No. 45, September 27, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Salt Typhoon targeting US ISPs, NIST has new password guidelines, and the MoneyGram outage.

Highlight of the Week

China-linked Salt Typhoon targets US ISPs, raising critical infrastructure concerns

China-linked group Salt Typhoon has targeted several U.S. internet service providers for espionage. This breach could enable widespread internet disruptions, data theft, and attacks on critical infrastructure. While specific ISPs remain unnamed, experts warn of severe potential consequences. Cybernews

Ready to scale your teams?

Fragmented apps, too many chats, and not enough answers to your work questions? See how AskJack is solving that with AI. Learn More

News

NIST outlines new guidelines for password security

NIST's draft "SP 800-63-4" proposes password guidelines: minimum eight characters, ideally 15; allows 64-character max; permits ASCII and Unicode characters; removes composition rules; no periodic changes unless compromised; bans knowledge-based authentication prompts and hint storage for security. Schneier on Security

House committee advances bill to add AI to National Vulnerability Database

A House committee approved a bill to include AI systems in the National Vulnerability Database. If passed, NIST would create a process for reporting AI vulnerabilities. Funding concerns and term clarifications remain hurdles. The bill requires NIST to collaborate with other agencies to develop a common lexicon for AI cybersecurity incidents. Dark Reading

Meta hit with €91 million fine for Facebook password security lapse. SecurityWeek

AI & Security

CISOs urged to ask key questions before AI integration in cybersecurity

CISOs face mounting pressure to demonstrate AI's value in cybersecurity amid recent tech stock declines. While 78% of CISOs use AI, its effectiveness depends on strategic implementation. CISOs must focus on proven use cases like UEBA, automate repetitive tasks, and ensure high-quality data input. Help Net Security

Researchers expose vulnerabilities in Google Gemini AI assistant

Researchers revealed Google Gemini's vulnerability to indirect prompt injection attacks. Malicious prompts in emails and documents can manipulate responses, potentially directing users to unsafe sites or showing compromised messages. Google acknowledged the issue but classified it as intended behavior, raising serious trustworthiness concerns. Cybernews

Senators propose bill for stricter healthcare cybersecurity standards

Senators introduce bill mandating cybersecurity standards for healthcare industry, providing $1.3 billion in support. Legislation requires annual audits, removes fine caps, and allocates funds for hospitals. Motivated by recent cyberattacks, it aims to improve industry practices and accountability. HHS supports the bill, while some industry groups remain silent. The Record

CISOs seek legal protection amid AI-driven cyber threats. Cybernews

How to securely deploy GenAI applications at scale. SCWorld

Clear as mud: global rules around AI are starting to take shape but remain a little fuzzy. CSO Online

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Cybersecurity Incidents

Kansas water plant shifts to manual ops after cyber incident

Arkansas City's water treatment facility faced a cybersecurity incident, prompting a switch to manual operations. Officials assure water safety and uninterrupted service. The 2018-built facility's advanced tech highlights the challenge of securing modern infrastructure. Dark Reading

MoneyGram restores services after cybersecurity incident

MoneyGram restored its website and services after a cybersecurity incident caused widespread outages. The company is working to fulfill pending transactions. The incident affected millions worldwide, prompting government warnings. MoneyGram handles over $200 billion in annual transactions across 200+ countries. No hacking group has claimed responsibility yet. The Record

French data hoarder exposes 95 million records from multiple breaches

A massive data leak exposed 95 million French records, compiled from at least 17 breaches. The unsecured database contains personal and financial information, leaving millions vulnerable to cyberattacks. Researchers suspect malicious intent behind the collection. The leak affects various sectors and raises concerns about GDPR compliance and identity theft risks. Cybernews

Indian podcast giant KukuFM exposes data of 38 million users

KukuFM, a major Indian podcast platform, exposed data of 38 million users through an unsecured Kibana instance. Despite being notified in June, the company failed to address the issue until September. Exposed information included email addresses, phone numbers, and profile pictures. KukuFM claims no sensitive data was compromised and the vulnerability is now resolved. Cybernews

Kuwait health ministry recovers from cyberattack on hospitals

Kuwait's Health Ministry is recovering from a cyberattack that disrupted hospital systems and the national healthcare app. Officials used backups to restore critical services and claim essential databases weren't breached. The Record

Indian insurer Star Health probes data breach, sues tech firms

Star Health, a major Indian insurer, is investigating a data breach exposing customer medical records and personal information. Hackers shared data via Telegram bots and a website. Star Health sued Telegram and Cloudflare, resulting in court injunctions. TechCrunch

Pro-Palestinian hackers claim breach of Israeli politicians' data

Pro-Palestinian hackers Handala Hack claim to have breached former Israeli officials Gabriel Ashkenazi and Benny Gantz. They released thousands of alleged secret emails and photos. The group threatens more leaks, stating this is "only a small part" of their data. The authenticity of the leaks remains unconfirmed. Cybernews

Disney ditches Slack after July breach exposes 1TB of data

Disney is abandoning Slack following a massive July data breach that exposed over 1TB of confidential information. Bleeping Computer

Hacker claims Deloitte server breach, company downplays impact

Hacker IntelBroker claims data theft from Deloitte's exposed Apache Solr server. Allegedly stolen: email addresses and internal communications. Deloitte acknowledges incident but asserts no threat to sensitive data. BreachForums, where the claim was posted is known for unreliable announcements. SecurityWeek

