Infosec Monitor: No. 54
No. 54, December 13, 2024
Welcome to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor — Massive AWS S3 breach, new FCC telcom security rules proposal, and 27 DDoS platforms shutdown.
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.
Highlight of the Week
Massive AWS data breach linked to ShinyHunters successor group
Cybercriminals compromised terabytes of AWS customer data through widespread exploitation of misconfigured public websites. The operation, linked to the former ShinyHunters group, was discovered when researchers found the attackers' own misconfigured S3 bucket. AWS has since addressed the breach and notified affected customers. CSO Online
Interuptions slowing you down?
No more, “Sorry to interrupt…” for you. Save time by using AskJack, your companies internal knowledge base built from your documents and data and not by you. Learn More
News
Wyden proposes mandatory FCC rules after Chinese telecom breach
Sen. Wyden introduced legislation requiring FCC oversight of telecom cybersecurity following the massive Salt Typhoon breach by Chinese hackers. The bill mandates annual security testing and independent audits, expanding beyond the FCC's current proposal. The legislation aims to prevent future foreign espionage through telecommunications networks. Cyberscoop
FCC proposes security rules after Chinese hackers breach US Telecoms. Dark Reading
Researchers find serious flaws in CVSS vulnerability scoring
JPMorganChase security experts revealed major flaws in the CVSS vulnerability scoring system at Black Hat Europe. The system fails to accurately reflect real-world risks by overlooking contextual factors, privacy impacts, and dependency considerations. This misrepresentation leads organizations to incorrectly prioritize their security remediation efforts, potentially increasing cyber risks. CSO Online
Law enforcement seizes 27 DDoS platforms in Operation PowerOFF
International law enforcement seized 27 DDoS-for-hire platforms and arrested three administrators in a coordinated operation. Over 300 users were identified, with Dutch police prosecuting four suspects. Help Net Security
SAG-AFTRA Health Plan faces lawsuit over data breach and delayed notification
SAG-AFTRA Health Plan faces a class action lawsuit after hackers accessed member healthcare data through an employee's email in September. Despite discovering the breach in October, the organization waited until December to notify members. The Record
EU launches Cyber Resilience Act for Internet of Things security.
The EU's Cyber Resilience Act is now active, requiring manufacturers of connected devices to ensure product security throughout their lifecycle. While companies have until 2027 to comply, the law mandates security updates and support for consumers. Violations can result in fines up to 2.5% of global revenue or €15M. TechCrunch
AI & Security
ServiceNow CISO outlines path to effective AI governance
ServiceNow's CISO emphasizes that effective AI governance requires balancing innovation with oversight through human-in-the-loop approaches, transparent practices, and cross-disciplinary collaboration. Key recommendations include implementing explainability standards, clear accountability measures, and regular audits while adapting governance frameworks to regional needs and cultural differences. Help Net Security
Trust gap widens as corporate and open-source AI development diverge
While AI originated from military and academic roots, it's now dominated by corporate interests operating with limited transparency. Recent open-source initiatives offer alternatives to Big Tech's control, suggesting AI could evolve as a public good with democratic oversight rather than remaining solely profit-driven. Schneier on Security
Security researchers uncover prompt injection flaws in AI chatbots. The Hacker News
Cybersecurity Industry shifts from GenAI hype to SynthAI future. SecurityWeek
Microsoft offers $10,000 Bug Bounty for LLM Email Client Security test. SecurityWeek
Cybersecurity Incidents
Turkish prayer app leak exposes data of millions of Muslim users
A data leak from Muslim prayer app Quran Kuran exposed 3.6 million sensitive records, including location data and device identifiers. Cybernews
Krispy Kreme cyberattack disrupts online orders, financial impact expected
Krispy Kreme detected unauthorized IT system access on November 29, disrupting U.S. online ordering. While physical stores and deliveries remain operational, the company faces financial impact from lost digital sales (15.5% of revenue) and recovery costs. The incident's full scope remains under investigation, with no threat actor claiming responsibility. Bleeping Computer
Japanese media company Kadokawa pays $3 million to Russia hackers
Japanese media giant Kadokawa reportedly paid $3 million to Russia-linked ransomware group BlackSuit following a major data breach. The hackers accessed 1.5 TB of sensitive data and caused service disruptions. Despite the payment, some stolen data was still leaked. The company projects $15 million in related losses. The Record
Water treatment firm Kurita America investigates November cyber breach
Kurita America, a major water treatment firm, is investigating a November 29 cyberattack that encrypted company data. The incident, affecting the $2B revenue company's servers, potentially exposed customer and business information. Cybersecurity Dive
Mexican fintech Kapital exposes 1.6 million voter IDs in cloud storage breach
A misconfigured cloud storage bucket at Mexican fintech Kapital exposed 1.6 million voter IDs and selfies used for identity verification. Despite notifications since September, the database remained open through December. The breach puts small business owners at risk of identity theft and financial fraud. Cybernews
Bitcoin ATM operator Byte Federal reports data breach affecting 58,000 users
