No. 48, October 25th, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Iran’s election hacking operations, CISA’s new data protection rules, and SEC fines companies for downplaying SolarWinds impact.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week

Iranian hackers increase cyber operations against US election systems

Microsoft warns of escalating Iranian cyber operations targeting the 2024 US election. IRGC-backed groups are conducting hack-and-leak operations against political campaigns, running disinformation networks, and probing election infrastructure in swing states. CSO Online

Do you employees have more questions than answers?

Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack provides instant work answers. Learn More

News

CISA proposes stronger data protection rules against foreign cyber threats

CISA unveiled new cybersecurity requirements for organizations handling sensitive US data, implementing Executive Order 14117. Key mandates include strict vulnerability patching timelines, appointing security leadership, maintaining asset inventories, and implementing data encryption. Organizations must protect data from foreign adversaries through encryption and minimization techniques. CSO Online

SEC fines four tech firms for misleading SolarWinds hack disclosures

The SEC fined four tech companies $7 million total for misleading investors about their exposure to the 2020 SolarWinds hack. Unisys, Avaya, Check Point, and Mimecast downplayed or failed to disclose breach impacts. Axios

White House adopts TLP system to boost Cybersecurity Research partnerships

The Biden administration mandates federal agencies adopt traffic light protocol (TLP) for handling vulnerability disclosures. The system gives researchers control over information sharing through color-coded confidence levels. SC Media

Penn State pays $1.25M fine over federal contract cyber failures

Penn State faces $1.25M fine for failing to implement required cybersecurity controls in DOD and NASA contracts from 2018-2023. The university acknowledged deficiencies but failed to correct them. A whistleblower complaint led to the settlement, which is part of DOJ's broader initiative to enforce cybersecurity compliance in federal contracts. The Record

New healthcare cybersecurity bill aims to tame sector vulnerabilities

New bipartisan legislation aims to establish minimum cybersecurity standards for healthcare organizations, backed by $1.3B in funding. The bill requires annual security audits and documentation, with penalties for non-compliance. Experts warn funding may be insufficient for sustained security improvements, especially given the sector's talent shortage. Cybersecurity Dive

Change Healthcare's February ransomware attack exposed over 100 million Americans' health records—the largest U.S. healthcare data breach ever. TechCrunch

AI & Security

Researchers trap AI hacking agents using specialized honeypot

Researchers deployed a sophisticated honeypot that intercepted over 800,000 interactions and identified six distinct AI-powered hacking agents. The system used prompt injection techniques and fake sensitive domains to lure and expose AI attackers. Cybernews

New AI jailbreak technique tricks Chatbots with content mixing

Researchers discovered "Deceptive Delight," a new AI jailbreak technique that combines innocent and restricted topics to bypass chatbot safety measures with 65% effectiveness. The method exploits AI's limited attention span through extended conversations. Organizations can mitigate risks through privilege controls, human oversight, and content segregation. Dark Reading

In the “thanks that’s obvious” category - Gartner predicts AI to reshape workplace structure and security by 2029.The article outlines increased security risks from AI agents among other changes. ****Cybersecurity Dive

Beyond ChatGPT: The rise of agentic AI and its implications for security. CSO Online

Microsoft warns CISOs about AI adoption gap in cybersecurity

Microsoft's Digital Defense Report reveals threat actors are leveraging AI for enhanced cyberattacks, creating urgency for CISOs to adopt AI-powered defenses. CSO Online

Cybersecurity Incidents

Mexican healthcare provider exposes 5 million patient records in database misconfiguration

A misconfigured database at eCaresoft exposed data of 5.3 million Mexican patients, including CURP numbers and personal information. While the company claims it was test data, the leak highlights risks of identity theft and fraud. The Texas-based healthcare software provider has since secured the system. Cybernews

Landmark Admin breach affects 800,000 insurance customers

Landmark Admin, a major insurance administrator, disclosed a cyberattack exposing sensitive data of 806,519 people. The breach, lasting from May to June 2024, compromised Social Security numbers and various personal information. The company discovered attackers regained access after initial detection and is now notifying victims. The Record

