In partnership with

No. 51, November 15, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — FBI confirms Chinese hackers breached major US telecoms and Amazon and Delta (+23 others) confirm data leak due to MOVEit hack.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

FBI confirms Chinese hackers breach US telecom networks in major espionage campaign

FBI and CISA confirmed Chinese state hackers breached multiple US telecom networks in a major espionage campaign. Attackers accessed customer call records, government officials' communications, and court-ordered surveillance data. Major providers including AT&T and Verizon were compromised. The investigation continues with broader implications expected. Bleeping Computer CSO Online SecurityWeek

CFPB bans mobile calls after Chinese Telecom hack. CSO Online SecurityWeek

ChatGPT for your business

No more, “Sorry to interrupt…” for you. Save time by using AskJack, your companies internal knowledge base built from your documents and data and not by you. Learn More

News

UN cybercrime treaty advances despite tech and rights groups' opposition

The controversial UN Cybercrime Convention advances to final vote despite opposition from tech giants and human rights groups. US defends support while acknowledging risks of surveillance abuse and privacy violations. Critics warn the treaty could criminalize security research and enable authoritarian control. Final vote expected December 2024. The Record

NIST clears KEV backlog but struggles with legacy CVE processing

NIST reports progress in clearing its National Vulnerability Database backlog, with all Known Exploited Vulnerabilities now processed and new entries being handled in real-time. However, legacy non-exploited vulnerabilities remain backlogged due to data format challenges. The agency is developing new systems to address these remaining issues. Help Net Security NIST

TSA proposes new cyber rules for transportation and pipeline sectors

TSA proposes mandatory cyber risk management rules for surface transportation and pipeline operators, requiring incident reporting to CISA and TSA. High-risk operators must develop comprehensive security programs. The proposal, driven by recent major cyber attacks, builds on NIST and CISA frameworks. Comment period ends February 2025. Cybersecurity Dive

WhatsApp lawsuit reveals NSO Group infected 1,400 users with Pegasus Spyware. The Record

AI & Security

Seven categories of AI help CISOs make security decisions CISOs face crucial decisions in selecting AI support systems across seven distinct categories. While summarization and facilitation tools prove reliable, caution is needed with analytical and generative AI. Organization size significantly impacts system selection. Current recommendation: adopt basic summarization tools and chatbots while avoiding unproven preference and consensus technologies. CSO Online

Zero trust Implementation guide for AI and LLM security combines ethics and security. CSO Online

Mozilla researcher reveals ChatGPT sandbox access flaws

Researcher Marco Figueroa exposed significant access to ChatGPT's sandbox environment, allowing users to upload/execute Python scripts and access internal "playbook" data. While the sandbox remains isolated from host systems, this access could enable malicious actors to bypass AI safeguards. OpenAI is investigating these findings. Bleeping Computer

Google patches Vertex AI flaws that exposed enterprise LLMs. Dark Reading

Cybersecurity Incidents

Hacker leaks employee data from Amazon, Delta through MOVEit breach

A hacker called "Nam3L3ss" leaked employee directory data from 25 major organizations, including Amazon and Delta, stolen through the MOVEit vulnerability in May 2023. While no sensitive personal data was exposed, the breach affects millions of employee records. Companies confirm the data came from third-party vendors, not internal systems. Help Net Security Cybernews

Data aggregator DemandScience confirms breach affecting 122 million records

A massive data breach at B2B company DemandScience exposed 122 million people's business contact information. Initially denied in February, the company later confirmed the leak came from a decommissioned system. The data, including names, emails, and job details, is now publicly available on hacking forums. Bleeping Computer

Texas oil services firm Newpark Resources reports October ransomware incident

Texas-based Newpark Resources disclosed a ransomware attack that disrupted internal systems on October 29. While business operations were impacted, manufacturing continued using downtime procedures. Cybersecurity Dive

Hackers breach Hungarian defense agency, demand $5 million ransom

Hungary confirmed a ransomware attack on its defense procurement agency by INC Ransomware group. Hackers accessed military procurement plans and non-public documents, demanding $5 million. While officials claim no sensitive military data was compromised, leaked screenshots suggest access to army air and land capabilities information. The Record

Debt relief company Set Forth exposes 1.5M SSNs in data breach

Set Forth, Inc., a debt relief services provider, disclosed a data breach affecting 1.5 million individuals' personal information, including SSNs and addresses. The May 2024 incident impacted both direct customers and those from business partner Centrex. Cybernews

Ahold Delhaize hit by cyber incident, disrupts US pharmacy and online services

Grocery giant Ahold Delhaize's U.S. operations face disruptions from a cybersecurity incident, forcing system shutdowns affecting pharmacies and e-commerce services. While all stores remain open and accept payments, Hannaford's online services remain offline. Cybersecurity Dive

DDoS attack disrupts credit card payments across Israel

A DDoS attack disrupted credit card payments across Israel for an hour by targeting Hyp's CreditGuard payment system. While communications were affected, no data was stolen. The Record

City of Sheboygan hit with network breach

Cybercriminals breached Sheboygan, Wisconsin's network systems in late October, demanding ransom. While city operations continue with limited disruptions and cloud services remain functional, officials are working with law enforcement and cybersecurity experts. The Record

