Hackers Leak More DNC Data and Medical Records; Air Bag Software Bug Leads to 4.3M Vehicle Recall

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Guccifer 2.0 Releases New Batch of DNC Files

The hacker who claimed responsibility for stealing and making public Democratic National Committee emails in the summer released a new batch of committee documents Tuesday.

This time, stolen files include financial information, donors’ personal information and memos from vice presidential nominee (but then-committee chair) Tim Kaine, according to Politico.

“The DNC is the victim of a crime—an illegal cyberattack by Russian state-sponsored agents who seek to harm the Democratic Party and progressive groups in an effort to influence the presidential election," said DNC Interim Chairwoman Donna Brazile in a statement. "There’s one person who stands to benefit from these criminal acts, and that’s Donald Trump."

Though Guccifer 2.0 claims to be Romanian, cybersecurity firms including CrowdStrike and Fidelis attribute the breaches to Russian intelligence groups.

Earlier Tuesday, Guccifer 2.0 “spoke” at The Future of Cyber Security Europe event in London, sharing a username and password with the crowd for the new DNC materials, reported Forbes. The hacker sent messages to a conference planner who read them on stage and called out “large IT companies” as the “real cyber threat.”

WADA: Russian Spy Group hacked US Olympians' Medical Records

The World Anti-Doping Agency confirmed Sept. 13 a Russian hacking team accessed a database with U.S. Olympian athletes’ confidential medical information and publicly released information about Simone Biles, Serena and Venus Williams, and Elena Delle Donne.

The WADA statement blames Tsar Team, also known as APT28 or Fancy Bear, an alleged Russian cyber-espionage group also linked to the Democratic National Committee email breach.

So how did the group get in? Spear-phishing, the WADA statement said. The group accessed WADA’s Anti-Doping Administration and Management System database via an International Olympic Committee-created account for the Rio 2016 Games.

WADA has been breached before. In August, unauthorized users accessed Yuliya Stepanova’s ADAMs account. Stepanova played a key role in exposing the widespread doping among Russian athletes.

Air Bag Software Bug Leads GM to Recall 4.3M Vehicles

A bug in air bag software led General Motors to recall about 4.3 million vehicles manufactured from 2014 through 2017.

“In the affected vehicles, certain driving conditions may cause the air bag sensing and diagnostic module (SDM) software to activate a diagnostic test. During this test, deployment of the frontal air bags and the seat belt pretensioners would not occur in the event of a crash,” according to a National Highway Highway Traffic Safety Administration announcement.

A Reuters report said the flaw has been linked to one death and three injuries.The models recalled include:

• 2015-2017 Chevrolet Silverado 2500 HD, 3500 HD, Tahoe, Suburban, GMC Sierra 2500 HD and 3500 HD, GMC Yukon, GMC Yukon XL, Cadillac Escalade and Cadillac Escalade ESV vehicles.
• 2014-2017 Chevrolet Corvette, Silverado 1500, Trax, Caprice Police Pursuit Vehicle, GMC Sierra 1500, Buick Encore.
• 2014-2016 Buick Lacrosse, Chevrolet Spark EV and SS vehicles

GM will “reflash” the SDM software free of charge. Owners can see if their cars are included in the recall here.