Crypto firm Transak reports data breach affecting 92,000 users after phishing attack

Crypto payment processor Transak suffered a data breach exposing personal information of 92,000 users after a phishing attack compromised their KYC vendor. While no financial data was exposed, the Stormous ransomware gang claims to have stolen 300GB of sensitive data and threatens to leak it without ransom payment. The Record

Internet Archive suffers Zendesk hack during breach recovery

The Internet Archive faced another security breach via compromised Zendesk token while recovering from earlier attacks that exposed 31 million users' data. Hacker accessed 800,000+ support tickets dating to 2018. While some services are restored, including Wayback Machine, the organization continues strengthening security measures during recovery. SecurityWeek

Cisco DevHub breach exposes sensitive data, experts warn of future risks

Cisco's public-facing DevHub platform was breached, with hacker "IntelBroker" claiming to have stolen sensitive data including source code and credentials. While Cisco states no internal systems were compromised, security experts warn the stolen information could enable future attacks. DevHub access remains disabled during the investigation. SC Media

Hackers breach 6,000 WordPress sites using fake update plugins

Attackers have compromised 6,000+ WordPress sites by installing malicious plugins that mimic legitimate ones. The plugins inject code displaying fake browser updates and error messages to distribute information-stealing malware. Bleeping Computer

Nidec confirms data theft after Vietnam division breach

Japanese tech giant Nidec confirmed hackers stole 50,694 files from its Vietnam-based Precision division using compromised VPN credentials. While two ransomware groups claim responsibility, no files were encrypted. Bleeping Computer

Japanese watchmaker Casio warns of delivery delays after ransomware attack. The Record

Threat Intel

Researchers uncover major flaws in E2EE Cloud Storage platforms affecting 22M Users

ETH Zurich researchers exposed critical vulnerabilities in five major end-to-end encrypted cloud storage platforms, affecting over 22 million users. Flaws enable file injection, data tampering, and unauthorized access. Most providers' security measures failed to match their marketing claims. Only Tresorit showed relatively stronger security implementation. Bleeping Computer

Hackers target CIS governments through Roundcube XSS vulnerability

Threat actors are exploiting a stored XSS vulnerability (CVE-2024-37383) in Roundcube Webmail to target CIS government organizations. The attack uses empty emails with hidden payloads to steal credentials and exfiltrate data. Bleeping Computer

Microsoft SharePoint flaw exploited as PoC code goes public A high-severity Microsoft SharePoint vulnerability (CVE-2024-38094) is being actively exploited, allowing authenticated attackers with Site Owner permissions to execute remote code. With a public proof-of-concept now available, the risk is elevated. Dark Reading

Interesting Reads

"Shift Left" is bull 💩

CISA's advisory committee reveals the "Shift Left" security approach is based on questionable research from the 1980s. The foundational studies from IBM and Barry Boehm lack credibility or clear methodology. This has led to organizations implementing ineffective security practices that create massive vulnerability backlogs and slow development. Chris H on LinkedIn

Blaming Risk Management done poorly

Osama Salah put out a critique of John Kindervag's recent article challanging his proposal to replace cybersecurity risk management with "danger management." The response defends quantitative risk approaches, arguing that proper risk management provides valuable decision-making framework. Osama Salah on LinkedIn

Data & Research

Energy Sector

• 45% of cybersecurity breaches in energy sector caused by third-party vendors

• 67% of third-party breaches were caused by IT vendors

• 92% of companies struggled with application security, network security, and DNS health

• 14% of sampled companies (35 out of 250) reported breaches

Cybernews

Cybersecurity Mergers, Acquisitions, and Funding

Mergers and Acquisitions

Secureworks, cyberthreat detection and response, acquired by Sophos for $859M. The Record

VC Funding

Socket, open source vulnerability detection, raises $40M in Series B funding. TechCrunch

Reality Defender, deepfake detection, raises $33M in Series A funding. SecurityWeek

Stream.Security, cloud data security, raises $30M in Series B funding. SecurityWeek

CyberGuru, AI-driven cybersecurity training, raises $25M in Series B funding. siliconANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.