Infosec Monitor: No. 54

Infosec Monitor: No. 54

No. 54, December 13, 2024

Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Massive AWS S3 breach, new FCC telcom security rules proposal, and 27 DDoS platforms shutdown.

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Highlight of the Week


Massive AWS data breach linked to ShinyHunters successor group

Cybercriminals compromised terabytes of AWS customer data through widespread exploitation of misconfigured public websites. The operation, linked to the former ShinyHunters group, was discovered when researchers found the attackers' own misconfigured S3 bucket. AWS has since addressed the breach and notified affected customers. CSO Online


Interuptions slowing you down?

No more, “Sorry to interrupt…” for you. Save time by using AskJack, your companies internal knowledge base built from your documents and data and not by you. Learn More

News


Wyden proposes mandatory FCC rules after Chinese telecom breach

Sen. Wyden introduced legislation requiring FCC oversight of telecom cybersecurity following the massive Salt Typhoon breach by Chinese hackers. The bill mandates annual security testing and independent audits, expanding beyond the FCC's current proposal. The legislation aims to prevent future foreign espionage through telecommunications networks. Cyberscoop

FCC proposes security rules after Chinese hackers breach US Telecoms. Dark Reading

Researchers find serious flaws in CVSS vulnerability scoring

JPMorganChase security experts revealed major flaws in the CVSS vulnerability scoring system at Black Hat Europe. The system fails to accurately reflect real-world risks by overlooking contextual factors, privacy impacts, and dependency considerations. This misrepresentation leads organizations to incorrectly prioritize their security remediation efforts, potentially increasing cyber risks. CSO Online

Law enforcement seizes 27 DDoS platforms in Operation PowerOFF

International law enforcement seized 27 DDoS-for-hire platforms and arrested three administrators in a coordinated operation. Over 300 users were identified, with Dutch police prosecuting four suspects. Help Net Security

SAG-AFTRA Health Plan faces lawsuit over data breach and delayed notification

SAG-AFTRA Health Plan faces a class action lawsuit after hackers accessed member healthcare data through an employee's email in September. Despite discovering the breach in October, the organization waited until December to notify members. The Record

EU launches Cyber Resilience Act for Internet of Things security.

The EU's Cyber Resilience Act is now active, requiring manufacturers of connected devices to ensure product security throughout their lifecycle. While companies have until 2027 to comply, the law mandates security updates and support for consumers. Violations can result in fines up to 2.5% of global revenue or €15M. TechCrunch

AI & Security


ServiceNow CISO outlines path to effective AI governance

ServiceNow's CISO emphasizes that effective AI governance requires balancing innovation with oversight through human-in-the-loop approaches, transparent practices, and cross-disciplinary collaboration. Key recommendations include implementing explainability standards, clear accountability measures, and regular audits while adapting governance frameworks to regional needs and cultural differences. Help Net Security

Trust gap widens as corporate and open-source AI development diverge

While AI originated from military and academic roots, it's now dominated by corporate interests operating with limited transparency. Recent open-source initiatives offer alternatives to Big Tech's control, suggesting AI could evolve as a public good with democratic oversight rather than remaining solely profit-driven. Schneier on Security

Algorithm bypasses safety controls in LLM-powered Robots with perfect success rate. IEEE Robopair

Security researchers uncover prompt injection flaws in AI chatbots. The Hacker News

Cybersecurity Industry shifts from GenAI hype to SynthAI future. SecurityWeek

Microsoft offers $10,000 Bug Bounty for LLM Email Client Security test. SecurityWeek

Cybersecurity Incidents


Turkish prayer app leak exposes data of millions of Muslim users

A data leak from Muslim prayer app Quran Kuran exposed 3.6 million sensitive records, including location data and device identifiers. Cybernews

