Medibank hit again… this time with MOVEit

?? Edwin Kwan, Sydney, Australia ↗
Medibank staff details taken after building manager gets hacked

What you should know about location records, including Apple’s and Google’s new policies

?? Hillary Coover, Washington, DC ↗
Washington Shields Abortion Data in First-in-Nation Privacy Law

BlackCat clawing at reddit’s door

?? Ian Garrett, Arlington, Virginia ↗
Reddit hackers demand $4.5 million ransom and API pricing changes – The Verge

Gigabyte Systems exposes secret backdoor

?? Katy Craig, San Diego, California ↗
Supply Chain Risk from Gigabyte App Center Backdoor – Eclypsium
GIGABYTE Fortifies System Security with Latest BIOS Updates and Enhanced Verification | News

US Government offers $10M reward for info on CL0P

?? Olimpiu Pop, Transylvania, Romania ↗
https://twitter.com/RFJ_USA/status/1669740545403437056
US govt offers $10 million bounty for info on Clop ransomware

This Day in Tech History 

?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/06/18/
http://thisdayintechhistory.com/06/19/
http://thisdayintechhistory.com/06/20/

Pokie Huang: 

It’s 5:05 on Tuesday, June 20th, 2023. From the Sourced Podcast Network in New York city, this is your host Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Hillary Coover in Washington, DC, Ian Garrett in Arlington, Virginia, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania, Marcel Brown in St. Louis, Missouri.

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Medibank has suffered another data breach. The Australian private health insurer suffered a major cyber attack in October last year which affected 9.7 million customers. It was one of Australia’s worst data breach. 

This time its staff’s private details were impacted due to the exploit of the MOVEit vulnerability. Employees at Medibank had their names, work email addresses, and phone numbers stolen. The compromise was through one of the company’s property and facilities management provider, which was hit by the MOVEit cyber attack. 

Medibank has said that they are continuing to investigate and are working closely with the vendor. At this stage they are not aware of any customer data being compromised.

Hillary Coover: 

Hi, this is Hillary Coover.Today the state of Washington adopted a state law protecting consumers from companies that collect location records and healthcare data that could reveal visits to abortion clinics or other healthcare facilities.

I want to talk about the location records. 

Location record data is collecting using what’s called an advertising id, also known as a soft indicator for a mobile device because of the ability to change it. This is intended to be an anonymized indicator that allows advertisers to be able to effectively reach their targeted audiences and understand them.

However, the ease of purchasing this data and de-anonymizing it, especially in sensitive contexts like healthcare, is alarming. 

Imagine this. Your location data obtained innocently through apps or online services was sold without your knowledge. This data combined with other open source information such as browser cookie data and public records was used to create a comprehensive profile of your activities and interests.

 That’s enough to feel pretty violated, but I’ve got some good news for now. 

Apple has already moved away from the advertising ID in the name of privacy and Google claims it’s on its way to phasing it out as well. This could become a future concern since all of that data will now be owned and trusted with these large corporations with profit incentives, but for now it alleviates the third party location distributor risk and makes the location record piece of this legislation somewhat moot.

Ian Garrett: 

Hackers and customers on the same side? A recent data breach exposure to the popular online community reddit, found hackers demanding not only a hefty ransom, but also changes to reddit’s controversial API pricing updates, which has been a point of contention with customers as well. 

Hey folks, this is Ian Garrett in Arlington, Virginia.

In February of this year, hackers executed a sophisticated and highly targeted phishing campaign, gaining unauthorized access to internal reddit data. While reddit assured users that their personal data remains safe, the breach exposed contact information of employees and advertisers. Fast forward to today in a hacker group called BlackCat has claimed responsibility for the attack, threatening to release 80 gigabytes of stolen data unless their demands are met.

BlackCat’s’ demands go beyond money. They’re asking for a substantial $4.5 million payout, but they also want reddit to roll back its planned API pricing changes. These changes, which would require developers of third party apps to pay significant fees, sparked a wave of protests from users and moderators who rely on these apps.

Several major subreddits even went dark in response, limiting access to new posts. reddit CEO, Steve Huffman, recently defended the API pricing changes, stating that the platform was never intended to support third party apps to such an extent. However, with Black Hat now leveraging their stolen data, it puts reddit in a difficult position.

