Threat Actor: Various | Various
Victim: Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury, and others | Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury
Key Point :
- Volkswagen experienced a data leak affecting 800,000 electric cars due to unsecured AWS storage.
- Pittsburgh Regional Transit faced a ransomware attack causing temporary service disruptions.
- Over 3 million hosts were found running unencrypted POP3/IMAP services, risking user data exposure.
- Ford’s X account was hacked, resulting in unauthorized posts related to geopolitical issues.
- NTT Docomo suffered a DDoS attack disrupting various mobile services.
- China denied allegations of hacking US Treasury workstations amid rising cyber tensions.
- The US charged two Indian nationals for a tech support scam targeting elderly victims.
- A new clickjacking technique, DoubleClickjacking, poses risks for OAuth-enabled websites.
- Palo Alto Networks revealed a jailbreak technique for LLMs that could generate harmful content.
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Volkswagen data leak
Location information pertaining to roughly 800,000 electric Volkswagen cars was leaked online for months due to improperly protected AWS storage instances owned by subsidiary Cariad, according to Der Speigel. The exposed data could be linked to drivers, including their contact details. The leak has been patched.
Pittsburgh Regional Transit ransomware attack
The Pittsburgh Regional Transit (PRT) announced before the holidays that it had been dealing with a ransomware attack detected on December 19. The rail service experienced temporary disruptions due to the incident. Some rider services were also impacted. It’s unclear if any sensitive data has been compromised. SecurityWeek has not seen any known ransomware group taking credit for the attack.
3 million hosts without encrypted POP3/IMAP services
The Shadowserver Foundation warns that it has identified over 3 million hosts that run POP3/IMAP email services without TLS enabled. Without encryption, these services transmit usernames and passwords in plaintext, exposing them to interception. Unencrypted POP3/IMAP services should be retired, Shadowserver says.
Ford’s X account hacked
Ford has confirmed that its X account was briefly compromised, after posts referencing the Israel-Palestine war were published on Monday. The company told CBS News Detroit it did not authorize three posts and apologized for the incident, but shared no details on how the hack occurred.
DDoS attack disrupts services at Japan’s NTT Docomo
NTT Docomo, Japan’s largest mobile phone carrier, announced that some of its services were temporarily disrupted by a distributed denial-of-service (DDoS) attack on Thursday. The cyberattack affected the carrier’s mobile payment, news, video streaming, and webmail services.
China denies hacking US Treasury
Responding to questions on the US blaming Chinese state-sponsored threat actors for accessing Treasury Department workstations and unclassified documents last month, Chinese Foreign Ministry spokesperson Mao Ning denied the country’s involvement, calling the allegations “unwarranted and groundless”. China regularly denies conducting cyber operations, but it recently also started making counter-accusations against the US and its allies.
US charges two Indian tech support scammers
The US Department of Justice has announced charges against two Indian nationals, Ahmed Maqbul Syed, 57, and Rupesh Chandra Chintakindi, 27, for laundering fraudulent proceeds from a tech support fraud scheme targeting elderly victims in the US. Pop-up notifications on their computers instructed the victims to contact tech support. They were then directed to withdraw money from their accounts, purchase gold and gift cards, and were told that government representatives would retrieve the gold and cash to secure it.
DoubleClickjacking, the evolution of clickjacking
DoubleClickjacking, a new variation of clickjacking, the technique of tricking users into clicking hidden or disguised buttons, relies on a double-clicking sequence, “exploiting the timing difference between mousedown and onclick events”, potentially leading to account takeover on websites supporting OAuth and to one-click account changes, security researcher Paulos Yibelo warns.
New Bad Likert Judge LLM jailbreak technique
Palo Alto Networks has detailed a new jailbreak technique targeting text-generation large language models (LLMs). Dubbed Bad Likert Judge, it relies on asking the LLM to act as a judge and score the harmfulness of a response based on the Likert scale, and then to generate responses containing examples aligning with the scale. “The example that has the highest Likert scale can potentially contain the harmful content,” Palo Alto Networks says.
Related: In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations
Related: In Other News: McDonald’s API Hacking, Netflix Fine, Malware Kills ICS Process