California passes bill to set up one-stop data deletion shop
Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns
Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers.
SB 362, or the DELETE Act, like the right to repair bill passed earlier this week, is now on its way to Governor Gavin Newsom's desk for signature - or not. "We don't typically comment on pending legislation. Each bill will be evaluated on its merits," the Governor's office told us.
If signed, the bill will require the California Privacy Protection Agency (CPPA) to set up a website by 2026 where residents could go to, listing every single data broker registered in the state of California, to delete whatever data they had on the individual - and to keep deleting anything new they acquired every 45 days. The bill would also prohibit the selling or sharing of any newly collected personal data of an individual who requested deletion.
To ensure that the brokers follow the law, SB 362 would also shift responsibility for data broker registration from the California Attorney General's office to the CPPA so all the enforcement could happen under one roof. The bill will also require data brokers to undergo triennial audits to ensure they've been complying with the bill's provisions, and would impose civil penalties on violators.
Californians have every right under the law, as it stands, to request their data be deleted from a broker's database, but it's difficult. There are around 500 data brokers registered in the state of California, and consumers have to contact every single one individually to request their data be wiped.
"Data brokers currently have the ability to use data on reproductive healthcare, geolocation, and purchasing data to sell it to the highest bidder," California state Senator Josh Becker, who introduced the bill, said of SB 362.
"This bill will help Californians actually exercise the right to delete their information from data brokers and protect our right to privacy," Becker told the LA Times.
Critical vulnerabilities of the week
It's that time of the month again, when Patch Tuesday captures the attention of the vulnerability notifications for the week, leaving your roundup with little to report, aside from some patches from Mozilla that got missed.
Per Mozilla, there are some critical patches available for Firefox, Firefox ESR and Thunderbird to address a heap buffer overflow issue that we first wrote about in relation to a zero-day vulnerability in Apple iPhones to do with sending malicious code through WebP images. Apparently it can be triggered in Mozilla apps, too, so get those updates installed.
Otherwise, just a few critical ICS issues to report:
- CVSS 9.0 – CVE-2023-3935: CodeMeter Runtime, a licensing software used in a variety of Siemens products, is vulnerable to a heap buffer overflow that can lead to remote code execution.
- CVSS 8.8 – CVE-2023-29463: Some versions of Rockwell Automation Pavilion8 analytics software expose the JMX Console to users without requiring authentication, allowing theft of user session data.
- CVSS 8.8 – Multiple CVEs: A series of vulnerabilities in Siemens QMS Automotive software prior to v12.39 can lead to malicious code injection, information disclosure and denial of service.
- CVSS 8.2 – Multiple CVEs: The BIOS in a number of Siemens Ruggedcom APE1808 series of devices contain a series of exploits that can be used to escalate privileges, disclose information and crash affected systems.
New ransomware family spotted in the wild
A new ransomware range, dubbed 3AM by Symantec researchers, has been found in the wild and appears to be a completely fresh family of malware.
3AM was spotted in just a single attack so far, Symantec said, in which it was deployed by a ransomware affiliate as a backup when the target's network blocked an attempt to install LockBit. Written in Rust, 3AM attempts to stop a whole bunch of security and backup services before encrypting files, after which it attempts to delete volume shadow copies to ensure recovery is more difficult.
"It is still unclear whether its authors have any links to known cybercrime organizations," Symantec said, adding that new ransomware families appear and disappear all the time.
- Apple-backed California right-to-repair bill just a bite away from governor's signature
- M2 Ultra chip lands in 'cheese grater' Mac Pro to displace Apple's last Intel holdout
- Scattered Spider traps 100+ victims in its web as it moves into ransomware
- US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak
However, the Threat Hunter Team noted in their blogpost, the fact that 3AM's first appearance was alongside ransomware as high profile as Lockbit "suggests that it may be of interest to attackers and could be seen again in the future."
Better take a look at those IoCs.
AirTags find a new illicit use: Arms smuggling
Apple AirTags are great: They can help you keep track of easily lost items like a purse or backpack, or be used to locate a lost pet. They can also (allegedly) be used by stalkers and murderers to track their victims, and now arms dealers are turning to the tiny Bluetooth trackers to help them keep an eye on illicit gun shipments.
According to Forbes, US Customs and Border Patrol have intercepted packages of gun parts with AirTags in them as an alternative to the bulky, often unreliable GPS trackers gun runners have traditionally used to mail their merch.
In this case, it appears a single criminal gang was behind the gun parts smuggled with AirTags as trackers, and one member has been arrested and accused of shipping illegal switches for Glock firearms that turn them into automatic weapons.
Apple said last year that it was introducing changes to AirTags to prevent them being used for stalking and other "criminal purposes," and while progress has been made to prevent stalking, Apple apparently has yet to code in the anti-smuggling features. ®