US to Propose Banning Chinese and Russian Tech in Connected Cars, Sources

A word from our sponsor, Anchore

Learn the building blocks for adopting a secure software factory model in this webinar. The Department of Defense (DoD) software factory model has emerged as a cornerstone of innovation and security for national defense and cybersecurity. Software factories represent an integration of principles and practices found within the DevSecOps movement, with technical guidelines to support continuous cyber-readiness with real-time visibility. 

Explore the building blocks for adopting a software factory model with firsthand insights from Platform One and Black Pearl in this on-demand webinar. 

Sources say the US Commerce Department plans to reveal proposed rules that would ban Chinese- and Russian-made hardware and software for connected vehicles as soon as today.

Commerce has recently met with industry experts to address security concerns raised by a new generation of so-called smart cars. The sources said the move would include bans on using and testing Chinese and Russian technology for automated driving and vehicle communications systems. While the bans mainly focus on software, they said the proposed rules will include some hardware.

The Biden Administration’s primary concern is preventing China or Russia from hacking vehicles or tracking cars by intercepting communication with software systems that their domestic companies have created. The rules would also have a protectionist element since most new vehicles are connected at least through infotainment systems, so Chinese carmakers could be barred from selling in the US if the vehicles use their connected technology.

In May, the administration levied a 100% tariff on Chinese electric vehicles, pointing out that the Chinese government is subsidizing its auto industry and increasingly exporting its excess capacity at a time when US companies are building more battery-powered cars.

Lael Brainard, director of the White House’s National Economic Council, is set to speak Monday in Detroit about the Biden administration’s efforts to “strengthen the US auto industry.” (David Welch and Mackenzie Hawkins / Bloomberg)

Related: Reuters, The Information, PYMNTS.com, Capital Brief, Carscoops

China's national security ministry said a Taiwan military-backed hacking group called Anonymous 64 has been carrying out cyberattacks against targets in China, urging people to report "anti-propaganda sabotage."

The ministry said that since the beginning of this year, Anonymous 64, which China's national security ministry said belonged to Taiwan's cyber warfare wing, has sought to upload and broadcast "content that denigrates the mainland's political system and major policies," on websites, outdoor screens, and network TV stations.

In a blog post published on its official WeChat account, the national security ministry said its investigation into Anonymous 64 had found that many of the websites Anonymous 64 claimed to have accessed were fake or had little to no traffic. The ministry added that posts showing it having infiltrated numerous university and media websites had been photoshopped.

The security ministry published screenshots of the group's X account with heavily redacted text. It also said it had opened a case against three members of Taiwan's cyber warfare wing.

Taiwan frequently accuses Chinese groups of seeking to spread online disinformation or carry out cyberattacks across the democratically governed island. China claims sovereignty over Taiwan and has ramped up military and political pressure against it over the past five years to assert its claims. The Taiwan defense ministry's Information, Communications, and Electronic Force Command said China's accusations were untrue.

"The current enemy situation and cyber threats are severe," it said."The Chinese communist military and forces that coordinate with it continue to use aircraft, ships, and cyberattacks to harass Taiwan and are the originators of undermining regional peace." Taiwan's government rejects Beijing's sovereignty claims. (Joe Cash and Ben Blanchard /Reuters)

Related: RTHK,  CNA ENGLISH NEWS, The Hindu - Technology, RFA Home, Ecns, Tasnim News, Chinanews.net, South China Morning Post

At the LABScon cyber conference in Arizona, Google senior threat analyst Austin Larsen said the Snowflake hacker, responsible for a cybercrime campaign that impacted up to 165 companies this summer, might be a Nazi-sympathizing Canadian male in his 20s still at large and recently broke into a “handful” of new organizations.

The attacker, who previously stole data from customers of cloud analytics company Snowflake Inc., has since targeted American firms and compromised critical infrastructure organizations based in Russia and Bangladesh, according to Larsen.

Larsen said the hacker recently shared screenshots of records stolen from Russian and Bangladeshi critical infrastructure companies, including sensitive customer data, on Telegram. He added that some intrusions are ongoing.

An analysis of the hacker’s online interactions indicated they were likely a male based in Canada in their 20s who displayed Nazi sympathies, Larsen said. He declined to identify the hacker by name or say if their identity had been passed on to law enforcement.

Larsen said the hacker recently shared screenshots of records stolen from Russian and Bangladeshi critical infrastructure companies, including sensitive customer data, on Telegram. He added that some intrusions are ongoing.

He also said the attacker, who might be working with others, has a “huge amount of stolen credentials,” at least totaling hundreds of thousands from numerous organizations worldwide.

The hacker is no longer targeting Snowflake-related data but exploiting tools from another software provider, which Larsen declined to name. (Margi Murphy and Charles Gorrivan / Bloomberg)

Related: 404 Media, CyberScoop

Dell has confirmed that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.

The allegations were published yesterday by a threat actor named "grep," who alleges that the computing vendor suffered a "minor data breach" in September 2024, exposing internal employee and partner information.

In a post to a hacking forum, the threat actor says the stolen data includes employees' unique identifiers, full names of employees for Dell and partners, status of employees (active or not), and an internal identification string.

