No. 40, August 23, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — California’s AI security bill moves forward, Equiniti pays $850K SEC settlement**,** and Halliburton hacked.

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

Highlight of the Week

Equiniti pays $850K SEC settlement over cyber breaches causing $6.6M in losses

Equiniti, a shareholder management company, agreed to pay an $850,000 SEC settlement after cyber breaches in 2022 and 2023 led to $6.6 million in client fund losses. Hackers exploited email chains and fake accounts to steal funds. Although Equiniti recovered some money and took corrective actions, the SEC emphasized the need for stronger safeguards. Cyberscoop

Looking for a practical newsletter where you learn something new about Cybersecurity every week?

With Danny's Newsletter, you will level up every week. You will receive learnings and technical deep dives about Cybersecurity as well as how to get into the field.

Join the Community

News

Kentucky man sentenced for hacking Hawaii state registry to fake death

A Kentucky man, Jesse Kipf, was sentenced to 81 months in prison for hacking Hawaii’s state registry to forge his own death certificate and evade $116,000 in child support. Kipf also breached other state registries and corporate networks, selling stolen credentials on the dark web. He was convicted of computer fraud and aggravated identity theft. The Record

Snowflake distances itself from customer breaches, places security burden on user

Snowflake clarified that it wasn’t breached in recent attacks affecting over 100 of its customers, stressing that the security of customer environments is their responsibility. The company made this statement during its Q2 FY2025 earnings call on August 21, 2024. Cybersecurity Drive

FAA proposes new cybersecurity rules for airplanes. The Record

AI & Security

California’s AI safety bill moves forward despite tech industry backlash

California’s controversial AI safety bill, SB 1047, passed the Appropriations Committee but remains contentious. Despite amendments, critics argue it could stifle innovation and burden startups and open-source projects. The bill targets AI models with high computing power, requiring security measures and accountability for catastrophic events. SC Magazine

GenAI faces widespread security challenges, with only 5% confidence from experts. Help Net Security

Custodians looking to beat offenders in Gen AI cybersecurity battle. CSO Online

Why LinkedIn Developed Its Own AI-Powered Security Platform. SecurityWeek

Cybersecurity Incidents

McDonald’s Instagram hack promotes Grimace cryptocurrency scam

McDonald’s Instagram was hacked to promote a cryptocurrency scam using the character Grimace, leading to a brief $20 million market cap for the GRIMACE token. The scam netted $700,000 before being exposed. siliconANGLE

Iran’s banking system hit by massive cyberattack

Iran’s Central Bank and several other banks were targeted in a major cyberattack, disrupting the country’s financial system. Hackers reportedly stole account holder information, and ATMs displayed messages accusing the regime of corruption. Dark Reading

Shark Tank contestant’s Google Cloud leak exposes 83,000 customers’ data

A misconfigured Google Cloud Storage bucket linked to Shark Tank contestant Alice’s Table exposed the personal data of 83,000+ customers, including names, emails, and addresses. Cybernews

Flint, Michigan grapples with service outages after ransomware attack

Flint, Michigan, is struggling to restore its network services following an August 14 ransomware attack. Key services like payment processing and communication systems were disrupted, though emergency services were unaffected. The city is collaborating with law enforcement and cybersecurity experts to investigate and recover, but a timeline for full restoration remains unclear. SecurityWeek

104,000 affected in Jewish Home Lifecare data breach by BlackCat ransomware

A data breach at Jewish Home Lifecare, caused by a BlackCat ransomware attack, has affected over 104,000 individuals. The breach exposed sensitive data, including medical and financial information. The hackers, known as Alphv and BlackCat, claimed responsibility but have since disappeared. SecurityWeek

Kremlin blamed for widespread digital disruptions as experts dismiss DDoS claims

Russia’s internet regulator blamed widespread website disruptions on a DDoS attack targeting telecom operators. However, digital experts argue the disruptions were likely caused by Russian authorities attempting to block Telegram, which inadvertently affected other platforms. The Record

Oregon Zoo data breach exposes payment card details of over 117,000 visitors

Oregon Zoo’s online ticketing system was compromised, exposing payment card details of 117,815 visitors from December 2023 to June 2024. Their payment portal was compromised to redirect transactions to a phishing page from seven months. Bleeping Computer

CannonDesign confirms 2023 Avos Locker ransomware data breach affecting 13,000 employees

CannonDesign, a prominent architectural firm, confirmed a data breach affecting over 13,000 individuals due to an Avos Locker ransomware attack in January 2023. Despite discovering the breach early, investigation delays led to significant data exposure online. Bleeping Computer

Microsoft Copilot Studio SSRF flaw exposes sensitive cloud data across tenants

A server-side request forgery (SSRF) vulnerability in Microsoft’s Copilot Studio allowed researchers to access internal cloud resources and services, potentially impacting multiple tenants. The flaw, tracked as CVE-2024-38206, was mitigated by Microsoft after researchers demonstrated the ability to exploit the tool to access sensitive cloud data. Users don’t need to take any action. Dark Reading

