Welcome back to our blog. Here’s our weekly roundup of cybersecurity news.
We begin in Colombia, where a government website hack led to the exposure of secret agents working for the Australian Federal Police (AFP). The Guacamaya hackivist group has claimed responsibility for the incident. Guacamaya stole more than five terabytes of classified data, including emails, documents and even the methods used by AFP agents to restrict drug cartels operating in Australia. The AFP is not the only law enforcement agency working with the Colombian government, so police agencies in other countries are likely to be affected as well.
The White House is about to unveil a labeling scheme to assess the cyber resilience of Internet of Things (IoT) devices. The new system will be modeled after Energy Star ratings, which assess the energy efficiency of computers, air conditioners and other appliances. Labeling efforts begin with the security of routers and home cameras, as the devices are some of the most common and heavily used by consumers.
Russian-speaking hacktivists from a group calling itself KillNet temporarily shut down the public-facing websites of at least several major US airports on Monday. The websites of 14 airports were affected, including Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX).
The healthcare system in the UK has had a difficult year. First a crippling attack on the NHS, and now hospitals across the UK are recovering from an outage of their Oracle Cerner electronic health record system. The outage rendered physicians unable to access patient information. Earlier in the week, staff at the Royal Free London NHS Foundation Trust were told not to use the electronic health record system due to a technical issue affecting Cerner. According to an internal statement, three hospitals, including the Royal Free Hospital, returned to “downtime”, including the use of paper. Fortunately, the problem was fixed on Wednesday.
Japanese auto giant Toyota has warned that the personal details of nearly 300,000 customers may have been leaked. The company added that while there is no evidence that the data was retrieved by a third party after analyzing the data server’s access history, it “could not be completely ruled out”. The leak was caused when part of the T-Connect website’s source code was mistakenly uploaded to GitHub by a website development company and remained on the website for almost five years from December 2017 to September 15, 2022.
Also this week there is a new Phishing-as-a-Service (PhaaS) platform called “Caffeine”. Caffeine supposedly makes it easy for attackers to launch attacks. Mandiant analysts spotted and tested the service and say the low barrier to entry is worrying. The cybersecurity firm first discovered Caffeine after investigating a large-scale phishing campaign running through the service, targeting one of Mandiant’s customers to steal Microsoft 365 account credentials.
The story that finally caught my eye was the news that a hacker can now do it Guess your password by the heat you leave on your keyboard. Sounds impossible right? But in a paper soon to be published by ACM Transactions on Privacy and Security, a professor at the University of Glasgow’s School of Computing Science has devised a system that uses a thermal imaging camera to guess and identify the keys that last touched by a person – The lighter the area appears in the thermal image, the younger it was touched. The system was then used to guess passwords and PINs on computer keyboards, smartphone screens and ATM keypads.
This is a wrap. Thank you for visiting our blog.
Global top security news
computer beeps (14 October 2022) Australian police secret agents exposed in Colombia data breach
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government.
Coming from a hacktivist group called Guacamaya, the leak contains more than five terabytes of classified data, including emails, documents and methods used by AFP agents to prevent drug cartels from doing business in Australia.
The details thus disclosed come from 35 AFP operations, some of which are still active, and also include agent surveillance reports, phone records and payroll data for Colombian officials.
Cybersecurity Dive (October 12, 2022) White House introduces Energy Star-like ratings for IoT
According to a White House cyber fact sheet Tuesday, the White House will roll out a plan for a labeling scheme to assess the cyber resilience of Internet of Things (IoT) devices. According to Cyberscoop, a workshop with around 50 represented organizations is planned for October 19th.
The White House will convene a group of private companies, associations and government partners to discuss the labeling plan. It would be modeled after the Energy Star system, which is used to rate the energy efficiency of computers, air conditioners and other appliances.
Officials plan to start the labeling effort by evaluating the security of routers and home cameras, noting the devices are among the most common and heavily used by consumers.
The registry (October 12, 2022) UK hospitals resort to pen and paper after Oracle Cerner outage
Hospitals in the UK are recovering from an outage in their vital Oracle Cerner electronic health record system, which left doctors without access to critical patient information.
