Cyber Weekly Digest - Week #36

Updated: Sep 9, 2021

This week’s digest dives into the latest LockBit ransomware victim, Bangkok Airways, as well as a newly discovered set of Bluetooth vulnerabilities affecting around 1,400 commercial products. Keep reading to stay up to date on all the latest cyber security stories from around the world.

1. LockBit ransomware leaked 200GB of data belonging to Bangkok Airways.

Bangkok Airways confirmed it was the victim of a cyberattack in August that compromised passengers’ personal data; since then, the LockBit ransomware gang has claimed to be responsible. The LockBit ransomware leaked more than 200GB of data belonging to the Thai company, suggesting that the security of its system was not as secure as the airline claimed. The information stolen during the attack included full names, nationality, gender, phone numbers, email and physical addresses, passport info, historical travel data and partial credit card info.

2. New BrakTooth vulnerabilities leave millions of Bluetooth-enabled devices at risk.

A set of new security vulnerabilities, named BrakTooth, has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and could crash the devices via denial-of-service attacks. The 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments. It is estimated that 1,400 or more commercial products are affected, including laptops, smartphones, programmable logic controllers, and IoT devices. The most severe of the 16 bugs is CVE-2021-28139, which affects the ESP32 SoC used in many Bluetooth-based appliances ranging from consumer electronics to industrial equipment.

3. Autodesk reveals it was targeted by Russian SolarWinds hackers.

Autodesk is a US software and services company that provides millions of customers from the design, engineering, and construction sectors with CAD, drafting, and 3D modelling tools. Autodesk confirmed they had identified a compromised SolarWinds server and took the necessary steps to remediate the incident. The attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation, or the attackers did not act quickly enough befo