Though only a small sample of the data was shared for free, a link to the entire database can be revealed by spending 1 BreachForums credit, valued at approximately $0.30.

The same user, grep, claimed another high-profile data breach on September 9, 2024, when he posted data allegedly stolen from the French IT giant Capgemini.

Earlier this year, Dell suffered a data breach after a company API was abused to steal 49 million customer records. (Bill Toulas / Bleeping Computer)

Related: PhoneWorld, HackRead, Cyber Daily, CSO Online

Chaofan Shou, the co-founder of blockchain analytics firm Fuzzland, said that a storage vault belonging to the collateralized debt position (CDP) platform Shezmu was compromised, with $4.9 million worth of cryptocurrencies stolen in the process.

Shezmu later confirmed that one of its ShezmuUSD (ShezUSD) stablecoin vaults was exploited and proactively urged the hacker to return the funds in exchange for a bounty reward with no legal repercussions.

Shezmu requested the return of 90% of the stolen funds within 24 hours through an onchain message. The protocol would involve law enforcement only if the hacker decided not to comply.

The hacker responded to the request by demanding a 20% bounty reward instead of the initial 10% offer, which Shezmu agreed to. The hacker initially returned 282.18 Ether to the protocol and followed it up with another refund of 137 Wrapped Ether (WETH). (Arijit Sarkar / Cointelegraph)

Related: Web3IsGoingJustGreat, Brave New Coin, Tron Weekly, DailyCoin

A note from Cynthia: please consider supporting Metacurity

I hope you're enjoying Metacurity's daily reports on the most critical infosec developments you should know. Please support my campaign to end infosec news overload by upgrading your Metacurity subscription today. Thank you!

Synthetic dollar protocol Ethena's website suffered what appears to be a front-end exploit on Sept. 18, and Ethena Labs has cautioned users not to interact with any site or application claiming to be Ethena.

According to a social media post from Ethena Labs, the website’s domain registrar account was compromised, and the site is currently deactivated until the issue is resolved.

Ethena Labs also reassured clients that the exploit did not affect the Ethena protocol and that all customer funds remained safe.

Security firm Blockaid likewise warned Ethena users who were connected to the site at the time of the exploit not to sign any transactions and to disconnect wallets "immediately." (Vince Quill / Cointelegraph)

Related: Web3IsGoingJustGreat

Users of the Telegram-based cryptocurrency trading bot Banana Gun, which enables Telegram users to trade on some of the most popular blockchains, have been drained of nearly $2 million worth of digital assets.

According to Hakan Unal, the senior Security Operation Center lead at on-chain security firm Cyvers, at least eleven attackers have drained a collective $1.9 million worth of crypto from the bot’s users.

The number of victims suggests that the hacker didn’t successfully infiltrate the entire trading bot, only an isolated number of accounts. (Zoltan Vardai / Cointelegraph)

Related: The Block, BeInCrypto, crypto.news, Finance Feeds, CoinGape

Cryptocurrency hackers took over the Supreme Court of India’s official YouTube channel to run a Ripple and XRP scam.

On Sept. 20, the official YouTube channel of the Supreme Court of India, with over 217,000 followers, was rebranded into a Ripple-themed account to run a cryptocurrency scam.

The hackers used the channel to play a fake live stream video featuring Ripple Labs CEO Brad Garlinghouse. The footage also urged potential victims to invest in the scam, promising unrealistic returns.

The hackers also renamed the channel, changed the URL, and deleted all the previous videos uploaded by the account’s original owner. YouTube subsequently deleted the channel. (Arijit Sarkar / Cointelegraph)

Related: Cyber Express, CoinDesk, DailyCoin, Decrypt, NDTV, AP7AM, The Economic Times, The Crypto Times, Times of India, The Indian Express, Benzinga, The Hindu

Someone deleted the tweet history of music stars Usher and Pink and some followers questioned the deletion of Usher's history saying it appeared to be a social media cleanse in light of Usher’s professional relationship with music mogul Sean ‘Diddy’ Combs, who has been arrested on federal sex trafficking and racketeering charges.

However, a community note on X said that Usher's account was compromised and used to promote a crypto scam. (Ashley Iasimone / Billboard)

Related: Fortune, Daily Mail, Sportskeeda, Page Six, The Mirror

Best Thing of the Day: A Useful Resource for 150 Million of Us

Microsoft has a new support page about the National Public Data (NPD) breach that came to light recently and affects over 150 million people and offers a list of recommended actions that users can undertake to reduce risk exposure.

Worst Thing of the Day: No Honor Among Data Thieves?

During a court fight about legislation that would force TikTok owner ByteDance to sell the popular video services, attorneys for TikTok argued that the law exempts other Chinese apps that could have been doing worse on the concern of data security protection, including Chinese retail giants Temu and Shein.

Bonus Worst Thing of the Day: No Quick Bounce Backs from Cyberattacks

Despite the arrest of a suspect, a 17-year-old boy from Leicester, in the attack on Transport for London, commuters are still unable to check online journey histories or contactless payments, view some live transport updates, or apply for discount Oyster photocards, including children’s Zip cards and the 60+ pass.

Closing Thought