Idaho hacker gets 10 years for PII theft and Bitcoin extortion scheme

An Idaho man received 10 years in prison for a massive data theft scheme targeting medical and law enforcement servers. Robert Purbeck stole 132,000 individuals' personal data and attempted to extort an orthodontist with Bitcoin ransom. He must pay over $1 million in restitution and serve supervised release. Dark Reading

Hot Topic breach exposes 57 million Customers' data while Company stays silent

Have I Been Pwned reports 57 million Hot Topic customers' personal data was exposed in an October breach. The compromise includes contact info, partial credit card data, and demographics. A hacker called "Satanic" claims responsibility, initially demanding $100,000 ransom. Hot Topic hasn't confirmed or notified customers. TechCrunch

Form I-9 data breach expands to impact 193,000 People

Form I-9 Compliance, a provider of employee verification services, disclosed a data breach affecting over 193,000 individuals - up from initial estimates of 27,000. The February breach, discovered in April, exposed names and Social Security numbers. SecurityWeek

Law firm breach exposes Presbyterian Healthcare patient data

Thompson Coburn law firm's network breach exposed sensitive data of 305,088 Presbyterian Healthcare patients. The May incident compromised personal and medical information, including SSNs and clinical data. No ransomware group has claimed responsibility. SecurityWeek

Threat Intel

China-linked Volt Typhoon targets US infrastructure with new botnet attacks

China-linked Volt Typhoon has resurged with sophisticated botnet attacks targeting US critical infrastructure through outdated Cisco and Netgear routers. Despite previous DOJ disruption efforts, the group has evolved, leveraging end-of-life devices and global servers to mask operations. US officials warn of potential escalation amid rising tensions. CSO Online

Swiss agency warns of postal letters delivering Android malware

Swiss cybersecurity agency warns of malicious postal letters containing QR codes that download Android malware. The scam impersonates MeteoSwiss weather agency and steals data from banking and other apps. Victims should factory reset devices. The Record

Iranian hackers target aerospace workers with LinkedIn scam

Iranian hackers are targeting aerospace professionals on LinkedIn through fake recruiter profiles. The group, TA455, sends malicious zip files that deploy the SlugResin backdoor malware through DLL side-loading. They use GitHub for command-and-control communications and mimic other threat actors to avoid detection. Dark Reading

Attackers abuse zip concatenation to hide SmokeLoader malware

Threat actors are exploiting zip file concatenation—a method of combining multiple archives—to hide malware in phishing attacks. The technique takes advantage of how different zip readers process these files, allowing attackers to conceal SmokeLoader Trojan. A recent campaign disguises malicious files as urgent shipping documents. Dark Reading

FBI alerts companies to rise in fake emergency data request attacks. SecurityWeek

Millions of records exposed through Microsoft Power Pages misconfigurations. SecurityWeek

North Korean hackers test new macOS malware using Flutter SDK. Cyberscoop

D-Link won’t fix critical bug in 60,000 exposed EoL modems. Bleeping Computer

Attackers exploit vulnerability in Palo Alto Networks migration tool ahead of EOL. Cybersecurity Dive

Interesting Reads

Rising CVE volume forces organizations to rethink vulnerability management

Organizations face mounting pressure from escalating CVE volumes, projected to increase 25% in 2024. While vulnerability management programs are common, companies struggle to prioritize and address critical threats. Experts emphasize the importance of context-based prioritization and business-aligned security strategies over attempting to fix every vulnerability. Cybersecurity Dive

Researchers find 70,000 domains hijacked in DNS attack scheme

Researchers discovered 70,000 domains hijacked through "Sitting Ducks" attacks, exploiting DNS misconfigurations. Attackers abuse domains' good reputation for phishing, malware, and fraud. Multiple threat groups actively exploit this vulnerability, which has existed since 2018 but gained attention recently. The Hacker News

Halliburton reports $35 million loss after ransomware attack. Bleeping Computer

Microchip Technology reports $21.4M expense from August cyberattack. Cybersecurity Dive

Data & Research

Study reveals why one-third of companies can't identify breach sources

One-third of organizations can't identify the cause of recent security breaches, while 75% struggle with complex security stacks. Key factors include detection delays averaging 207 days, sophisticated attacks, limited budgets, and alert fatigue. Experts recommend improved integration, prioritized alerts, and comprehensive visibility across assets. CSO Online

Zero-day attacks rise as Cyber agencies report top exploited vulnerabilities

A five-nation cybersecurity report reveals a significant rise in zero-day exploits during 2023, marking a shift from previous years' focus on older vulnerabilities. Major targets included Citrix NetScaler, Cisco IOS XE, and Log4Shell. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Mergers and Acquisitions

• Cybersixgill, dark web security, acquired by Bitsight for $115M. TechCrunch

• Trustwave, managed services, and Cybereason, endpoint detection and response, announce a definitive merger. Dark Reading

VC Funding

• Upwind, cloud security, in talks to raise $100M. TechCrunch

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

The Daily Newsletter for Intellectually Curious Readers

• We scour 100+ sources daily

• Read by CEOs, scientists, business owners and more

• 3.5 million subscribers

Sign up today!