Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — LockBit wasn’t taken down like we thought, NIST-CSF 2.0 released, and a very active week in cyber attacks.

Highlight of the Week

LockBit, not so dead

Drawing comparisons to a Hydra, the hacker group LockBit has relaunched their data leak site. Law enforcement agencies know who LockBitSupp is and where he's at, but they cannot get to him. He has gone on to post messages to the FBI stating that "The FBI hacked the servers and took over the leak site to prevent the leaking of sensitive information stolen by the gang (or an affiliate) from government computer systems in Fulton County, Georgia," did not get decryptors as they claimed, and that all of the data retrieved still had backups. Help Net Security Bleeping ComputerThe Hacker News

News

NIST-CSF 2.0 Released

BUST has released 2.0 of the widely used NIST Cybersecurity Framework. The updates help make the framework usable by a wider audience, tie cybersecurity to broader organizational decision-making, and ease implementation with new resources. NIST SC Magazine

CISA warns ALPHAV/BlackCat is targeting the healthcare sector

The US agency is warning that ALPHAV/BlackCat is targeting the healthcare sector in an apparent resurgence. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized." The Hacker News CISA

The US Office of National Cyber Director wants companies to move to memory-safe languages

Citing that 70% of vulnerabilities can be eliminated by moving to a memory-safe language (such as Java, Python, and Rust), the Director's office asks companies to make the change. Dark Reading

Is the CIO role doomed?

With the rise of the CISO and the new SEC rulings, does the CIO role still make sense? CSO Online

AI & Security

Malicious ML Models on Hugging Face Platform

"Researchers have discovered about 100 machine learning (ML) models that have been uploaded to the Hugging Face artificial intelligence (AI) platform and potentially enable attackers to inject malicious code onto user machines." Dark Reading

FTC's Khan sends clear warning on AI data privacy

In a recent speech, Lina Khan, Chair of the FTC, stated, "Firms cannot use claims of innovation as cover for law-breaking" in reference to using sensitive data, such as health, geolocation, or browsing data, as inputs into training AI models. "There is no AI exemption," Khan firmly stated. The Record

Presented by maikroservice

🚀 Ready to start defending the internet as a SOC Analyst?

But are you: Wondering where to start? Curious about what sets the top-tier analysts apart? Eager to dive into hands-on training?

Join us at the Practical SOC Analyst Bootcamp starting March 10th! Led by industry professional Dr. Maik Ro (@maikroservice), you'll gain practical skills by running attacks and detect them afterwards.

Only a few Seats left and they are filling up fast. Grab yours now! Let's elevate your skills together, register today at:

https://maikroservice.com/bootcamp 🛡️💼

Cyber Security Incidents

ConnectWise remote-access software vulnerability is now under mass attack

The vulnerability reported last week as "comically easy to use" is unsurprisingly used in attacks worldwide. Mandiant and others are saying it's being used in mass exploitation. TechCrunch

Change Healthcare, ransomware attack linked to ConnectWise vulnerabilities

Meanwhile, the Change Healthcare ransomware attack appears to have been made possible by the same ConnectWise vulnerabilities. The ALPHV/BlackCat ransomware group has claimed responsibility for the attack and is threatening to leak the stolen data. The attack has led to delays in prescription orders for millions. SC Magazine Help Net Security

Royal Canadian Mounted Police hit by "alarming" cyberattack

The Canadian police agency has reported a breach of "alarming" magnitude. Reports do not state what data was accessed, only that it did not disrupt operations and that mitigations are now in place and the event is under investigation. The Record

AI service, Cutout.Pro, hit with breach impacting 20M users

Data from the AI company appeared on BreachForums (and the hacker's Telegram channel) by a user with the alias "KryptonZambie." The data, a CSV appearing to a complete database dumb, includes names, emails, hashed and salted passwords, and IP addresses of their users. Bleeping Computer

€15.5M stolen from Pepco Group in phishing attack

The Hungarian branch of the UK company was targeted by a "sophisticated fraudulent phishing attack" (I thought all phishing attacks were fraudulent). The attack appears to have been a business email compromise scheme. Security Week

Law firm confirms May 2023 breach impacted 325K people

A US law firm, House LLP, stated in a regulatory filing that a breach in May of 2023 exposed the personal data, including credit card numbers, of 325,000 people. The attack was the result of unauthorized access by a third party. Curiously, the law firm contacted the attacker shortly after the attack but did not specify how. The Record

Universities using 14-year-old, discontinued CMS editor, used in SEO poisoning attacks

The software FCKeditor, a text editor used for editing websites, appears to be still used by universities such as MIT, Columbia, Perdue, and others. Hackers exploiting the software can insert redirects, which, coming from a high-profile website, end up being trusted by search engines. Bleeping Computer

Cencora, a Fortune 500 pharmaceutical, says it has been breached in new SEC 8-K filing

The filing states that Cencora has contained the breach, but sensitive data, which may contain personal information, has been exfiltrated. They state they have yet to determine if the event is material. The Record

Anycubic 3D printers hacked as a warning?

Users of Anycubic's 3D printers are reporting they have been hacked. Users' printers reportedly show a new text file that says their machine was hacked and to take it offline if they "don't wanna get hacked by a bad actor." The printers can be controlled online via an Anycubic app. The hacker alleges he sent the file to 2.9 million printers. TechCrunch

Savvy Seahorse running "supercharged" TDS attacks

The new threat actor "Savvy Seahorse" has been exploiting DNS with a novel use of CNAME records to operate a problematic scam to dismantle. By impersonating well-known brands, they trick victims into funding fake investment accounts. Their infrastructure, detailed in an Infoblox report, is scalable and stealthy, using a vast network of domains that can quickly adapt to avoid shutdowns. Despite the complexity, the entire operation hinges on a single base domain. Dark Reading

Golden Corral breach impacts 180K people

The US-based restaurant released that an August 2023 attack stole sensitive data of current and former employees and beneficiaries. They have not stated the nature of the cyber attack. Bleeping Computer

Asian SMS and text routing company leaves database online without password

The SMS provider, XY International, apparently had a database exposed to the internet without a password. The exposed database contained millions of text messages with two-factor authentication temporary passwords. A security researcher reported the exposed database. When asked, the company said the database did not contain logs to track if the database had any unauthorized access. TechCrunch

U-Haul breach, reported last week, is said to have impacted 67K customers. U-Haul reconfirms that no credit card data was stolen. Dark Reading

North Korean hackers exploit Windows zero-day flaw. The Record

LabHost Phishing as a Service platform being used to target Canadian bank users. Bleeping Computer

The LoadDepot breach included Social Security Numbers. TechCrunch

Axie Infinity co-founder's account hit by hackers stealing $10M. The Record

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

Data & Research

ChatGPT's impact on the rise of phishing attacks

Since ChatGPT's launch in November of 2022, vishing, smishing, and phishing attacks have increased by 1,265%. Help Net Security

CVE count expected to increase by 25% in 2024. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

DefendX, data security, was acquired by Superna for an undisclosed sum. Superna

BreachBits, cyber risk quantification, raise undisclosed in a Seed round. Yahoo!

Sitehop, networking encryption, raises £5M in seed round. Amadeus Capital

Filigran, threat intelligence, raises €15M in Series A. EU-Startups

ESProfiler, cybersecurity spend optimization, raises €3.2M in Seed round. EU-Startups