Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Indian gov hit by data espionage, zero-day exploits up 50% in 2023, and the White House mandates AI governance.

Highlight of the Week

Indian government and oil companies hit by data espionage

EclecticIQ researchers report that an espionage campaign targets the Indian government and energy companies. Hackers are using a tool called HackBrowserData to steal data through a fake email from the Indian Air Force. They have stolen user details, cookies, and browsing history, sending 8.81 GB of data to Slack channels named "FlightNight." Dark Reading

News

CISA releases 447-page draft for cyber incident reporting rule

The new draft for the 2022 ruling covers precisely how and what critical infrastructure organizations are required to report in the event of a cybersecurity incident.  FederalRegistrar.gov The Record

UK nuclear site faces legal consequences over cybersecurity failures

Sellafield, a nuclear facility in the UK, faces prosecution due to "alleged IT security offenses" from 2019 to 2023. Under the Nuclear Industries Security Regulations, convictions can carry up to two years imprisonment. The Record

Pentagon releases new strategy to boost cybersecurity for its contractors

The Pentagon's cybersecurity strategy aims to protect military contractors against cyber threats by enhancing their digital defenses, ensuring compliance with security standards, and providing strategic advice, focusing on supporting small firms. Defense Scoop

US announces $10M bounty for ransomware gang behind Change Healthcare attack. Dark Reading

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

White House mandates AI safeguards and transparency for federal agencies

US Vice President Kamala Harris announced an AI directive for federal agencies to implement safeguards and increase transparency by December. Measures involve tracking AI's impact on society, stopping biased algorithms, allowing opt-outs for facial recognition, and ensuring human oversight. Federal agencies must train their staff in AI, appoint Chief AI Officers, establish AI governance boards, and report their AI usage publicly annually. The Record

UN resolution on AI encourages measures against malicious use. SC Magazine

Enterprises are increasingly blocking AI over security concerns. Help Net Security

Cyber Security Incidents

Ransomware Attack Leaks Scottish Healthcare Patient Data

The INC ransomware group is extorting NHS Dumfries and Galloway. They threaten to release more stolen patient data unless paid. Some patient data has already been published. The Record

German Political Parties Targeted by APT29 Hackers

Researchers at Mandiant report that the Russian hacking group APT29 has begun targeting German political parties via phishing emails containing false dinner reception invites. The emails link to compromised sites, resulting in a malware deployment. Help Net Security

PyPI temporarily shuts down user registration

The package repository for Python has temporarily shut down user registration due to a malware campaign. Threat actors continue to create new fake packages or use similar names to actual packages containing malware. Hundreds of millions of packages are downloaded daily. Bleeping Computer

Vietnamese broker hit by cyber attack

VNDirect, a Vietnamese securities broker, had its services disrupted by a cyber attack. This led to a temporary suspension of transactions by the Hanoi Stock Exchange. The Record

Cisco warns of password-spraying attacks on VPN services. Bleeping Computer

Retailer Hot Topic hit by credential stuffing attacks. Bleeping Computer

Activision is currently investigating a hacking campaign to steal gamers' account details. TechCrunch

Yet another Florida city hit by ransomware, this time St. Cloud. The Record

17,000 Microsoft Exchange servers are vulnerable to critical bug. Help Net Security

6,000 SOHO and IoT devices by ASUS were infected by malware botnet. Bleeping Computer

Interesting Reads

Nothing will change as a result of the Change Healthcare incident

Previous significant breaches have led to both public outcry and assurances from healthcare entities that change will come. However, real progress requires secure resources and funding. SC Magazine

AT&T still silent on the source of massive customer data leak

It's been two years since personal information for 73 million AT&T customers was leaked. Yet AT&T is still silent on the how and who. TechCrunch

Do we need an independent branch of the military for cyber security? Defense Scoop

6-steps to assessing cyber risk for the enterprise. CSO Online

Data & Research

Zero-day exploits up 50% in 2023

Google researchers said that in 2023, they observed 97 zero-day exploits in the wild. Compared to 62 in 2022. The Record

Only 3% of global organizations are fully prepared for cyber threats

Cisco's 2024 Cybersecurity Readiness Index reports that nearly no one is fully ready. The survey took responses from 8,000+ business leaders to conclude that most had overconfidence in their cybersecurity capabilities. Despite this, numerous businesses experienced at least one incident in the past year, incurring significant costs. SiliconANGLE

Companies maintaining high-security measures outperform peers by up to 372%

"The report, which analyzed data from more than 4,000 global companies, found that over three years, the average total shareholder return for companies with advanced security performance ratings was 67%, compared to 14% for companies with only basic ratings." CSO Online

Cybersecurity Mergers, Acquisitions, and Funding

Coro, cybersecurity for SMBs, raises $100M in Series D. TechCrunch

Skyflow, data privacy, raises $30M in Series B. SiliconANGLE

Bedrock Labs, data security, raises $10M in Seed funding. SiliconANGLE

Sprocket Security, an offensive security platform, raises $8M in Series A. SiliconANGLE

StealthMole, AI-powered dark web intel, raises $7M in Series A. TechCrunch

SydeLabs, Gen-AI security, raises $2.5M in Seed funding. SecurityWeek