Major Bitcoin ATM operator Byte Federal disclosed a breach affecting 58,000 customers' sensitive data, including SSNs and government IDs. The September breach, discovered in November, exploited a GitLab vulnerability. The company has since reset all customer accounts. Tech Crunch
Deloitte denies Brain Cipher ransomware attack, confirms single client impact
Deloitte denies ransomware group Brain Cipher's claims of a major breach, stating only one client system outside their network was affected. Brain Cipher threatens to leak over 1TB of allegedly stolen data by December 15. SC World
Recommended by LinkedIn
Software provider Blue Yonder probes Termite ransomware data leak claims
Software provider Blue Yonder is investigating claims by Termite ransomware group, which says it stole 680GB of data in a November attack. The incident disrupted operations at major clients including Starbucks and UK supermarket Morrisons. Cybersecurity Dive
Ransomware attack on Cardiac device maker Artivion disrupts Medical shipments
Medical device maker Artivion suffered a ransomware attack disrupting administrative operations and medical equipment delivery. While maintaining core services, the company faces uncertain business impacts. CSO Online
Romanian energy giant Electrica hit by ransomware while SCADA systems stay secure
Romania's largest electricity provider Electrica Group faced a ransomware attack but maintained critical operations. While the attack is ongoing, SCADA systems remain functional and isolated. Bleeping Computer
North Korean hackers steal $50 million from Radiant Capital through PDF malware
Mandiant reveals North Korean hackers stole $50 million from Radiant Capital using sophisticated malware disguised as a PDF security report. The September attack bypassed standard security protocols, allowing hackers to compromise developer devices and execute hidden transactions. The Record
Massachusetts hospital ransomware attack exposes data of 316K patients Massachusetts-based Anna Jaques Hospital revealed a Christmas Day 2023 ransomware attack exposed sensitive data of over 316,000 patients. Money Message group leaked all data in January 2024 after failed extortion. Compromised information includes medical records, SSNs, and financial data. Bleeping Computer
Croatian port operator faces 8Base ransomware attack, reports no damage
Croatian port operator Luka Rijeka faced an 8Base ransomware attack on November 30. While attackers claim to have stolen sensitive data and threaten to publish it, company officials report no damage and full system restoration. Help Net Security
Threat Intel
Ransomware and spearphishing surge targets Utilities sector, ReliaQuest reports
Utilities face an alarming 42% surge in ransomware attacks, with spearphishing as the primary attack vector in 81% of cases. The Play ransomware group has dramatically increased targeting of utilities by 233%. The sector's reliance on contractors, IoT devices, and legacy systems creates unique vulnerabilities requiring immediate attention. SC World
Hackers target unpatched Cleo file transfer software in mass attacks
A critical vulnerability in Cleo's enterprise file transfer software is being actively exploited by hackers, affecting at least 24 businesses since December 3. The original October patch failed to fix the issue. With hundreds of servers still exposed and 4,200+ customers at risk, Cleo is developing a new patch. TechCrunch
Researchers discover $10 badRAM flaw in AMD Cloud Security
Researchers discovered "badRAM," a $10 hardware exploit affecting AMD chips that could compromise cloud computing security. The vulnerability bypasses memory encryption by manipulating memory module hardware, requiring physical access. AMD released firmware updates, but major cloud providers haven't confirmed implementing fixes. No known exploits exist in the wild. The Record
Security researchers find Apple TCC bypass that leaks sensitive data. Cybernews
Bug in WordPress plugin WPForms enables unauthorized Stripe refunds. Bleeping Computer
New maximum severity flaw found in Ivanti CSA platform. Bleeping Computer
Researchers find vulnerabilities in ML tools bypass safety controls. SC World
Interesting Reads
Companies struggle with SEC cyber disclosure rules after first year
One year after SEC implemented cyber incident disclosure rules, most public companies are falling short on transparency. A BreachRx study shows only 16.9% of companies provide specific details about incident impacts, while 52% use vague language. Companies struggle with unclear guidance and legal concerns about sharing details. Axios
Study reveals CISO job security fears amid evolving cyber landscape
Nearly all CISOs (99%) fear job loss after a security breach, reflecting the role's dramatic evolution from technical overseer to strategic executive. Modern CISOs face mounting pressure from sophisticated cyber threats, expanded attack surfaces, and board scrutiny while balancing security with business needs. Industry leaders call for shared organizational responsibility. Help Net Security
Moody's warns of rising credit risk as AI-powered attacks target large firms
Moody's warns of increasing credit risk in 2025 as cybercriminals leverage AI and target larger companies for higher ransoms. FBI data shows significant increases in cyber attacks and losses. Credential theft remains the primary attack vector, while third-party breaches and AI-enhanced phishing pose growing threats. Cybersecurity Dive
Phishing attacks remain major trigger for data breaches in 2024. Security Week
Yahoo cuts Paranoids cybersecurity team, moves to outsource security testing. Tech Crunch
El Salvador's new cyber laws raise censorship and privacy concerns. The Record
Data & Research
Open Source Malware
Container Security
Cybersecurity Mergers, Acquisitions, and Funding
Mergers and Acquisitions
VC Funding
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.
Senior Managing Director
3wBryan Smith Very Informative. Thank you for sharing.