WEEK OF MAY 02, 2022
Indian Govt orders organizations to report security breaches within 6 hours to CERT-In
- “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents,” the government said in a release.
- The types of incidents that come under the ambit include, inter alia, compromise of critical systems, targeting scanning, unauthorized access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances like routers and IoT devices.
- The government said it was taking these steps to ensure that requisite indicators of compromise (IoC) associated with the security events are readily available at hand to “carry out the analysis, investigation and coordination as per the process of law.”
Connecticut inches closer to becoming fifth state with data privacy law
- The Connecticut bill – which would take effect July 1, 2023 – resembles the privacy laws passed in Colorado, Virginia and Utah in that it allows residents to opt out of sales, targeted advertising, and profiling.
- By 2025, the law will require companies to acknowledge opt-out preference signals for targeted advertising and sales.
- Websites and companies now have to get consent to process sensitive data and need to offer Connecticut residents ways to revoke that consent. Organizations will have no more than 15 days to stop processing data as soon as consent is revoked, according to the law.
Coca-Cola investigates hackers’ claims of breach and data theft
- Coca-Cola, the world’s largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.
- The American beverage giant has started to investigate after the Stormous gang said that it successfully breached some of the company’s servers and stole 161GB of data.
- The threat actors listed a cache of the data for sale on their leak site, asking 1.65 Bitcoin, currently converted to around $64,000.
- Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other type of sensitive information.
U.S. lawmakers say they have ‘serious concerns’ about face-scan contractor
- Lawmakers in the U.S. House of Representatives have opened an investigation into the identity verification contractor ID.me, saying that they have “serious concerns” about the efficacy, privacy and security of technology it provides to 10 federal agencies.
- The letter sent to ID.me chief executive Blake Hall, reflects unease over the use of facial recognition software to secure important transactions, including those with the Internal Revenue Service, amid concerns about privacy violations and inaccuracy.
- For its part, ID.me touted its efforts in helping U.S. agencies fight government benefits fraud by foreign criminal gangs.
Millions of Lenovo laptops contain firmware-level vulnerabilities
- Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.
- Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) involve Unified Extensible Firmware Interface (UEFI) drivers that were meant for use only during the manufacturing process but inadvertently ended up being part of the BIOS image that shipped with the computers. The third (CVE-2021-3970) is a memory corruption bug in a function for detecting and logging system errors.
- ESET discovered the vulnerabilities and reported them to Lenovo in October 2021. The hardware maker this week released BIOS updates addressing the flaws in all impacted models. However, users will have to install the updates manually unless they have Lenovo’s automated tools to assist with the update.
Iranian hacking group among those exploiting recently disclosed VMware RCE flaw
- Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
- An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMware Workspace ONE Access/Identity Manager technology to deliver the Core Impact penetration testing tool on vulnerable systems.
- VMware identified the RCE vulnerability as a server-side template injection issue that could be used for remote code execution. The software vendor assigned it a severity ranking of 9.8 on a scale of 10 because the flaw, among other things, allows attackers to gain the highest privileged access in compromised environments.