Singaporean crypto platform BingX loses $44 million in cyberattack

Singaporean crypto platform BingX lost over $44 million in a cyberattack. The company suspended withdrawals, is working with security firms to track stolen funds, and promises full compensation. The Record

AutoCanada ransomware attack exposes employee data

AutoCanada faced a ransomware attack in August, potentially exposing employee data. Hunters International claimed responsibility, publishing stolen information online. The company is notifying affected staff, offering identity protection, and enhancing security measures. Operations continue with minimal disruption. No indication of customer data compromise yet, but investigation ongoing. BleepingComputer

Dell faces two alleged data breaches

Dell allegedly suffered two data breaches, exposing over 3.5GB of data from 10,000+ employees. Hacker "grep" claimed both breaches, the second with "Chucky". They accessed sensitive files via compromised Atlassian tools. Dell acknowledged investigating but hasn't issued public statements. CSO Online

Kansas county ransomware attack exposes 30,000 residents' data

Franklin County, Kansas, suffered a ransomware attack exposing personal data of nearly 30,000 residents. The May 19 breach compromised sensitive information from county records. The Record

The Centers for Medicare & Medicaid Services (CMS) attack impacted 3.1M

CMS reported a data breach impacting 3.1 million people due to the MOVEit attacks on Wisconsin Physicians Service. The breach exposed sensitive personal and health information of Medicare beneficiaries Bleeping Computer

Threat Intel

Vulnerabilities in OpenPrinting CUPS threaten major Linux distributions

A series of vulnerabilities in OpenPrinting CUPS affects major Linux distributions, allowing potential command execution by attackers under specific conditions. There are over 75,000 exposed CUPS daemons online. Cyberscoop

Critical bugs in tank gauges threaten gas infrastructure

Critical vulnerabilities in automatic tank gauge systems threaten gas infrastructure. Bugs allow full admin control, risking fuel unavailability and environmental damage. Affecting gas stations, airports, and military bases, thousands of systems remain online. Some vendors patched, others unresponsive. Dark Reading

Storm-0501 targets U.S. sectors with hybrid cloud ransomware attacks

Microsoft has identified Storm-0501 as a major threat actor targeting U.S. sectors with hybrid cloud ransomware attacks. The group exploits weak credentials and vulnerabilities to move from on-premises to cloud environments, using tools like Cobalt Strike and Rclone for lateral movement and data exfiltration. As an Embargo ransomware affiliate, Storm-0501 employs double extortion tactics in its operations. The Hacker News

Double brokering scams target freight industry, risking insurance and payments

Scammers are increasingly impersonating freight companies in "double brokering" scams. They bid on shipments, then subcontract to cheaper carriers, pocketing the difference. This can void insurance and leave carriers unpaid. Cloudflare reports a rise in these business email compromise attacks. CSO Online

CISA alerts: Hackers target Water Systems with simple Attacks

CISA warns of hackers targeting critical infrastructure, especially water systems, using basic methods like brute force attacks. OT and ICS devices are vulnerable. Bleeping Computer

Transport firms targeted by advanced phishing using industry-specific lures

North American transportation companies face sophisticated phishing attacks using compromised email accounts. Campaigns deliver various malware, including Lumma Stealer and NetSupport. Tactics evolved in August 2024, adding new payloads and delivery methods. Attackers show deep knowledge of targets, impersonating industry-specific software. The Hacker News

Interesting Reads

Cyber insurance market stabilizes as ransomware threat evolves

Cyber insurance costs are stabilizing after recent premium hikes due to ransomware. Stricter underwriting and improved client cybersecurity have helped. The global market reached $14 billion in 2023, with higher adoption in the US than Europe. New EU regulations are driving uptake, while recent US legislation has increased CISO liability concerns. CSO Online

CrowdStrike tells Congress of two process changes to address July outage incident. The Record

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report. The Record

Data & Research

Website Bot Attacks

• Over 65% of websites are unprotected against simple bot attacks

• 95% of advanced bot attacks go undetected on websites

• Luxury and e-commerce sectors are at highest risk for online fraud

• Only 5% of luxury brand websites and 10% of e-commerce websites are fully protected against bad bots

• 94% of media websites are vulnerable to ad fraud, content scraping, and DDoS attacks

• Advanced bots using AI-powered "bot farms" were detected by protection less than 5% of the time

• Among tested domains using bot protection, bots still completely penetrated 45%

• Europe is the least protected region against simple bot attacks, followed by North America

Help Net Security

Android reduces memory safety vulnerabilities by 68% in five years

Android vulnerabilities from memory safety issues decreased from 76% in 2019 to 24% in 2024, thanks to prioritizing memory-safe languages and maintaining old code minimally. Bleeping Computer

38% of AI-using employees admit to sending sensitive work data. SCWorld

Cybersecurity Mergers, Acquisitions, and Funding

Merges & Acquisitions

Clumio, AWS data protection, acquired by Commmvault for undisclosed sum. siliconANGLE

VC Funding

Torq, cybersecurity workflow automation, raises $70M in Series C funding. TechCrunch

Tamnoon, cloud security remediation, raises $12M in Series A funding. SecurityWeek

DefectDojo, application security, raises $7M in Series A funding. siliconANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.