” at the annual ethical hacker conference this week.
- Wouters physically stripped down a satellite dish he purchased and created the custom board, or modchip, that can be attached to the Starlink dish, according to a report on Wired about his presentation.
- He developed the tool using low-cost, off-the-shelf parts and was able to use it to obtain root access by glitching the Starlink UT security operations center bootrom, according to a tweet previewing the presentation that he said was sent through a rooted Starlink UT.
Hacker offers to sell data of 48.5 million users of Shanghai’s COVID app
- A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.
- The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.
- Eleven of the 47 reached by Reuters confirmed that they were listed in the sample, though two said their identification numbers were wrong.
Google fined $60 million over Android location data collection
- The Australian Competition and Consumer Commission (ACCC) announced that Google was fined $60 million for misleading Australian Android users regarding the collection and use of their location data for almost two years, between January 2017 and December 2018.
- The Australian competition watchdog said the tech giant continued tracking some of its users’ Android phones even though they had disabled “Location History” in the device’s settings.
- While customers were misled into thinking that setting would disable location tracking, another account setting turned on by default and named “Web & App Activity” enabled the company “to collect, store and use personally identifiable location data.”
- ACCC says that based on available data, it is estimated that more than 1.3 million Google accounts belonging to Australians have been affected.
Over 9,000 VNC servers exposed online without a password
- Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.
- VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection.
- If these endpoints aren’t properly secured with a password, which is often the result of negligence, error, or a decision taken for convenience, they can serve as entry points for unauthorized users, including threat actors with malicious intentions.
- Depending on what systems lie behind the exposed VNCs, like, for example, water treatment facilities, the implications of abusing access could be devastating for entire communities.
Behavioral Health Group informs 198K patients of data theft from December
- The BHG notice confirms December 2021 reports that the opioid treatment provider first learned of the extortion effort during that time.
- BleepingComputer was the first to report that BHG and its 80 clinics suffered a week of IT outages that disrupted patient care after a cyberattack forced the team to shut down portions of the network to prevent the further spread.
- The attack caused delays for patient medications, as the computer tasked with printing prescriptions was offline. At the time, the specific type of attack was unknown.