Sans News Bites, news for January 10, 2023

Sans News bites for January 10, 2023 can be viewed as a web page through this link.

There are a number of stories in here which might be of interest, some of them have been sent through Cyberscoop to TSB’s email list and may not necessarily be blogged.

One of the items talks about passwords, and password being somewhere in the password in some research done.

We also have some car news and other things too.

Top of the news

• • JsonWebToken Secret Poisoning Vulnerability Has Been Patched
• • Security Flaws Affect Millions of Cars
• • Amazon S3 is Now Encrypting New Objects by Default

The rest of the news

• • MegaCortex Ransomware Decryptor
• • US Federal Communications Commission Notice of Proposed Rulemaking for Telecom Breach Notification
• • ChatGPT is Being Used to Create Malware
• • John Deere Agrees to Right-to-Repair
• • Hitachi Energy Vulnerabilities
• • Texas Emergency Medical Services Agency Breach Affects More than 600,000 People
• • FERC Asks For Report on Effectiveness of Power Grid Physical Security Guidelines
• > • Dept. of Interior OIG Finds Problematic Password Management

Item 8, the last item in this list is the one I’m talking about and should at least be viewed for their comments.

Also in this section, items 3, 4 and 6 should be viewed. 6 deals with Texas and their emergency vehicle company suffering a breach. Item 4 covers tractors being repaired by you or someone you trust, which could help farming and other people in that field, and of course there’s plenty more. Let me know what interests you!

Item 3 deals with Chat GPT, the fact it could in theory write malware. If this is only version 1, I’d hate to figure out what other versions can do. I’ve not played with it, so I can’t comment further.