Regulator limits phone use, Hacked police emails, UK seniors scammed
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
U.S. financial regulator limits cell phone use at work?
A U.S. regulator, the Consumer Financial Protection Bureau (CFPB), has issued a directive to employees to reduce the use of their phones at work due to the growing threat of China-linked APT group Salt Typhoon. The threat actor is alleged to have recently breached several major telecom providers. Instead, CFPB is asking its workforce to use Microsoft Teams and Cisco WebEx for meetings and conversations involving nonpublic data. The CFPB clarified that the directive is a risk mitigation measure and that there is no evidence that the agency has been impacted by the telecom incidents. The CFPB was created in 2011 to protect consumers in the financial sector, ensuring fair, transparent, and competitive financial markets.?
FBI warns of spike in hacked police emails and fake subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to bolster email safeguards, citing a recent rash of hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. Authorities make these requests, known as? emergency data requests (EDRs), to obtain an array of user account information such as email addresses and what sites users have visited. EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. The FBI says it has seen an uptick of government and law enforcement credentials as well as EDR request process info emerging on cybercrime forums. One cybercriminal who uses the nicknames “Pwnstar” and “Pwnipotent” is selling fake EDR scam packages for between $1,000 to $3,000 per successful request. The hacker is offering a full refund if the EDR requests are unsuccessful. A start-up called Kodex is trying to tackle the fake EDR problem by working with data providers to pool information about EDR submitters to make it easier to spot an unauthorized EDR. Kodex founder and former FBI agent, Matt Donahue, said far too many police departments in the U.S. and other countries often do not enforce basic account security precautions such as requiring phishing-resistant multi-factor authentication.
Cyber scoundrels target UK senior citizens with Winter Fuel Payment texts
As the winter season kicks in, scammers are targeting senior British residents with bogus “winter heating allowance” and “cost of living support” scam texts. The scheme attempts to capitalize on the UK government’s recent controversial stance on cutting winter fuel payments from approximately 10 million pensioners across Britain. The dubious texts prompt victims to visit illicit domains that collect personal and payment information. Researchers have identified 597 domains related to this campaign so far. UK citizens should refrain from clicking such links and forward suspected scam texts to 7726 (which spells ‘SPAM’ on an alphanumeric keypad). Phishing emails can be forwarded to [email protected] .?
New iPhone reboot feature may make it harder for police to unlock them
On Thursday, reports surfaced that law enforcement officials were warning one another that iPhones being stored for forensic examination seemed to be rebooting themselves. These reports were subsequently corroborated by security experts. The reboots appear to take place on iPhones running iOS 18.1 after their fourth day in a locked state. After the reboot, it’s harder for phones to be unlocked using password-cracking tools. Some security experts are hailing the new feature as a huge security improvement while authorities may find it to be a hindrance to their investigations.
(TechCrunch )
Huge thanks to our sponsor, ThreatLocker
Malicious PyPI package steals AWS keys
According to application security firm Socket, a malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021 and steals Amazon Web Services credentials from unsuspecting developers. The package has been downloaded more than 37,000 times and executes platform-specific scripts on both Windows and Linux. The large number of downloads is likely due to the package using typosquatting to mimic the legitimate SSH remote server management package “fabric” which has more than 200 million downloads. Typosquatting risks can be mitigated through performing both manual and automated checks of PyPI downloads and by limiting permissions to download resources through AWS Identity and Access Management (IAM).
Recent Windows 11 updates break SSH connections
Microsoft has confirmed that last month’s Windows security updates are breaking SSH connections on some Windows 11 22H2 and 23H2 systems. The services are failing with no detailed logging and require manual intervention to run the sshd.exe process.?
Microsoft said just a “limited number” of devices are impacted but they are still investigating whether Windows 11 Home or Pro editions are affected. Until a fix is available, Microsoft has provided customers a temporary fix that updates access control list (ACL) permissions on affected directories.?
Google says Chrome “Enhanced protection” feature now uses AI
Google has quietly updated the description for its Enhanced protection mode in Chrome’s Safe Browsing feature to include AI-powered protection. Previously referred to as proactive protection, the AI-powered protection could allow Google to detect and warn users about potentially harmful sites, even those that Google hasn’t previously identified. With Enhanced protection turned on, Chrome performs deeper scans on downloads and improves protection across Google services when users are signed in. Google is currently testing the AI feature in Chrome Canary with no known timeline for roll-out to all Chrome users.
Mazda Connect flaws allow some Mazda vehicles to be hacked
Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges. This occurs due to improper input sanitization in the Mazda Connect CMU. The researchers clarified the threat actor would need to be physically present to connect a “specially crafted USB device (such as an iPod or mass storage device) to the target system.” The vulnerabilities impact systems installed in multiple car models, including the Mazda 3 model year 2014-2021. These issues currently remain unpatched and there are no publicly known vulnerabilities in the latest firmware version.