The company has declined to comment on the hack, leaving users and the wider community to speculate on potential implications. The incident marks the second time reddit has fallen victim to a major security breach following a similar attack in 2018 that exposed user data. As the situation unfolds, it remains to be seen how reddit will respond to BlackCat’s demands and whether they will reconsider their API pricing changes.

Katy Craig: 

The Eclypsium platform, a cybersecurity solution, has detected some suspicious behavior within Gigabyte Systems. It’s a secret backdoor that’s been lurking in the shadows. 

This is Katie Craig in San Diego, California. 

Eclypsium found firmware that drops in executable windows binary during startup, which then insecurely downloads and executes additional payloads. Now, here’s the good news. 

Eclipse is working closely with Gigabyte to address this issue on. Gigabyte is already issued bios patches for most of their motherboards to mitigate the vulnerability, and that’s a step in the right direction. 

But let’s not forget the potential risks here. This backdoor could pose a supply chain risk for organizations using Gigabyte Systems. We’re talking about compromise in the supply chain, compromise in the local environment, and the persistence of malware through this firmware backdoor. The fact that it’s there and is difficult to detect and remove makes it a vulnerability we want to address immediately, since you know the bad guys will.

So if you’re a Gigabyte motherboard user, stay on high alert. Keep an eye out for those bios, patches, and make sure you’re taking necessary precautions to protect your system. 

This is Katie Craig. Stay safe out there.

Olimpiu Pop: 

As stated previously, the CLOP threat actors started trying to monetize the data that they piled in the period after Memorial Day weekend. Last week, they published a long list of companies threatening to disclose the data if they don’t pay. As CNN disclosed, the group attacked several federal agencies, including the Department of Energy. 

Nevertheless, the ill willing actor stated, “We got a lot of emails about government data. We don’t have any government data and anything directly residing on exposed and bad protected not encrypted file transfer, we still do the polite thing and delete all.” 

It seems that the federal representatives of the US don’t trust the hackers pinky promise, as they tweeted an announcement promising up to $10 million bounty for information linking the club ransomware attacks to foreign government.

 The announcement reads, “Do you have any info linking CLOP ransomware gang or any other malicious cyber actors targeting US, critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward.”

To submit a tip, the State Department has set up a dedicated TOR secure drop server that can be used to submit information on CLOP and other threat actors.

Now you know how your holiday budget can be rounded. More details can be found in the resources section of 505updates.com 

Reporting from Transylvania, Romania, this was Olimpiu Pop.

Marcel Brown: 

This is Marcel Brown bringing you some technology history for June 18th, 19th and 20th. 

June 18th, 1979. In use at the time by over 200,000 computers with the Z80 and 8080 processors, Microsoft Basic is introduced for the 8086, 16 bit microprocessor. By being one of the first to offer a version of the Basic programming language for a 16 bit processor and making it compatible with their eight bit versions of Basic, Microsoft helped move forward 16 bit computing.

But perhaps more importantly, by developing for the 8086 processor, they soon formed a relationship with Seattle Computer Products, one of the first companies building computers with an 8086 processor. As fate would have it, in 1980, Seattle Computer Products was forced to develop an operating system for their computers because a version of the very popular CPM operating system was delayed for the 8086.

It was this 8086 operating system, which SCP called QDOS, for quick and dirty operating system, that Microsoft soon bought the rights for and licensed to IBM for their new PC. Microsoft thus began their transformation from a simple software development company in the early history of personal computing, to one of the most dominant technology companies in history.

June 19th, 1976. The Viking 1 spacecraft enters into orbit around the planet Mars, 10 months after being launched from Earth. Viking 1 would become the first US spacecraft to land on Mars and the first spacecraft overall to successfully soft land and perform a mission on Mars. 

Viking 1 operated on Mars for 2,307 days, which equates to over six and a quarter years, or 2,245 Martian solar days, which was the longest Mars surface mission until the record was broken by the Opportunity Rover in May of 2010. 

June 20th, 1950. The National Bureau of Standards dedicated the Standard’s Eastern Automatic Computer, otherwise known as the SEAC in Washington. SEAC was the first computer to use all diode logic, a technology more reliable than vacuum tubes, and was the first stored program computer completed in the United States.

Magnetic tape in the external storage units, stored programming information, coded subroutines, numerical data and output. 

That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Pokie Huang:

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Hillary Coover, Ian Garrett, Katy Craig, Olimpiu Pop, Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.