Krispy Kreme cyberattack disrupts online orders, financial impact expected

Krispy Kreme detected unauthorized IT system access on November 29, disrupting U.S. online ordering. While physical stores and deliveries remain operational, the company faces financial impact from lost digital sales (15.5% of revenue) and recovery costs. The incident's full scope remains under investigation, with no threat actor claiming responsibility. Bleeping Computer

Japanese media company Kadokawa pays $3 million to Russia hackers

Japanese media giant Kadokawa reportedly paid $3 million to Russia-linked ransomware group BlackSuit following a major data breach. The hackers accessed 1.5 TB of sensitive data and caused service disruptions. Despite the payment, some stolen data was still leaked. The company projects $15 million in related losses. The Record

Water treatment firm Kurita America investigates November cyber breach

Kurita America, a major water treatment firm, is investigating a November 29 cyberattack that encrypted company data. The incident, affecting the $2B revenue company's servers, potentially exposed customer and business information. Cybersecurity Dive

Mexican fintech Kapital exposes 1.6 million voter IDs in cloud storage breach

A misconfigured cloud storage bucket at Mexican fintech Kapital exposed 1.6 million voter IDs and selfies used for identity verification. Despite notifications since September, the database remained open through December. The breach puts small business owners at risk of identity theft and financial fraud. Cybernews

Bitcoin ATM operator Byte Federal reports data breach affecting 58,000 users

Major Bitcoin ATM operator Byte Federal disclosed a breach affecting 58,000 customers' sensitive data, including SSNs and government IDs. The September breach, discovered in November, exploited a GitLab vulnerability. The company has since reset all customer accounts. Tech Crunch

Deloitte denies Brain Cipher ransomware attack, confirms single client impact

Deloitte denies ransomware group Brain Cipher's claims of a major breach, stating only one client system outside their network was affected. Brain Cipher threatens to leak over 1TB of allegedly stolen data by December 15. SC World

Software provider Blue Yonder probes Termite ransomware data leak claims

Software provider Blue Yonder is investigating claims by Termite ransomware group, which says it stole 680GB of data in a November attack. The incident disrupted operations at major clients including Starbucks and UK supermarket Morrisons. Cybersecurity Dive

Ransomware attack on Cardiac device maker Artivion disrupts Medical shipments

Medical device maker Artivion suffered a ransomware attack disrupting administrative operations and medical equipment delivery. While maintaining core services, the company faces uncertain business impacts. CSO Online

Romanian energy giant Electrica hit by ransomware while SCADA systems stay secure

Romania's largest electricity provider Electrica Group faced a ransomware attack but maintained critical operations. While the attack is ongoing, SCADA systems remain functional and isolated. Bleeping Computer

North Korean hackers steal $50 million from Radiant Capital through PDF malware

Mandiant reveals North Korean hackers stole $50 million from Radiant Capital using sophisticated malware disguised as a PDF security report. The September attack bypassed standard security protocols, allowing hackers to compromise developer devices and execute hidden transactions. The Record

Massachusetts hospital ransomware attack exposes data of 316K patients Massachusetts-based Anna Jaques Hospital revealed a Christmas Day 2023 ransomware attack exposed sensitive data of over 316,000 patients. Money Message group leaked all data in January 2024 after failed extortion. Compromised information includes medical records, SSNs, and financial data. Bleeping Computer

Croatian port operator faces 8Base ransomware attack, reports no damage

Croatian port operator Luka Rijeka faced an 8Base ransomware attack on November 30. While attackers claim to have stolen sensitive data and threaten to publish it, company officials report no damage and full system restoration. Help Net Security

Threat Intel


Ransomware and spearphishing surge targets Utilities sector, ReliaQuest reports

Utilities face an alarming 42% surge in ransomware attacks, with spearphishing as the primary attack vector in 81% of cases. The Play ransomware group has dramatically increased targeting of utilities by 233%. The sector's reliance on contractors, IoT devices, and legacy systems creates unique vulnerabilities requiring immediate attention. SC World

