Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Critical flaw "Linguistic Lumberjack" hits cloud providers. AI safeguards in major LLMs are ineffective, and Chinese hackers are compromising governments in the South China Sea.

Highlight of the Week

Linguistic Lumberjack critical flaw in Fluent Bit impacts major cloud providers

A critical Fluent Bit vulnerability impacts all major cloud providers. The CVE-2024-4323 flaw allows DoS and potential RCE attacks. Over 13 billion deployments are affected. Patches are available in version 3.0.4. Mitigations include restricting API access and disabling unused endpoints. Bleeping Computer, Dark Reading, The Hacker News

News

The Intercontinental Exchange (ICE) to pay $10M SEC penalty for delayed VPN breach report

ICE (who owns the NYSE) will pay a $10M SEC penalty for failing to report a 2021 VPN breach promptly. Sophisticated hackers compromised a VPN device, and ICE delayed reporting, violating Regulation SCI. The breach occurred in April 2021, but ICE took four days to assess and report it. Bleeping Computer

UK's Information Commissioner Office fines Northern Ireland police £750k for data breach affecting 9,483 staff. Bleeping Computer

Chinese hackers compromise South China Sea military and government entities

Chinese-aligned hackers, identified as "Unfading Sea Haze," have compromised eight South China Sea government and military entities over five years, focusing on espionage. They used spearphishing and Gh0st RAT variants. Another report highlights China's use of "ORB networks" of IoT devices and routers for espionage. The Record Bleeping Computer

US House committee approves Cyber Force study amendment

The US House Armed Services Committee approved an amendment to the fiscal 2025 NDAA to study the creation of a US Cyber Force. The provision, proposed by Rep. Morgan Luttrell, aims to address personnel issues in US Cyber Command. The full House will consider the $895 billion bill next month. The Record

Navy's top cyber adviser says force readiness improved 20 percent last year. Defense Scoop

NIST will specify three quantum computing-proof encryption algorithms. CSO Online

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

AI safeguards in major AI LLMs are ineffective, UK Safety Institute reports

Five major language models have ineffective safeguards against basic attacks, posing security risks. Despite vendor and government efforts to improve AI safety, over a third of companies using generative AI lack proper safeguards. The UK AI Safety Institute plans to open a San Francisco office to strengthen US collaboration on AI safety. Cybersecurity Drive

Wiz researchers discover critical vulnerabilities in the Replicate AI platform. Wiz

Critical RCE vulnerability in llama-cpp-python affects over 6,000 AI models. SC Magazine

Microsoft's AI screenshot function is being called a privacy nightmare. siliconANGLE

Cyber Security Incidents

WebTPA breach affects 2.5 million

Health insurance company WebTPA disclosed a data breach affecting 2.5 million people, including Social Security numbers. The breach, detected in December 2023, occurred in April 2023. Compromised data includes names and insurance info but no financial or treatment details. WebTPA hasn't reported any data misuse. TechCrunch

$22 million in cryptocurrency stolen from Gala Games in significant breach

Gala Games lost over $22 million in a breach where a hacker traded 600 million GALA coins for 5,913 Ethereum. The hacker created 4.4 billion more GALA coins, which were stopped before being cashed out. Gala Games is working with the FBI and DOJ to investigate this issue. "Messed up" internal controls were identified as the issue. The Record

Cyberattack on California School Association Exposes Data of 55,000

A cyberattack on the Association of California School Administrators has potentially compromised the data of nearly 55,000 individuals. Discovered in September 2023, the ransomware attack exposed personal, financial, and educational information. Security Week

Healthcare provider CentroMed data breach affects 400,000 patients

CentroMed has reported a data breach affecting 400,000 patients, compromising personal and medical information. Discovered on May 1, the breach included sensitive data like Social Security numbers. This is the second breach in a year, with a prior incident in June 2023 affecting 350,000 individuals. Security Week

800 solar monitoring devices in Japan's solar grid hit by cyberattack

An attack on 800 solar monitoring devices in Japan highlights cybersecurity risks in solar power infrastructure. Exploiting an unpatched flaw, the attackers aimed for financial gain, not grid disruption. CSO Online

Ransomware attack on MediSecure compromises Australian prescription records

A ransomware attack has hit MediSecure, compromising Australian prescription records. The attack likely stemmed from a third-party vendor, and the scope of the breach is still unclear. SC Magazine

Cybercriminals are using GitHub and FileZilla to spread multi-platform malware

Cybercriminals are using GitHub and FileZilla to distribute multiple malware variants across platforms by posing as legitimate software. The campaign involves sophisticated methods like fake GitHub profiles and malvertising. Russian-speaking actors from CIS are suspected of using centralized C2 infrastructure to enhance attack efficiency. The Hacker News

Stalkerware bug exposes Wyndham Hotel guest data online

pcTattletale, a "simple stalkerware" app, was found on systems in several Wyndham hotels in the US. A security bug in the app exposed guest information from Wyndham Hotels' online booking systems. Discovered by Eric Daigle, the bug allows public access to screenshots taken by the app. Dark Reading

JAVS courtroom recording software was backdoored with malware, impacting over 10,000 installations globally. Bleeping Computer

Hacktivists target the Philippines with ransomware amid tensions in China. The Record

American Radio Relay League hit by cyberattack. Bleeping Computer

Interesting Reads

YouTube: The new battleground for phishing and deep fake scams

YouTube is now a battleground for phishing and malware, with Lumma and RedLine exploiting the platform. Deepfake videos and compromised channels are spreading scams, while personalized phishing emails are targeting creators. Dark Reading

UC Santa Cruz students uncover free laundry flaw in CSC ServiceWorks

Two UC Santa Cruz students found a security flaw in CSC ServiceWorks' laundry machines, allowing free usage. After ignoring their reports, CSC apologized and thanked them post-publication, pledging to improve security. The vulnerability bypassed the mobile app's API security checks, affecting over a million machines. TechCrunch

LockBit is no longer the world's biggest ransomware gang. CSO Online

Cyberattacks drive the cybersecurity industry to $215 billion. Cybersecurity Dive

Data & Research

Shadow AI on the rise; sensitive data input by workers up 156%. SC Magazine

The number of "deep fake" incidents in the financial technology sector alone increased by 700% in 2023.SecurityWeek

According to Arctic Wolf research, 48% of organizations identified evidence of a successful breach in the past 12 months. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Acquisitions & Mergers

Venafi, machine identity management, to be acquired by CyberArk for $154B. The Record

VC Funding

Bolter, phishing prevention, raises $14M in Series B. TechCrunch

Averolon, cloud security, raises $8M in Seed funding. siliconANGLE

Usefront, authentication and identity, raises $5.3M in Seed funding. siliconANGLE

HoundDog.ai, AI code scanning, raised $3.1M in Seed funding. siliconANGLE