No. 49, November 1, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Chinese hackers hack telcom networks targeting Trump and Harris, largest retail breach ever hits 350M customers, and the Whitehouse prepares a new cybersecurity EO.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

Chinese hackers target Trump and Harris teams through telecom networks

Chinese hacking group Salt Typhoon breached U.S. telecom networks, accessing phone calls and messages of prominent political figures including Trump and Harris associates. FBI and CISA are investigating, while the White House meets with affected telecoms. The attack represents an escalation in election interference tactics beyond traditional disinformation campaigns. Axios

Tired of “Sorry to bother you, but how do I…”?

Are you tired of getting interrupted like this all week long? Save time by using AskJack, your companies internal knowledge base built from your documents and data and not by you.

Learn More

News

White House prepares new cybersecurity EO focused on AI and cloud security

The White House is finalizing a second cybersecurity executive order targeting federal agencies, scheduled for December signing. The order addresses AI implementation, cloud security, software standards, and post-quantum cryptography. It builds on Biden's 2021 cybersecurity order and aims to modernize federal security infrastructure before the administration change. Cyberscoop

Chinese hackers breach Canadian networks

Canada's cyber agency warns that Chinese state hackers breached 20 government networks in four years, targeting critical infrastructure and R&D sectors. Recent scans against political entities raise concerns ahead of 2025 elections. The Record

Six senators warn Biden team UN cybercrime treaty threatens rights

Democratic senators urge Biden officials to revise the UN cybercrime treaty before the General Assembly vote, warning it could enable authoritarian surveillance and compromise human rights. The treaty, requiring two-thirds Senate approval, mandates law enforcement access to computer systems without adequate privacy protections or safeguards for security researchers. The Record

Delta launches record lawsuit against CrowdStrike over July outage

Delta Air Lines is suing CrowdStrike for $500 million over a July outage that disrupted 1.3 million passengers. The airline blames faulty security software testing, while CrowdStrike claims Delta's outdated IT infrastructure caused slow recovery. The Department of Transportation is investigating Delta's response time compared to other carriers. Dark Reading

Dutch police lead takedown of Redline and META malware rings. SC Media

Attackers accidentally expose 15K stolen Git credentials in public S3 bucket. SecurityWeek

Industry groups challenge CISA's cyber reporting rules. Cyberscoop

AI & Security

“Back to the Future, Securing Generative AI”

Generative AI systems present both traditional and novel security challenges. While familiar issues like supply chain and data security persist, new complexities arise from multimodal inputs, probabilistic outputs, and hallucinations. Securing these systems requires understanding their components - including training, inference, and deployment methods - while developing new security approaches. SecurityWeek

Researchers bypass Microsoft Azure AI safety filters using character injection

Researchers at Mindgard identified two vulnerabilities in Microsoft Azure AI Content Safety that allow bypassing content filters and jailbreak protections. Using character injection and ML evasion techniques, they significantly reduced detection rates. Microsoft has implemented fixes but disputes the severity, claiming issues only affect individual sessions. CSO Online

Companies struggle with AI security as vendor breaches rise

Organizations face unprecedented security risks in the AI era, with only 11% of IT budgets allocated to security. Most companies don't offer AI data training opt-outs, while compliance demands grow. Security teams could save 3-5 hours weekly through automation, as 46% report vendor breaches and weekly cyber threats continue rising. Help Net Security

Cybersecurity Incidents

Rhysida gang demands $1.3M after Easterseals breach exposes disabled Americans' data

Rhysida ransomware gang breached Easterseals, a century-old disability services organization, compromising sensitive data of 14,855 individuals. The April attack prompted a $1.35M ransom demand. Stolen information includes medical records and personal identification. Cybernews

Major Peruvian bank Interbank reports data breach affecting 3M customers

Peru's Interbank confirms massive data breach exposing sensitive information of up to 3 million customers. Hacker selling 3.7 TB of data including credit cards, login credentials, and personal information on dark web. Bank took services offline while prosecutors investigate and demand security fixes. Financial impact yet unknown. The Record

Supply chain attack on Lottie Player leads to Crypto theft

A supply chain attack on Lottie Player, a popular web animation tool, resulted in malicious versions pushing crypto scam pop-ups to users. The compromise occurred via a stolen developer token, affecting versions 2.0.5-2.0.7. At least one user lost crypto funds. A patched version 2.0.8 is now available. Help Net Security

Hacker sells 350M Hot Topic customer records in possible largest retail breach

A massive data breach potentially affecting 350 million Hot Topic customers emerged when threat actor "Satanic" listed customer records for sale. The breach impacts Hot Topic, Torrid, and Box Lunch, stemming from a compromised third-party vendor. The database includes personal information, payment details, and loyalty points. Cybernews

Mystic Valley Elder Services breach exposes data of 87K clients

Massachusetts-based Mystic Valley Elder Services discovered a data breach affecting 87,000 elderly and disabled clients. The April incident potentially exposed sensitive personal, financial, and medical information. While notification began in June, no ransomware groups have claimed the attack. SecurityWeek

French ISP Free hit by Data Breach affecting 19M Customers

France's second-largest ISP Free confirms cyberattack exposing personal data of 19 million customers. Stolen information from internal management tools, including bank account details, was listed for sale on Dark Web. No passwords or communications compromised. Dark Reading

PSAUX ransomware targets 22K CyberPanel servers in zero-day exploit

A massive ransomware attack exploited a zero-day vulnerability in CyberPanel, encrypting 22,000 servers worldwide. The critical authentication bypass flaw (CVE-2024-51567) enabled complete server takeover. Though CyberPanel quietly patched the vulnerability, many systems remained vulnerable. LeakIX has released a decryptor for affected servers. CSO Online

Polish IT firm Atende faces data leak after refusing ransom demand

Polish IT provider Atende refused ransom demands following an October cyberattack, resulting in criminals leaking 1.2 TB of sensitive data. The breach exposed 15 years of contracts, employee information, and login credentials. Atende maintains its anti-ransom stance despite the leak and has implemented additional security measures. CSO Online

Threat Intel

Russian hackers target government workers with new RDP attack method

Microsoft reveals Russian intelligence hackers launched a sophisticated phishing campaign targeting government workers globally. Using novel RDP configuration files, attackers gain complete device access. The ongoing campaign has hit thousands of targets across 100+ organizations since October 22, affecting multiple sectors including defense and academia. The Record

Taiwan Facebook businesses hit by sophisticated infostealer campaign

Threat actors are targeting Taiwanese Facebook business accounts through sophisticated phishing emails claiming copyright violations. The campaign, active since July, deploys Lumma and Rhadamanthys infostealers using legal threats as bait. Attackers use anti-detection techniques and traditional Chinese language to target Chinese speakers. DarkReading

Zimperium uncovers advanced FakeCall Android malware using new vishing tactics

Zimperium discovered an advanced version of FakeCall Android malware that elevates voice phishing attacks. The malware intercepts calls, records audio/video, and controls devices while mimicking legitimate banking interfaces. It uses sophisticated evasion techniques and can redirect bank calls to attackers, posing significant financial fraud risks. siliconANGLE

Windows systems vulnerable to downgrade attacks despite security patches. Cybernews

Interesting Reads

Sophos reveals use of implants to track Chinese hackers targeting zero-days

British cybersecurity firm Sophos revealed it deployed custom surveillance tools to monitor Chinese state hackers targeting their products since 2018. The attackers breached Sophos' India office and used sophisticated tools to exploit zero-days in firewall products. Attacks later shifted to target critical infrastructure in Asia-Pacific regions. SecurityWeekBleeping Computer

Tracking world leaders using Strava

Bruce Schneier shares three reports from France’s Le Monde which demonstrate how US, Russian, and French leaders have been tracked using the popular Strava app. Schneir on Security

Poor vulnerability management signals cyber governance risks, S&P warns. S&P Global

Every cybersecurity list should be a risk-ranked list. Roger Grimes | LinkedIn

North Korean hackers use Play ransomware to evade sanctions. Bleeping Computer

77% of CISOs fear next big breach will get them fired. CSO Online

Data & Research

Ransomware hits record highs as Change Healthcare pays $22M to ALPHV Gang

• Four eight-figure ransoms have been paid this year

• Change Healthcare paid $22 million to ALPHV gang

• Data theft-only attacks increased by 30% in 2024

TechCrunch

Cybersecurity Mergers, Acquisitions, and Funding

Mergers and Acquisitions

Effective, risk decisioning, acquired by Socure for $136M. SecurityWeek

VC Funding

• Armis, device detection and protection, raises $200M in Series D funding. siliconANGLE

• Concentric AI, data security governance market, raises $45M in Series B funding. SecurityWeek

• Zenity, secure agentic AI, raises $38M in Series B funding. SecurityWeek

• Filigran, threat management, raises $35M in Series B funding. TechCrunch

• Nillion, trust-sensitive network computation, raises $25M in an unknown venture round. siliconANGLE

• Abstract Security, security data fabric and analytics, raises $15M in Series A funding. SecurityWeek

• MIND, data loss prevention, raises $11M in Seed funding. SecurityWeek

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.