Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — The Sisense breach raises worries over supply chain attacks. IMF says extreme cyber attacks are 4x as costly since 2017, and more warnings over Microsoft breach.

Highlight of the Week

Sisense breach triggers CISA warning over supply chain attacks

After discovering a password breach involving the business analytics platform Sisense, CISA has issued a warning. Sisense is used by over 2,000 companies, making it a prime target for cyberattacks that could affect the entire supply chain. CISA's advice is to reset passwords and credentials, cautioning that the breach could enable attackers to infiltrate the networks of Sisense's clients, potentially leading to widespread damage. Additional measures include resetting API keys and looking for any signs of compromise since early April. Dark Reading Help Net Security The Record

News

The MidnightBlizzard hack on Microsoft keeps getting worse

CISA has revealed that the successful attack on Microsoft also allowed the Russian hacker group to steal emails from several US agencies. CISA has now ordered all civilian government agencies to secure their email accounts. TechCrunch

A new ransomware gang appears to have control of 4TB of Change Healthcare data

RansomHub, a new affiliate in the ransomware scene, posted on its site that Change Healthcare has 12 days to negotiate a fee. RansomHub says they will auction off the data to the highest bidder if the ransom is not paid. It's believed RansomHub obtained the data from an affiliate of AlphaV/BlackCat who joined its ranks. The 4TB of data includes personal and medical records, source code, and other company documents. SC Magazine

AI & Security

The majority of security professionals believe AI can enhance security

According to Google and the Cloud Security Alliance's annual State of AI and Security Survey Report. 63% believe AI can strengthen cybersecurity. Cloud Security Alliance

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

Cyber Security Incidents

AT&T says breach impact is 51M, not 73M customers

No word yet on how the breach occurred. BleepingComputer

553K documents stolen from Group Health Coop of South Central Wisconsin hit by ransomware

The healthcare provider disclosed that a ransomware attack hit it in January. Records include both personal and medical information. The attack was successful in stealing data but not in encrypting data. BleepingComputer

CISA warns that EoL D-Link devices are being exploited

What do you do when online devices 92,000 end-of-life devices are still online and are actively being exploited? With multiple exploits available, CISA says take them offline. They've ordered all federal agencies they have till May 2nd to remove them. The Record

341K social security numbers stolen from Greylock McKinnon Associates in cyberattack

The company is a litigation support company that has a Dept. of Justice contract. A cyberattack hit it in May of 2023. It has the SSNs because of its work with the DoJ for an unknown case. TechCrunch

Japan's Hoya Corp hit by "No Negotiation / No Discount Policy" $10M ransomware

Hoya Corporation recently fell victim to a ransomware attack by Hunters International demanding $10 million. The cyberattack is causing significant disruptions, impacting production and order processing across Hoya's global operations. Hunters International claimed to have stolen 1.7 million files (2 TB of data) and has instituted a "No Negotiation / No Discount Policy" for the ransom. Hoya has yet to confirm if sensitive data was stolen or to resume normal operations fully. Bleeping Computer

Significant cyberattack cripples five municipalities in France

The attack has rendered critical services inoperative and has left municipal workers without access to essential documents and systems. Officials have warned that recovery may take months. The Record

Home Depot's corporate network was breached, and 10K employee records were stolen. Bleeping Computer

90K LG Smart TVs vulnerable to remote attack. Bleeping Computer

Ransomware attacks hit New Mexico and Oklahoma universities. The Record

Targus, hit by a cyberattack, shuts down some IT systems. BleepingComputer

1,000 WordPress sites were compromised with promotions for crypto drainers. BleepingComputer

Interesting Reads

The US Cyber Command assisted 22 foreign countries in 2023

"Last year, CNMF personnel participated in 22 hunt forward operations across 17 countries, with the goal of constraining adversaries, helping partners increase cyber defenses, and generating insights for the US's own defense." SecurityWeek

The Cybersecurity Boys Club. CSO Online

Data & Research

These two attack vectors cause 67% of breached organizations

Exploited vulnerabilities account for 37%, and compromised credentials account for 30%. SC Magazine

70% of malware employs tactics to persist on networks

Which is a big problem when it comes to hunter-killer malware. SC Magazine

Extreme losses have been 4x as costly since 2017, according to IMF, up to $2.5B. SecurityWeek

Secrets everywhere! 12.8M secrets exposed on GitHub. GitGuardian

37% of publically shared files expose personal information. HelpNetSecurity

22% of employees admit to breaching company rules with GenAI. HelpnetSecurity

Cybersecurity Mergers, Acquisitions, and Funding

Gem Security, cloud environment security, acquired by Wiz for $350M. SC Magazine

Cyera, data security, raises $300M in Series C. TechCrunch

Cohesity, data management, raises $150M in late-stage funding. siliconANGLE

Sprinto, compliance management, raises $20M in Series B. TechCrunch

Simbian, security operations automation, raises $10M in Seed funding. siliconANGLE

PVML, secure data access, raises $8M in Seed funding. SecurityWeek

Airgap Networks, network access segmentation, acquired by ZScaler for an undisclosed sum. siliconANGLE

Knostic, Gen-AI access controls, raises $3.3M in Pre-Seed funding. SecurityWeek