hacking

https://therecord.media/norway-investigates-cyberattack-affecting-government-ministries

The Norwegian police are investigating a cyberattack uncovered earlier this month that affected the IT systems used by a dozen government ministries.

Norway’s Office of the Prime Minister, as well as its foreign, defense, and justice ministries, were not affected by the hack because they use a different IT platform, said Erik Hope, head of the government agency in charge of providing security and services to the ministries, during a press briefing on Monday.

…

According to Hope, the hackers exploited a now-patched vulnerability in the platform of one of the government’s suppliers. The government’s security specialists identified the attack following “unusual” traffic on the supplier’s platform. Hope declined to provide more details until the investigation is over.

The attack didn’t disrupt the government’s operation. As a result of the hack, employees of several Norwegian ministries couldn’t access some shared services on their mobile phones, including email, but they could still use work devices without issue, Norwegian cybersecurity officials said.

https://www.theguardian.com/technology/2023/jun/07/communist-party-accessed-hong-kong-protesters-tiktok-data-former-executive-says

A former executive at TikTok’s parent company, ByteDance, has alleged that the Chinese Communist party accessed user data from the social video app belonging to Hong Kong protesters and civil rights activists.

Yintao Yu, a former head of engineering at ByteDance’s US operation, claimed in a legal filing that a committee of Communist party members accessed TikTok data that included the users’ network information, Sim card identifications and IP addresses in a bid to identify the individuals and their locations.

The claims, in a wrongful dismissal lawsuit brought by Yu in a California court and reported by the Wall Street Journal, also allege the party accessed TikTok users’ communications, monitored Hong Kong users who uploaded protest-related content and that Beijing-based ByteDance maintained a “backdoor channel” for the party to access US user data.

Yu alleges in the filing that members of a Communist party committee inside ByteDance had access to a “superuser” credential which was also called a “God credential” and allowed them to view all data collected by ByteDance.

https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.

Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks.

…

The attacker needs physical access to the target device to launch a BrutePrint attack

https://www.theguardian.com/society/2023/may/27/nhs-data-breach-trusts-shared-patient-details-with-facebook-meta-without-consent

Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites

https://www.theguardian.com/technology/2023/may/26/tesla-data-leak-customers-employees-safety-complaints

Tesla has failed to adequately protect data from customers, employees and business partners and has received thousands of customer complaints regarding the carmaker’s driver assistance system, Germany’s Handelsblatt has reported, citing 100 gigabytes of confidential data leaked by a whistleblower.

The Handelsblatt report said customer data could be found “in abundance” in a data set labelled “Tesla Files”.

https://therecord.media/illumina-dna-sequencing-devices-vulnerability-fda-cisa

Several U.S. agencies warned this week about a vulnerability affecting software in devices used for DNA research that would allow hackers access to sensitive patient information.

The Food and Drug Administration (FDA) and the company behind the devices — Illumina — said they have not received any reports indicating the vulnerability has been exploited.

Illumina is one of the world’s biggest manufacturers of medical devices that handle bioanalysis and DNA sequencing.

https://news.yahoo.com/hyundai-kia-thefts-keep-rising-144034139.html

Nearly three months ago, Hyundai and Kia unveiled software that was designed to thwart an epidemic of thefts of their vehicles, caused by a security flaw that was exposed on TikTok and other social media sites.

So far, it hasn’t solved the problem. Across the country, thieves are still driving off with the vehicles at an alarming rate.

…

The companies’ affected cars, many of them lower-cost models from the 2011 to early 2022 model years, were not equipped with a theft immobilizer. Such a device contains a computer chip in the key that must be recognized by another chip in the steering column before the engines will start.

Though most automakers have had the chips for years, Hyundai and Kia have lagged behind the industry as a whole in installing them on many models, thereby allowing thieves to exploit the security gap.

https://gizmodo.com/nso-group-exploited-new-zero-click-vulnerabilities-in-i-1850347936

Citizen Lab identified three new exploits that targeted iOS users worldwide in 2022. Apple’s Lockdown Mode reportedly worked as promised.

https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414

Hackers who broke into the Minneapolis Public Schools earlier this year have circulated an enormous cache of files that appear to include highly sensitive documents on schoolchildren and teachers, including allegations of teacher abuse and students’ psychological reports.

https://jalopnik.com/car-thieves-hack-can-bus-headlight-wire-bluetooth-1850307214

Hackers can inject malicious code into a car’s electronic network via headlight or taillight wires, fooling the car into thinking the key is present.