Infosec Monitor: No. 32

No. 32, June 7, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Massive series of breaches related to Snowflake authentication security, can the Biden administration streamline cybersecurity regulations, and more cybersecurity news.

Highlight of the Week

Ticketmaster, Santander, Advanced Auto Parts and more have Snowflake databases hacked

Over the past week major Snowflake accounts have been hacked leading to more than 1 billion records being stolen. Initial reports said Snowflake was hacked. Snowflake states that recent breaches were due to insecure customer accounts, not vulnerabilities in its platform. A hacker stated they allegedly accessed data from 400 companies, demanding $20 million in ransom. Snowflake urges customers to enable multi-factor authentication. Snowflake is under fire for not requiring MFA. BleepingComputer Cybersecurity Dive The Hacker News

News

FBI recovers 7,000 LockBit decryption keys, urges victims to seek help

The FBI recovered 7,000 LockBit decryption keys and urges victims to seek help in recovering encrypted data. Despite a major takedown in February 2024, LockBit continues its attacks globally. BleepingComputer

FCC launches $200 million cybersecurity pilot for schools and libraries

The FCC launched a $200 million pilot program to improve cybersecurity for schools and libraries. The program aims to gather data to inform future funding and will help reduce cybersecurity costs. Approved by a 3-2 vote, this initiative is separate from the E-Rate program and seeks to enhance digital equity and address the homework gap. The RecordCyberscoop

Biden administration plans to streamline cybersecurity regulations

The Biden administration aims to harmonize cybersecurity regulations to ease the reporting burden on companies. National Cyber Director Harry Coker Jr. announced a pilot reciprocity framework to streamline compliance. Input from stakeholders emphasized the need for reducing redundant disclosures, with legislative support sought to further simplify the regulatory landscape. Cybersecurity Dive

AI & Security

AI boosts hacker capabilities, federal officials stress collaboration

AI is empowering inexperienced hackers to launch more sophisticated attacks, prompting federal cybersecurity officials to stress the need for enhanced information sharing and collaboration. Agencies like the Treasury and State Departments are using AI to detect threats and streamline intelligence, while initiatives like Project Fortress aim to protect the financial sector through public-private partnerships. FedScoop

Google, Meta, and Microsoft face AI challenges and privacy concerns

Google advises Android developers to integrate AI responsibly, avoiding harmful content. Meta faces GDPR complaints for using public data to enhance AI without proper consent. Microsoft’s Recall feature, criticized for privacy risks, captures frequent user screenshots, posing security concerns. The Hacker News

What CISOs need to know about Microsoft’s Copilot+. CSO Online

How the open-source world is wrestling with security and licensing issues for generative AI. siliconANGLE

Cybersecurity Incidents

Live Nation confirms Ticketmaster data breach affecting 560M users

Live Nation confirmed a Ticketmaster data breach involving 560 million users' info, compromised via a third-party cloud database Snowflake. Hackers are selling the data for $500,000. Snowflake attributes the breach to single-factor authentication issues. The Record

Advanced Auto Parts investigating breach related to Snowflake

Advance Auto Parts is probing a possible data breach tied to Snowflake's cyber incident, potentially exposing data on 380 million customers. Hackers exploited users without multi-factor authentication, stealing 3 terabytes of information. This includes customer profiles, loyalty card numbers, and employee data, raising identity theft risks. Axios

Hugging Face's Spaces platform breached, authentication tokens compromised

Hackers breached the popular AI platform Hugging Face's Spaces, accessing authentication secrets. Hugging Face revoked compromised tokens, advised users to refresh tokens, and enhanced security. BleepingComputer

Peak Design exposes half a million client records due to unsecured database

Peak Design (maker of premium travel bags and accessories) exposed over half a million client records and nearly a decade of support tickets due to an unsecured Elasticsearch instance. Data includes emails, addresses, and order details. Cybernews

Nearly 400,000 affected in eye care data breach

A 2023 cyberattack on Panorama Eyecare exposed sensitive data of nearly 400,000 people. Hackers accessed patient and employee info, including Social Security numbers and medical details. LockBit ransomware gang claimed the attack. The Record

Hotel check-in terminals expose guest info and room keys due to bypass flaw

Thousands of Ariane Systems hotel check-in terminals have a bypass flaw that exposes guests' personal data and room keys. Researcher Martin Schobert reported this in March, but vendor responses have been inadequate. BleepingComputer

Graduation photo firm exposes data of 43K students

A US graduation photo firm, Digital Pix & Composites, exposed data of 43,000 students from 222 universities. The leak, found in November 2023, included names, addresses, and affiliations, posing risks like phishing and doxxing. Cybernews

Ransomware attack disrupts London hospitals

A ransomware attack on Synnovis disrupted operations at several London hospitals, canceling services and surgeries, and forcing prioritization of urgent work. Dark Reading

Australian Northern Minerals discloses data breach by BianLian

Northern Minerals disclosed a data breach by BianLian, which leaked corporate, financial, and personal data on the dark web. Mining operations are unaffected. BleepingComputer

Illinois phishing attack compromises 50,000 residents’ data

The Illinois Secretary of State’s office suffered a phishing attack in April, compromising 50,000 residents' driver's license and Social Security details. The attack was quickly contained. SC Magazine

DMM Bitcoin reprots $308M BTC theft

Japanese exchange DMM Bitcoin reported the theft of 4,502.9 BTC (~$308 million) on May 31, 2024, the largest crypto heist this year. They’ve restricted services and assured customers their deposits are guaranteed. The stolen BTC has been split into multiple wallets to avoid detection. BleepingComputer

Cox Biz auth-bypass bug exposes millions of devices to takeover. Dark Reading

Attacks surge on Check Point’s recent VPN zero-day flaw. Dark Reading

Los Angeles Unified School District investigating data theft claims. BleepingComputer

Interesting Reads

Security industry has ransomware-as-a-service model wrong, says expert. SC Magazine

How Amazon CISO Amy Herzog responds to cybersecurity challenges. CSO Online

Cyberattacks surge against outdated OT devices in critical infrastructure. Cybersecurity Dive

Data & Research

43% of data unrecoverable after ransomware attack. SC Magazine

Ransomware hit manufacturing hardest in Q1 2023, while electric utilities saw fewer attacks due to strong NERC CIP standards. Cybersecurity Dive

90% of threats are social engineering. Help Net Security

26% of organizations lack any form of IT security training. Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding

Acquisitions & Mergers

Eureka Security, data security posture management, to be acquired by Tenable for undisclosed sum. Cybersecurity Dive

VC Funding

SpyCloud, cybercrime prevention, raises $35M in growth financing. SiliconANGLE

HYPR, passwordless security, raises $35M in Series C. FinTech Global

AirMDR, managed detection and response, raises $5M in Seed funding. Security Week