Hackers target unpatched Cleo file transfer software in mass attacks

A critical vulnerability in Cleo's enterprise file transfer software is being actively exploited by hackers, affecting at least 24 businesses since December 3. The original October patch failed to fix the issue. With hundreds of servers still exposed and 4,200+ customers at risk, Cleo is developing a new patch. TechCrunch

Researchers discover $10 badRAM flaw in AMD Cloud Security

Researchers discovered "badRAM," a $10 hardware exploit affecting AMD chips that could compromise cloud computing security. The vulnerability bypasses memory encryption by manipulating memory module hardware, requiring physical access. AMD released firmware updates, but major cloud providers haven't confirmed implementing fixes. No known exploits exist in the wild. The Record

Security researchers find Apple TCC bypass that leaks sensitive data. Cybernews

Bug in WordPress plugin WPForms enables unauthorized Stripe refunds. Bleeping Computer

New maximum severity flaw found in Ivanti CSA platform. Bleeping Computer

Researchers find vulnerabilities in ML tools bypass safety controls. SC World

Interesting Reads


Companies struggle with SEC cyber disclosure rules after first year

One year after SEC implemented cyber incident disclosure rules, most public companies are falling short on transparency. A BreachRx study shows only 16.9% of companies provide specific details about incident impacts, while 52% use vague language. Companies struggle with unclear guidance and legal concerns about sharing details. Axios

Study reveals CISO job security fears amid evolving cyber landscape

Nearly all CISOs (99%) fear job loss after a security breach, reflecting the role's dramatic evolution from technical overseer to strategic executive. Modern CISOs face mounting pressure from sophisticated cyber threats, expanded attack surfaces, and board scrutiny while balancing security with business needs. Industry leaders call for shared organizational responsibility. Help Net Security

Moody's warns of rising credit risk as AI-powered attacks target large firms

Moody's warns of increasing credit risk in 2025 as cybercriminals leverage AI and target larger companies for higher ransoms. FBI data shows significant increases in cyber attacks and losses. Credential theft remains the primary attack vector, while third-party breaches and AI-enhanced phishing pose growing threats. Cybersecurity Dive

Phishing attacks remain major trigger for data breaches in 2024. Security Week

Yahoo cuts Paranoids cybersecurity team, moves to outsource security testing. Tech Crunch

El Salvador's new cyber laws raise censorship and privacy concerns. The Record

Data & Research


Open Source Malware

  • Malicious packages exceeded 778,500 since 2019
  • Open source malware increased 200% since 2023
  • npm registry accounts for 98.5% of detected malicious packages
  • PUAs make up 64.75% of open source malware activity
  • Shadow downloads grew 32.8% in the past year
  • Main malware types: PUAs (64.75%), security holdings (24.2%), data exfiltration (7.86%)

Help Net Security

Container Security

  • Average container has 604 known vulnerabilities
  • 389 software components found per container image on average
  • 1 in 8 components lack software manifests
  • 45% of vulnerabilities are 2-10+ years old
  • 4% of 16,557 identified Critical/High CVEs are weaponized
  • 4.8 misconfigurations found per container on average

Help Net Security

Cybersecurity Mergers, Acquisitions, and Funding


Mergers and Acquisitions

  • Perception Point, email security and collaboration, to be acquired by Fortinet for $100M. SecurityWeek

VC Funding

  • Sublime, email security, raises $60M in Series B round. SecurityWeek
  • Astrix Security, nonhuman identity protection, raises $45M in Series A round. siliconANGLE
  • Tuskira, threat detection, raises $28.5M in undisclosed venture round.
  • Silent Push, detection-focused threat intel, raises $10M in unknown venture round. Security Week
  • Ethyca, data privacy, raises $10M in unknown venture round. SecurityWeek
  • System Two Security, detection engineering, raises $7M in unknown venture round. siliconANGLE
  • Wald, AI context intelligence, raises $4M in Seed funding. siliconANGLE

Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.

Bryan Smith Very Informative. Thank you for sharing.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics