Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — CISA was hacked using Ivanti vulnerabilities, the Magnet Goblin threat actor is a mark above the rest, and the EU passed the Artificial Intelligence Act.

Highlight of the Week

Hackers used Ivanti vulnerabilities successfully against CISA

Now we know why CISA was so persistent about those Ivanti vulnerabilities. They knew firsthand how bad they were. Hackers exploited vulnerabilities in Ivanti's software to gain access to two applications operated by CISA. Specifically the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. These breaches occurred amidst a broader context of attacks targeting Ivanti products, including at least one espionage cyber gang linked to China. In response to discovering these vulnerabilities, CISA instructed federal agencies to disable deployments of affected Ivanti products, and Ivanti has since issued patches to address these security flaws. SiliconANGLE SC Magazine Dark Reading

News

US intelligence leaders presented to Congress

They highlighted threats such as cyberattacks, AI misuse in influence operations, rampant use of commercial spyware against dissidents and journalists, and ransomware attacks on critical infrastructure. I wasn't surprised everyone uses commercial spyware (74 countries!). TechCrunch

FCC creates voluntary IoT cybersecurity labeling program

The FCC's new "US Cyber Trust Mark" program aims to secure IoT devices like baby monitors and home cameras by ensuring they comply with specific cybersecurity standards. This voluntary label, endorsed by major retailers and manufacturers, promises consumers enhanced security through features like unique passwords and regular software updates. The label will also include a QR code, providing further details on the product's cybersecurity features, such as support duration and update mechanisms. The Record

Magnet Goblin threat actor exploiting vulnerabilities at unprecedented pace

Since January 2022, a threat actor, Magnet Goblin, has rapidly exploited vulnerabilities in public services and edge devices, such as Ivanti products. Using one-day vulnerabilities and deploying custom malware like Nerbian RAT on Windows and Linux systems exposed a critical gap in Linux server security. The rise in Linux-focused attacks necessitates companies promptly patching vulnerabilities and strengthening their Linux defenses, signifying a trend of threat actors targeting less-secured systems for profit. The Hacker News

AI & Security

EU approves "Artificial Intelligence Act"

The act bans specific AI applications and imposes strict requirements on high-risk AI systems in critical infrastructure and law enforcement, demanding high data quality, transparency, and human oversight. General AI systems like chatbots require transparency and user awareness. The act also offers supportive measures for innovation, benefits SMEs and startups, and imposes penalties for non-compliance. It aims to balance AI innovation benefits with safety, privacy, and ethics, potentially shaping global AI policy. SC Magazine

Researchers extract secrets via attacks on AI models

A group of researchers from Google and OpenAI has developed an attack capable of extracting critical architectural details from proprietary large language models (LLMs) such as ChatGPT. By leveraging APIs, they executed a "top-down" attack to glean information from the last layer of the neural network. This approach allowed them to uncover proprietary data, such as the width of the transformer model and its total parameter count. With an expenditure of under $20, the team successfully extracted significant details from models like OpenAI's ada and babbage, showcasing the vulnerabilities in widely adopted AI technologies. Dark Reading

OWASP releases "LLM AI Cybersecurity and Governance Checklist." OWASP's new guidance addresses risks in the fast-growing generative AI and LLMs. It provides a guide to help organizations implement these technologies safely. The checklist includes understanding adversarial risks, creating an AI inventory, robust governance, and legal considerations, emphasizing ethical deployment, and continuous risk assessment. CSO Online

Presented by maikroservice

🚀 Ready to start defending the internet as a SOC Analyst?

But are you: Wondering where to start? Curious about what sets the top-tier analysts apart? Eager to dive into hands-on training?

Join us at the Practical SOC Analyst Bootcamp starting April 7th! Led by industry professional Dr. Maik Ro (@maikroservice), you'll gain practical skills by running attacks and detect them afterwards.

Only 9 Seats left and they are filling up fast!

Grab yours now at:

https://maikroservice.com/bootcamp 🛡️💼

Cyber Security Incidents

43M in France impacted by breached unemployment agency

France Travail, France's government agency for unemployment, states that personal data for up to 43M may have been breached. The data stolen covers 20 years. The data includes multiple identifying numbers and personal data, not banking data. Bleeping Computer

Nissan hacked, impacting 100K in Australia and New Zealand

Local servers were hacked, gaining access to a variety of records. Record types include identifying documents from passports, driver's licenses, and medical cards. The cyber attack occurred in December. The Record

Stanford breach of Dept. of Public Safety network impacts 27K

The breach occurred in September, but only this week did Standford confirm the data loss. Specifics on what type of data were not available other than it could include IDs, passports, birthdates, etc. Stanford has not confirmed the attack type, but the Akira ransomware gang claimed it. Bleeping Computer

15K Roku accounts hacked via credential stuffing attacks

The hacked Roku accounts were then used for fraudulent purchases. Roku notified customers last week of the attacks. The accounts were sold online for $0.50 each. Bleeping Computer

Over 150K IoT devices in UAE are open to attack. Dark Reading

Acer Philippines employee data was hacked via a third party. Bleeping Computer

Another critical Fortinet RCE vulnerability. Dark Reading

3,900 WordPress sites were hacked via XSS vulnerability in a plugin. The Hacker News

Interesting Reads

6 CISO Takeaways From the NSA's Zero-Trust Guidance

DarkReading has a solid summary of the latest guidance from the NSA on Zero-Trust adoption. Zero-Trust has been oddly slow in adoption, but the principles are solid. NSA's focus on segmentation makes sense; start down that path, then expand. DarkReading

An interview with LockBitSupp

The Record has the transcript of an interview with LockBitSupp, the notorious leader of the LockBit ransomware group. The interview was recently taken after the crackdown. The Record

Data & Research

90% of exposed secrets remain active for at least five days. Help Net Security

12.8 million secrets were exposed on GitHub repositories in 2023. Bleeping Computer

Healthcare networks are an issue

63% of CISO-tracked KVEs can be found on them. 87% of medical devices support don't support endpoint protection. 23% of medical devices have at least one known major exploited vulnerability. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Codezero, DevOps security, raises $3.5M in Seed funding. Security Week

Avalor, cybersecurity data processing, was acquired by Zscalar for $350M. SiliconANGLE

Thank you for reading Infosec Monitor. This post is public so feel free to share it.