FlightAware data breach exposes Social Security numbers, other sensitive info

FlightAware, a major flight tracking site, exposed customers’ sensitive data, including Social Security numbers, due to a “configuration error.” The breach, which dates back to January 2021, affects various personal details. The company has mandated password resets but hasn’t confirmed the extent of the data compromise. TechCrunch

Ransomware attack disrupts Microchip Technology’s production operations

Microchip Technology was hit by a ransomware attack that disrupted its production facilities, leading to reduced operational capacity. The company is working to restore systems but has not determined the full financial impact. SC Magazine

Arden Claims Service exposes personal data of 139,000 individuals in data breach

Arden Claims Service reported a data breach affecting nearly 139,000 individuals after an October 2023 incident where unauthorized access to data, including Social Security numbers, was discovered. The breach’s cause remains unclear, with no known ransomware group claiming responsibility. SecurityWeek

Carespring Healthcare data breach exposes nearly 77,000 patients’ information

Carespring Healthcare Management disclosed a data breach affecting nearly 77,000 individuals, exposing sensitive personal and medical information. The breach occurred in October 2023, with ransomware groups claiming responsibility. SecurityWeek

Halliburton reports network issues after suspected cyberattack at Houston headquarters

Halliburton, a major oilfield service provider, confirmed network issues following a suspected cyberattack. The impact is centered on its Houston headquarters, and the company is actively investigating with expert help. The petroleum industry, often targeted by cyberattacks, is unlikely to see fuel supply disruptions from this incident. The Record

NetSuite misconfigurations expose customer PII across thousands of sites. CSO Online

Hackers deployed new malware against university in Taiwan. The Record

Toyota confirms third-party breach exposing 240GB of customer data. Bleeping Computer

Threat Intel

Backdoor in widely used RFID cards threatens hotel and office security worldwide

Researchers found a hardware backdoor in FM11RF08S RFID cards, used widely in hotels and offices, allowing unauthorized access. The backdoor, present in cards since 2007, enables attackers to clone cards or execute large-scale supply chain attacks. The Hacker News

Litespeed Cache flaw risks millions of WordPress sites. Bleeping Computer

Log4Shell still exploited, deploying malware and crypto miners. SecurityWeek

Researchers expose 4,000 domains tied to FIN7, disrupt cyber activities in Russia and Estonia. Cybernews

Chinese hackers exploit zero-day Cisco switch flaw for stealthy system control. The Hacker News

Interesting Reads

C-suite faces rising cyber threats

Senior executives are increasingly targeted by cyberattacks, with 72% of US cybersecurity professionals reporting incidents in the past 18 months. Despite this, 37% of companies lack specialized cybersecurity training for leaders. The rise in sophisticated attacks, such as AI-generated deepfakes, underscores the urgent need for enhanced protection and training for the C-suite. Help Net Security

Companies overestimate cyber resilience, face prolonged recovery times

A Cohesity study found that most companies overestimate their cyber resilience, with nearly 70% paying a ransom despite anti-ransomware policies. Although 98% of firms target a one-day recovery time, nearly half need more than six days to resume core operations, revealing a gap between confidence and reality. Cybersecurity Dive

Mitigating non-human identity risks: three key strategies

Managing non-human identities (NHIs) is critical as their numbers vastly outpace human users. Key strategies include continuous discovery and monitoring of NHIs, swift third-party breach response and credential rotation, and advanced anomaly detection. Employing modern tools for these tasks is essential to mitigate risks associated with NHI sprawl. CSO Online

NSA issues global guidance to detect living-off-the-land cyber threats. Dark Reading

How the ransomware attack at Change Healthcare went down: A timeline. TechCrunch

Data & Research

Like the new format for data and research? Let me know.

Ransomware

• Only 27% of ransomware victims paid, with 65% of Kivu Consulting's clients resolving without payment.

• The median ransom payment has jumped from $200,000 in early 2023 to $1.5 million by July 2024.

• The U.S. experienced a 63% rise in attacks, with education and healthcare being major targets.

• Most ransomware attacks occur between 1 a.m. and 5 a.m., often on weekends, targeting times when IT staff are less likely to be monitoring systems.

• Ransomware gangs are increasingly using Living off the Land (LOTL) techniques

SC Magazine Axios Help Net Security

Multi-factor Authentication

• MFA is often poorly implemented, especially in small to mid-sized organizations, where 62% do not use MFA.

• Common attack methods include MFA fatigue, social engineering, and targeting weak or non-MFA-protected passwords.

• Attacks often exploit poor mobile security (e.g., SIM swaps), compromised authentication workflows, and stolen session cookies.

CSO Online

Cybersecurity Mergers, Acquisitions, and Funding

Mergers

CrowdStrike denies merger talks with Action1. CSO Online

VC Funding

Fabric Cryptography, cryptographic processors, raises $33M in Series A funding. SecurityWeek

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com