Nissan’s Cyber Nightmare: Over 50K Employee SSNs Stolen in VPN Hack Attack!

Getting ‘car-jacked’ takes on a new meaning as Nissan discloses the theft of 50K+ employees’ SSNs. Who knew cyber bandits were into cars too? Buckle up for safety… and patches. #NissanDataBreach

Hot Take:

Oh Nissan, not again! Just when we thought our personal data might be safer in the hands of car manufacturers than a teenager’s diary is from their nosy sibling, Nissan goes and proves us wrong. With over 50,000 employees’ social security numbers taking a joyride with cybercriminals, it’s like the company handed out VIP passes to a data heist. And let’s not even get started on the Chrome vulnerabilities – it’s like a never-ending game of digital whack-a-mole! Meanwhile, the FTC is waving the “Don’t be creepy with connected car tech” flag, and Cisco Talos is playing Sherlock Holmes in the macOS underworld. Fasten your seatbelts, folks, it’s a bumpy ride in cyberspace!

Key Points:

  • Nissan’s got a leaky ship: Over 50,000 employee SSNs were stolen in a cyber attack.
  • The cybercriminals took their sweet time: Nissan realized the data breach months after the actual incident.
  • Chrome is playing vulnerability bingo with yet another zero-day exploit on the loose.
  • The FTC is like a privacy watchdog, reminding carmakers to play nice with consumer data or face the wrath of regulation.
  • Cisco Talos goes deep into macOS, and not for apple picking – they’re fuzzing for vulnerabilities!
Cve id: CVE-2024-4947
Cve state: PUBLISHED
Cve assigner short name: Chrome
Cve date updated: 05/15/2024
Cve description: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Title: llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Cve id: CVE-2024-34359
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 05/10/2024
Cve description: llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.

Title: SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component
Cve id: CVE-2024-28042
Cve state: PUBLISHED
Cve assigner short name: icscert
Cve date updated: 05/15/2024
Cve description: SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.

Title: Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
Cve id: CVE-2024-4609
Cve state: PUBLISHED
Cve assigner short name: Rockwell
Cve date updated: 05/16/2024
Cve description: A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.

Cve id: CVE-2023-46280
Cve state: PUBLISHED
Cve assigner short name: siemens
Cve date updated: 05/15/2024
Cve description: A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

Need to know more?

The Great Cyber Heist: Nissan Edition

Let's talk about Nissan's latest 'oops' moment. The car giant waved the white flag, admitting that the personal info of a small city's worth of employees got nabbed by some cyber bandits. With 53,038 employees left wondering if their SSNs are enjoying a tropical vacation with identity thieves, Nissan's response is akin to putting a Band-Aid on a gushing wound: password resets and monitoring tools. Too little too late, perhaps?

A Chrome a Day Keeps the Security Away

Google's Chrome is more like a colander these days, leaking out zero-day exploits like it's a feature, not a bug. The latest type confusion issue could have attackers partying in your system, so it's time to patch up again. And if you're a fan of Siemens or Mitsubishi Electric, you've got some patching to do too, with vulnerabilities scoring a perfect 10 in the "Oh no" scale.

FTC's 'Don't Be Creepy' Memo

Automakers using connected car tech, beware! The FTC has its binoculars out, and it's watching for any privacy slip-ups. With connected cars potentially turning into mobile Peeping Toms or influencing insurance rates, the FTC is basically telling car companies to keep it classy, or they'll be dialing the investigation hotline faster than you can say "illegal data collection."

Unwrapping the macOS Mystery with Cisco Talos

Apple's macOS is a tough nut to crack, but Cisco Talos is not just any old nutcracker. They're using snapshot-based fuzzing to hunt for vulnerabilities in closed source code, like a digital Indiana Jones. Now, with their tools available for public use, they're inviting all the security enthusiasts to join the macOS vulnerability treasure hunt.

Last-Minute Cybersecurity Gossip

As the weekend hit the snooze button, Google DeepMind was busy crafting a safety framework to keep AI from going rogue. Meanwhile, the US nabbed a duo accused of laundering a cool $73 million through crypto scams. And WebTPA? Well, they're just the latest to join the "We leaked your data" club, with nearly 2.5 million people potentially affected. Cybersecurity news, never a dull moment!

Tags: Chrome zero-day exploit, connected car privacy, data breach, FTC consumer protection, healthcare data compromise, personal information theft, Siemens Vulnerabilities