Threat Intelligence Report - June 2, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
Gigabyte vulnerability affects 7 million devices
Researchers at Eclypsium discovered a vulnerability in Gigabyte systems' firmware affecting nearly 7 million devices, which could enable the creation of persistent and stealthy UEFI bootkits that bypass security controls. This highlighted the need for more secure firmware update mechanisms.
Read more: https://netfire.link/gigabyte-firmware
Toyota Cloud misconfiguration leads to potential data leak affecting 260,000 customers
Toyota Motor Corporation acknowledged a potential data leakage due to a misconfiguration in their cloud environment, making customer data potentially externally accessible. Unique from a cybersecurity standpoint, this incident marks a notable case of data exposure caused by cloud misconfiguration, affecting approximately 260,000 customers' information, including in-vehicle device IDs, map data updates, customer names, addresses, and contact details; however, no secondary damage or misuse of data was confirmed.
Read more: https://netfire.link/toyota-cloud
FTC Charges Amazon and Ring with Multiple Privacy and Security Breaches
The U.S. Federal Trade Commission (FTC) has charged Amazon and its home security camera subsidiary, Ring, with multiple privacy and security breaches, underlining the risks of poorly designed IoT devices. This includes employees having unrestricted access to customer videos, lack of privacy protections, susceptibility to hacking, and retention of children's recordings through Alexa, resulting in Amazon agreeing to pay $30.8 million in settlements while exemplifying the substantial privacy issues in IoT cybersecurity.
Read more: https://netfire.link/ftc-amazon
Metropolitan Opera Class Action Lawsuit over Breach Affecting 45,000 Individuals
The Metropolitan Opera in New York City is facing a class action lawsuit after a cybersecurity breach affected over 45,000 individuals, exposing sensitive data including Social Security and driver's license numbers, financial information, and more. The lawsuit argues that the Met failed to adequately respond, inform affected parties promptly, and install adequate security measures to prevent such attacks, even in light of previous government warnings, highlighting the extensive damage and long-lasting effects that cybersecurity breaches can have on organizations and individuals.
Read more: https://netfire.link/met-opera-lawsuit
Space: Houston we have a malware problem
The lack of cybersecurity measures in next-generation spacesuits and other aspects of modern space missions, like NASA's Artemis program and China's Tiangong Space Station, has raised concerns among cybersecurity experts who warn that malware attacks could have catastrophic, even deadly, consequences in space. Addressing this growing risk will require major changes including stricter access controls, adoption of zero-trust protocols, enhanced cybersecurity regulations, and innovation in securing critical cyber infrastructure for space missions, thus underlining the need to consider cybersecurity as an integral part of the future of space exploration.
Read more: https://netfire.link/space-malware
Follow NetFire and stay tuned for more insights.