No. 43, September 12, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Chinese backdoors in US port cranes, cybersecurity workforce growth stalls, and 1.7M customers hit in breach of Slim CD.

Highlight of the Week

Chinese made cranes found to contain backdoor security risks

A new Congressional report raises alarm: Chinese-made port cranes in the U.S. contain unauthorized modems. These devices, installed without port approval or contractual agreement, ostensibly collect usage data but create significant security risks. The report warns these modems could potentially disrupt critical port operations, highlighting a pressing national security concern. The Record

Brought to you by AskJack

👀 Fragmented apps, too many chats, and not enough answers to your work questions. See how AskJack is solving that with AI. Learn More

News

Cybersecurity workforce growth stalls

The global cybersecurity workforce growth stagnated at 5.5 million, impacted by layoffs and budget cuts. Skills shortages persist; 75% cite increased threats. U.S. job postings declined 5.4%. The gap between needed and available professionals widened to 4.8 million. Cybersecurity Dive

Lehigh Valley Health Network agrees to $65 million settlement over data breach

Lehigh Valley Health Network agrees to a $65 million settlement for a data breach exposing nude images of 600 cancer patients. The breach, linked to the BlackCat ransomware group, affected 134,000 individuals. The Record

Key stakeholders urge government to address $900B cyber insurance gap

Marsh McLennan and Zurich Insurance Group urged government action to bridge a $900 billion cyber risk coverage gap. The cyber insurance market is projected to exceed $28 billion by 2027. Rising cyber incidents highlight the urgency for enhanced protections, especially for small businesses. Cybersecurity Dive

AI & Security

AI Convention signed amid national security concerns

The AI Convention, signed on September 5, 2024, aims to safeguard human rights from AI threats across 46 European nations. However, it includes broad national security exemptions and vague obligations for private industries, raising concerns about its enforceability and effectiveness in fostering accountability. SecurityWeek

Lessons from the missteps in AI’s history. SecurityWeek

Cybersecurity Incidents

Fortinet confirms data breach; hacker steals 440GB of files

Fortinet has confirmed a data breach where 440GB of files were stolen from its Sharepoint server. A hacker attempted extortion but Fortinet refused to pay. The company noted limited customer data was affected and communicated with those impacted, but specifics remain undisclosed. Bleeping Computer

Wisconsin Medicare reveals data compromise affecting nearly 1 million beneficiaries

Wisconsin Medicare revealed that almost 1 million beneficiaries' data was compromised due to a MOVEit vulnerability last year. Notifications to affected individuals started last week, exposing personal and health information. Cybersecurity Dive

Data leak at MNA Healthcare exposes data for 14k medical workers

A data leak at MNA Healthcare exposed personal data of over 14,000 medical workers, including encrypted SSNs, due to system misconfiguration. Cybenews

Slim CD notifies 1.7 million customers of data breach

Slim CD notified 1.7 million customers of a data breach where credit card data may have been compromised. The attack spanned from August 2023 to June 2024, with notifications issued recently and credit monitoring offered. The company has reported the incident to authorities and improved security measures. SC Magazine

Avis Car Rental breach affects nearly 300,000 individuals

Avis Car Rental's data breach impacted approximately 300,000 individuals, with unauthorized access occurring in early August. While specific data details are unclear, the company is notifying affected individuals and offering them a complimentary membership. Dark Reading

Kadokawa investigates new data leak by BlackSuit hackers

Kadokawa, a major Japanese media company, is investigating another data leak by BlackSuit hackers, following a June ransomware attack. BlackSuit threatened to release 1.5 TB of data. Kadokawa claims most recent data may not be new but is still assessing its implications with external experts. The Record

Highline Public Schools closes due to cyberattack disruptions

Highline Public Schools in Washington state closed all schools due to a cyberattack, disrupting the first day of kindergarten for many students. The district is collaborating with authorities to restore affected systems. Bleeping Computer

Ransomware attack closes Charles Darwin School in London

A ransomware attack caused the closure of Charles Darwin School in London, affecting 1,300 students. The Record

French retailers Boulanger and Cultura suffer major data breach impacting 1.5M

French retailers Boulanger and Cultura experienced significant data theft due to cyberattacks. Boulanger confirmed unauthorized access to delivery addresses, while Cultura reported 1.5 million customer records stolen. No banking data was compromised. The Record

Transport for London reveals data breach following September cyberattack. Bleeping Computer

Threat Intel

CISA urges federal agencies to fix critical Microsoft vulnerabilities

CISA has urged federal agencies to remediate four critical Microsoft vulnerabilities by month's end, as they are actively exploited. Key tools are affected, and organizations must prioritize updates to prevent data breaches and downtime. CVE-2024-43491 is notably severe but impacts an outdated Windows 10 version. The Record

Selenium Grid instances targeted for cryptocurrency mining and proxyjacking

Selenium Grid instances are targeted for cryptocurrency mining and proxyjacking due to their lack of authentication. Attackers exploit vulnerabilities using scripts to install malicious payloads, including XMRig miners. The Hacker News

Iran-linked hackers target Iraqi government with sophisticated malware

Iran-linked APT34 hackers target Iraqi government entities with sophisticated malware—Veaty and Spearal—using unique methods for command and control. The Record

Malware Vo1d infects 1.3 Million Android TV boxes worldwide. The Hacker News

Interesting Reads

CISOs propose musk ox strategy to enhance third-party risk management

The proposed "musk ox strategy" advocates for collaboration among enterprises to identify and reinforce vulnerable suppliers through shared intelligence and coordinated defenses, enhancing overall cybersecurity resilience. CSO Online

For $20 security researchers expose vulnerability in TLS due to outdated WHOIS records

Researchers exploited outdated WHOIS records, allowing control over the old .mobi domain. This vulnerability potentially enables attackers to obtain rogue TLS certificates, subverting the TLS trust model. Many CAs still rely on outdated WHOIS data for domain validation, raising serious security concerns. CSO Online

Air-Gapped Networks at Risk from PixHell Acoustic Attack

The PixHell attack enables data theft via sound waves generated by LCD screens, challenging air-gapped networks. Developed by Mordechai Guri, it requires at least one compromised device on either side. Dark Reading

33 open-source cybersecurity solutions Help Net Security

Get The Infosec Monitor every Friday in your inbox Subscribe 👉 Infosec Monitor

Data & Research

Cryptocurrency Losses

• Over $5.6 billion lost in cryptocurrency fraud in 2023, a 45% increase from 2022.

• 71% of cryptocurrency fraud losses are associated with investment BEC scams.

Help Net Security

OT

• More than half of operational technology (OT) environments have at least four remote access tools.

• 80% of OT environments have more than two non-enterprise grade tools, increasing security risks.

• 20% of organizations use at least eight remote access tools, with some using up to 16.

• Remote access tools were involved in 60% of ransomware attacks in 2023.

Cybersecurity Dive

Cybersecurity Mergers, Acquisitions, and Funding

Mergers & Acquisitions

Recorded Future to be acquired by Mastercard for $2.6B. SecurityWeek

VC Funding

Aembit, non-human IAM, raises $25M in Series A funding. SecurityWeek

Darkhive, drones and now DevSecOps, raises $21M in Series A funding. SecurityWeek

Datricks, compliance and risk management, raises $15M in Series A funding. SecurityWeek

P0 Security, IAM governance, raises $15M Series A funding. siliconANGLE

Metabase Q, cyber risk management, raises $11M in Series A extension. siliconANGLE

Operant AI, runtime protection for the cloud, raises $10M in Series A funding. SecurityWeek

Realm Security, security fabric, raises $5M in Seed funding. siliconANGLE

SplxAI, AI chatbot security, raises $2M in Pre-seed funding. SecurityWeek

Want SOC 2 compliance without the Security Theater?

• Oneleet is the all-in-one platform for SOC 2 Compliance & Attestation.

• Get the automation software, penetration test, 3rd party audit, and vCISO services in one place!

• Focus on what matters to build real-world security & pass security reviews!

Schedule a demo for pricing!