Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — AI & Security, the impact of the SEC disclosure rule and the Interpol and the FBI's success against large threat actors.

News

The quiet cybersecurity revolution transforming cybersecurity

A thoughtful piece by Fortune is exploring the new SEC reporting mandate in the context of a broader movement to enforce cybersecurity standards across all critical infrastructure sectors. Meanwhile, TechCrunch has a well-done piece on what you need to know about the effect of SEC disclosure rules. Fortune TechCrunch

V.F. Corporation files the first 8-K filing under the new SEC rule

On Monday, V.F. Corp (Vans, the North Face) filed the first Material Cybersecurity Incident 8-K filing in a line no one wanted to be first in. Much is to be said about the new SEC rule. One thing to note is the immediate drop in stock caused as investors realized Christmas order fulfillment may be in jeopardy. It will be interesting to look at the overall impact of these filings on public companies before and after. You can read the 8-K filing here: SEC

2024 year of the CISO?

With increased pressures on CISOs in 2023, will next year be their year? COS Online's 2024 predictions say that with the shortage of qualified CISOs driving up pay, changing the reporting structure to the CEO (only 24% do today) gives them more power to demand better incident response planning. CSO Online

3,500 individuals and $300M seized in Interpol operation

The international law enforcement operation 'Operation HAECHI IV,' led by South Korean authorities in collaboration with 34 countries, resulted in a significant crackdown on cybercrime. This operation, spanning from July to December 2023, led to the arrest of 3,500 individuals and the seizure of $300 million linked to various cybercrimes. Interpol played a crucial role in freezing accounts and seizing assets through its financial intelligence mechanism, I-GRIP. The operation highlighted the increasing use of AI and deep fake technology in scams, notably investment fraud and NFT-related crimes. BleepingComputer

ALPHV operations disrupted by FBI

The FBI successfully infiltrated the ALPHV ransomware group's servers, causing disruptions in their activities. The FBI monitored ALPHV (also known as BlackCat) and helped victims with decryption keys. The FBI also took control of ALPHV's data leak site. However, ALPHV regained control of the site and claimed limited FBI access. The group has changed its affiliate program, allowing more targets and increasing revenue share, indicating its intent to keep operating despite law enforcement pressure. BleepingComputer

New GambleForce threat actor targeting SQL Injection

The new threat actor, spotted first this September, apparently has been focused on SQL Injection to some success and is only using off-the-shelf pen testing tools to find the exploits. For years, injection attacks were at the top of the OWASP Top 10 list, but in 2021, they slid down to the 3rd spot. DarkReading

New National Cyber Director confirmed

Harry Coker, formerly the Executive Director of the NSA, has been confirmed by the Senate to take the role, which has been vacant since February. SC Magazine

AI & Security

ISO publishes 42001 for Artificial Intelligence Management Systems

ISO released a new AI standard touted as "the world's first AI management system" this week. The standard provides" guidance for this rapidly changing field of technology. It addresses AI's unique challenges, such as ethical considerations, transparency, and continuous learning. For organizations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance." ISO

OpenAI partially fixes potential data leak flaw

The flaw, exploitable through malicious GPT models or user-submitted prompts, remains a concern, especially for users of the ChatGPT iOS app, where safety checks are yet to be implemented. The researcher publicly disclosed the flaw after initial reports were not adequately addressed. OpenAI's response included implementing client-side checks, but these have limitations and inconsistencies, and it's unclear if these fixes have been applied to the Android app. This situation highlights the ongoing challenges in ensuring the security of AI applications. Bleeping Computer

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

Cyber Security Incidents

First American still offline after "cybersecurity incident" Thursday

No word yet on what type of event has happened, but their website has been down since it was announced. Engadget

Xfinity breach impacts 36 million customers

The breach was in October and was due to the Citrix Bleed vulnerability. Hackers were able to spend a few days gathering customer data, which, beyond the usual customer data, included secret security questions. CSO Online

MongoDB breach exposes customer account data

MongoDB is investigating a breach that resulted in unauthorized access to its corporate systems, compromising customer account metadata and contact information. Detected on December 13, 2023, the company has not found evidence of unauthorized access to customer data stored in MongoDB Atlas. The incident is being attributed to a phishing attack. MongoDB resolved separate login issues. The full extent of the breach, including the number of affected customers, remains unclear. The Hacker News

Mr. Cooper Breach hits 14.6M current and former customers

The beach, first reported in Issue 1, has now been confirmed to have impacted over 14.6 million former and existing customers. A filing by Mr. Cooper to the Maine attorney general confirmed this number. SC Magazine

ESO Solutions data breach affects 2.7M individuals

ESO has told the Maine Attorney General that the incident in September compromised the records of 2.7 million individuals. SecurityWeek

Cryptocurrency scam hits 63k victims and steals over $59M

The 'MS Drainer' cryptocurrency scam has resulted in significant financial losses, with $59 million stolen from thousands of victims. This sophisticated operation involves phishing websites and malicious smart contracts that deceive users into transferring funds to attackers. The malware, sold by 'Pakulichev' or 'PhishLab,' is advertised through Google and Twitter ads, often using hijacked verified accounts to increase credibility. Attackers employ geofencing techniques to target victims selectively. Bleeping Computer

AboutCybersecurity is at a crossroads, changing more rapidly than we believed was possible just a few years ago. Stay informed on what's going on, what's happened, and what's coming next.I'm Bryan Smith, the author of the Infosec Monitor. I've spent over a decade pioneering changes in how cybersecurity is managed. From helping create the first cyber risk quantification (CRQ) software to advising how to approach cybersecurity pragmatically and proactively.

Data & Research

1000 entities, and $300 million in ransomware payments

The FBI has disclosed that as of Sept 2023, ALPHV Blackhat affiliates have raked in $300 million in ransomware payments. Notably, the total demands were $500 million, showing negotiation markdown and non-payment. Still, $300M! BleepingComputer

25% of high-risk vulnerabilities are exploited on the same day they're published

Qualys research has a year-in-review post that states this and other interesting data points. Qualys

Cybersecurity Mergers, Acquisitions, and Funding

Cisco to acquire Isovalent, a cloud-native security and networking startup, for an undisclosed sum. TechCrunch

Okta to acquire Israeli startup Sepra, identity attack surface management, for $100-$130M. CTECH

Halcyon, ransomware prevention software, raises a $40M Series B, after it's April $44M Series A. TechCrunch

SimSpace, a digital network replica platform, raises $45M. TechCrunch