Yesterday afternoon, staff at the Royal Free London NHS Foundation Trust were told not to use the electronic health record system due to a technical issue affecting Cerner.
An internal statement said the Royal Free Hospital, Chase Farm Hospital and Barnet Hospital – all part of the trust – would return to “downtime” procedures, including the use of paper. Although some users had intermittent access to the patient record system, they were advised to continue using the downtime process.
The Register has seen screenshots of alerts stating that the incident was unplanned and caused the application to run slowly and crash. Another error message stated that the problem was an “invalid database configuration” and that the “configuration file could not be found”.
info security (October 11, 2022) Toyota uncovers data leak from 300,000 customers
Japanese auto giant Toyota has warned that the personal details of nearly 300,000 customers may have been leaked after an access key was publicly available on GitHub for nearly five years.
In a statement on its website, Toyota said the email addresses and customer tracking numbers of 296,019 people who have used T-Connect, a telematics service that connects vehicles over a network, since July 2017 have been disclosed.
The company added that while there is no evidence that the data was accessed by a third party after analyzing the data server’s access history, it “could not be completely ruled out”.
The automaker assured customers that “there is no possibility of names, phone numbers, credit cards and other information leaking out like the ‘T-Connect’ service itself.” In addition, the data of users of the “G-Link/G-Link Lite” and “MyTOYOTA/My TOYOTA+” apps for Lexus vehicles were not affected as they are stored in a separate location.
Infosecurity Magazine (October 10, 2022) ThermoSecure: Cracking passwords with finger heat on keyboards is now possible
What if a hacker could guess your passwords based on the heat you leave on your keyboard? A group of computer security researchers at the University of Glasgow’s School of Computing Science in the UK managed to pull off such an attack.
In an article to be published in the upcoming issue of the journal ACM Transactions on Privacy and Security, a team led by Associate Professor Mohamed Khamis has developed ThermoSecure, a system that uses a thermal imaging camera to guess the keys and to identify who was last touched by you individually – the lighter the area appears in the thermal image, the younger it was touched.
Researchers then used this system to guess passwords and PINs on computer keyboards, smartphone screens and ATM keypads.
US TODAY (October 10, 2022) Hackers have taken down US airport websites, the Department of Homeland Security confirms
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major US airports Monday, a Department of Homeland Security official confirmed to USA TODAY.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) official declined to comment on who might be behind what appeared to be a coordinated series of Distributed Denial of Service (DDoS) incidents that did not affect actual airport operations or Planes flying in and out of them.
“CISA is aware of reports of DDoS attacks targeting multiple US airport websites. We are coordinating with potentially affected entities and offering support where needed,” said the official, who declined to speak for the record or provide more information about the cyberattacks and who might be responsible.
computer beeps (October 10, 2022) Anyone can launch phishing attacks on Microsoft 365 with the Caffeine service
A phishing-as-a-service (PhaaS) platform called Caffeine makes it easy for threat actors to launch attacks and offers an open registration process that allows anyone to jump in and launch their own phishing campaigns.
Caffeine does not require invites or referrals, nor does it require would-be threat actors to seek approval from an admin on Telegram or any hacking forum. Because of this, it eliminates much of the friction that characterizes almost all platforms of this type.
Another distinctive feature of Caffeine is that its phishing templates target Russian and Chinese platforms, while most PhaaS platforms tend to focus on decoying Western services.
Other top security news
Treasury fines virtual currency exchange Bittrex for failing to track ransomware payments – Cyberscoop
Emotet rises again with more sophistication, Evasion – Dark Reading
Hospitals continue to suffer the impact of the CommonSpirit IT security incident – HealthITSecurity
Surge in Dark Data a Growing Threat to Enterprises – Intelligent CIO
Misuse of legitimate tools threatens healthcare cybersecurity – HealthITSecurity
Cybercriminals have it easy with Phishing-as-a-Service – Helpnet Security
Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Servers – Security Week
What is Phishing Resistant Multifactor Authentication? It’s complicated. – Cybersecurity dive
Google launches new supply chain security offerings – TechTarget