Security News for the Week Ending July 15, 2022
Experian Users Say Their Account Has Been Hacked
Brian Krebs is reporting that two users have written to him in the last month saying that their accounts at Equifax was hacked. Both users claim to have used strong, unique passwords with password managers. Equifax does not offer MFA (shocking! Actually not, this is Equifax that we are talking about, right?) When one of the users called to recover his account, they used credit report questions to verify his identity. If the hacker had a copy of this guy’s credit report, how is that useful. One more time, Equifax, owner of one of the still largest data breaches ever (145 million), fails the security test. Credit: Brian Krebs
Was Hunter Biden’s iCloud Account Hacked?
It appears that the answer to that is yes. Given that Apple does not require MFA and allows you to choose a password of Password1 or something similar, hacking a user’s account is not hard, especially if users do not practice good cyber hygiene. Once the account is hacked, there are tools to dissect the data. I have no idea of what happened, but it has been embarrassing to Hunter and probably other family members. Credit: Vice
Yet More UEFI Firmare Vulnerabilities
UEFI firmware is part of the core of your endpoint security. Unfortunately, computer vendors are not taking UEFI security seriously. This time it is Lenovo and they disclosed three security flaws affecting over 70 product models. The vulnerabilities allow attackers to execute arbitrary code before the operating system even loads, so it is undetectable by any software running on the computer. This is the second time Lenovo has patched its UEFI boot process this year and, potentially, given the close ties between Lenovo and the Chinese government, maybe this is not an accident. Lenovo is on our DO NOT BUY list for these reasons. They have just issued a patch for the firmware. Credit: The Hacker News
Yet Another Colorado Election Official Faces Felony Charges
Sandra Brown, who worked for multiple felony indicted Mesa county clerk Tina Peters, has been arrested on suspicion of conspiracy to commit criminal impersonation and attempting to influence a public servant. This is likely not the last arrest in this case, but it means that the election process in Mesa county continues to be a mess. On top of this, the Mesa County DA wants to revoke Peters’ bond after she left the state in violation of that bond. On Thursday, a judge ordered Peters’ arrest. Her attorney says she didn’t know she was not allowed to leave the state. Wow. Credit MSN and Yahoo
Cruise’s Robot Car Outages Are Jamming Up San Francisco
Calvin Hu was driving new Golden Gate Park one night when he pulled up behind a couple of autonomous Chevy Bolts. When the light turned green, the Bolts didn’t move. When he tried to backup, there more Cruise vehicles stalled behind him. This is part of 60 vehicles that were disabled over 90 minutes that day, creating a jam in downtown. This is not unique. In fact a letter sent by a Cruise employee to the California PUC said this happens regularly. Cruise says that it happens and they are working on the problem. Credit: Wired