Cybersecurity news provided by NetworkTigers on Monday, 28 March 2022.
SAN MATEO, CA — Google warns Chrome users of zero-day hack, NYC students have personal data compromised in hack, Honda and Acura cars able to be started remotely by hackers, Lapsus$ Group reportedly led by England teenager, 649 critical US organizations hit with ransomware last year, President Biden warns of impending Russian cyberattacks, Lapsus$ makes good on Microsoft hack threat, Okta confirms data breach, more than 1 million may have had data compromised in dental care breach, Okta looking into claims of Lapsus$ hack, Israel under attack from hackers during Zelenksy speech, Florida agriculture commissioner has Twitter account hijacked.
Google warns Chrome users of zero-day hack
Chrome users will want to exercise caution, as a zero-day exploit in Google’s browser is being leveraged by criminals. Over the next few days and weeks, Google will be providing an emergency update to Chrome that will fix the exploit. Until the patch is installed and the browser restarted, every Chrome user is vulnerable. Read more.
NYC students have personal data compromised in hack
Illuminate Education, a company used by New York City’s Department of Education for tracking grades and attendance, suffered a hack in January that compromised information belonging to around 820,000 students. The taxpayer-funded software platform is being accused of failing to properly encrypt and safeguard its data against intrusion and is under investigation. Read more.
Honda and Acura cars able to be started remotely by hackers
A vulnerability in Honda and Acura vehicles has been discovered by researchers that could allow a hacker to unlock and even start a vehicle remotely from a short distance away. The exploit works by intercepting the RF signal that a remote key fob sends to the vehicle. The RF signal can then be re-sent at a later time, allowing someone to unlock the car when they wish. Newer vehicle models may have this exploit fixed, although plans to update older cars are not being made at this time. Read more.
Lapsus$ Group reportedly led by England teenager
Lapsus$, the hacker group that in recent weeks has compromised targets such as Okta, Microsoft, Samsung, Nvidia and more, is believed to be masterminded by a teenager living outside of Oxford, England. Another teenager based in Brazil is also thought to be involved with the group as authorities seemingly close in on a gang that has experienced a brazen and meteoric rise to prominence in the hacker community. One member of the group is apparently such an adept hacker that researchers initially presume that their work was automated. Read more.
649 critical US organizations hit with ransomware last year
The FBI has stated that 649 organizations from critical US infrastructure sectors were breached via ransomware in 2021. The actual number, however, is thought to be higher since the FBI only began tracking the attacks last June. The top three gangs responsible for the breaches were CONTI, LockBit and REvil. Read more.
President Biden warns of impending Russian cyberattacks
In a direct alert to US organizations and businesses, President Biden expressed alarm that Russian cyberattacks appear to be imminent. Biden has reminded administrators to boost their defenses and remain on high alert. The President said that “evolving intelligence” has revealed that Putin is considering cyber options as his invasion of Ukraine continues to flounder. Read more.
Lapsus$ makes good on Microsoft hack threat
Publicly listed as a target by the Lapsus$ extortion gang, Microsoft has reported that the hackers had made good on their threat by accessing and stealing company source code via an employee’s compromised laptop. According to a statement from Microsoft, they do not “rely on the secrecy of code as a security measure” and viewing said code does not elevate the company’s risk. Read more.
Okta confirms data breach
Okta has confirmed that it suffered a data breach in which one of the company’s laptops had been compromised for a duration of five days in January of this year. Okta’s admission put thousands of organizations on alert, as extortion group Lapsus$ claims credit for the breach and also says to have actually had access to the company’s network over the course of two months. Read more.
More than 1 million may have had data compromised in dental care breach
Dallas-based JDC Healthcare Management LLC suffered a malware attack last summer that may have exposed the data of more than 1 million Texans. The organization, which has 72 dental offices in the state, said that no evidence of misuse of any exposed data has been reported. The organization is reviewing their cybersecurity policies and procedures in order to prevent a future breach. Read more.
Okta looking into claims of Lapsus$ hack
Authentication services provider Okta is currently investigating claims from the Lapsus$ extortion gang that they have hacked the company. Lapsus$ claims to have accessed Okta’s customer data, sharing a screenshot that implies that the breach actually took place in January. According to Okta, the intrusion was contained. Read more.
Israel under attack from hackers during Zelenksy speech
As Ukraine’s President Zelensky addressed the Israeli government in a plea for aid against Russian invasion, the country came under fire from hackers attempting to disrupt the stream. Communications infrastructure was targeted but ultimately all attacks were thwarted by authorities. The source of the attacks are not yet published, although Israel is often on the receiving end of cyber disruption from Iran. Read more.
Florida agriculture commissioner has Twitter account hijacked
Nikki Fried, Florida’s agriculture commissioner who is also running for governor, has lost her Twitter account to hackers who have completely transformed the page into an advertisement for NFTs. The account was taken over after a phishing attack and Fried’s team is currently working with Twitter to restore access. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.