CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

CISA's Flags Memory-Unsafe Code in Major Open Source Projects

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

Hundreds of Thousands Impacted in Children's Hospital Cyberattack

Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk.

Authenticator for X, TikTok Exposes Personal User Info for 18 Months

With many popular apps, users must hand over personal information to prove their identity, and the big downside is they have no control over how that information gets processed and stored.

Dark Reading Confidential: Meet the Ransomware Negotiators

Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content

Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.

Apple AirPods Bug Allows Eavesdropping

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites

The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year.

Neiman Marcus Customers Impacted by Snowflake Data Breach

The high-end retailer is the latest company to confirm it was impacted by the wide-ranging Snowflake data breach, which impacted more than 165 organizations.

'ChamelGang' APT Disguises Espionage Activities With Ransomware

The China-nexus cyberthreat actor has been operating since at least 2019 and has notched victims in multiple countries.

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.

Indonesia Refuses to Pay $8M Ransom After Cyberattack

More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational.

Threat Actor May Have Accessed Sensitive Info on CISA Chemical App

An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.

China-Linked Cyber-Espionage Teams Target Asian Telecoms

In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.

CDK Attack: Why Contingency Planning Is Critical for SaaS Customers

Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week.

What Building Application Security Into Shadow IT Looks Like

AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?

30M Potentially Affected in Tickettek Australia Cloud Breach

In an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a third-party cloud provider, as ShinyHunters takes credit.

The NYSE's $10M Wake-up Call

The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

VicOne Solutions for Detection of Zero-Day Vulnerabilities and Contextualized Attack Paths

Legal Defense Fund Covers Crypto Research

The nonprofit Security Alliance provided funding to protect those who illegally access crypto assets with the aim of improving security.

Multifactor Authentication Is Not Enough to Protect Cloud Data

Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.

Consumer Privacy Bill Fails in Vermont

The bill, if it had successfully become law, would have given consumers the right to sue companies that violate their privacy.

Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack

CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US.

High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

CHERI Alliance Aims to Secure Hardware Memory

The consortium of private companies and academia will focus on ways to protect hardware memory from attacks.

How Cybersecurity Can Steer Organizations Toward Sustainability

By integrating environmental initiatives, social responsibility, and governance into their strategies, security helps advance ESG goals.

'ONNX' MFA Bypass Targets Microsoft 365 Accounts

The service, likely a rebrand of a previous operation called 'Caffeine,' mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.

France Seeks to Protect National Interests With Bid for Atos Cybersec

By offering to buy Atos's big data and cybersecurity operations. Paris is trying to make sure key technologies do not fall under foreign control.

Hackers Derail Amtrak Guest Rewards Accounts in Breach

The US passenger rail giant said attackers used previously compromised credentials to crack accounts and access a freight train of personal data.

Blackbaud Fined $6.75M After 2020 Ransomware Attack

Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said.

Cut & Paste Tactics Import Malware to Unwitting Victims

"ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.

LA County Dept. of Public Health Data Breach Impacts 200K

Threat actors were able to breach the department using the credentials accessed through phishing emails.

Addressing Misinformation in Critical Infrastructure Security

As the lines between the physical and digital realms blur, widespread understanding of cyber threats to critical infrastructure is of paramount importance.

China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort

The campaign is especially notable for the remarkable lengths to which the threat actor went to maintain persistence on the target environment.

Name That Toon: Future Shock

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

MITRE: US Government Needs to Focus on Critical Infrastructure

With the presidential election this year and increase in cyberattacks and conflict around the world, MITRE has outlined four important areas the incoming presidential administration should focus on next year.

Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine

The Arid Viper APT group is deploying AridSpy malware with Trojanized messaging applications and second-stage data exfiltration.

'Sleepy Pickle' Exploit Subtly Poisons ML Models

A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted.

Panera Notifies Employees of Compromised Data

Though the company is informing affected individuals of a breach, it's keeping the nature and scope of the cybersecurity incident that led to it under wraps.

Marsh Insurance: Volume of Cyber-Insurance Claims Reaches New Heights

More claims are being made across the US and Canada compared with previous years, with healthcare organizations leading the way.

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.

North Korea's Moonstone Sleet Widens Distribution of Malicious Code

The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.

AI Chatbot Fools Scammers & Scores Money-Laundering Intel

Experiment demonstrates how AI can turn the tables on cybercriminals, capturing bank account details of how scammers move stolen funds around the world.

Rockwell's ICS Directive Comes As Critical Infrastructure Risk Peaks

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks

Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.

Cleveland City Hall Shuts Down After Cyber Incident

As city officials continue to investigate, it's unclear which systems were affected and whether it was a ransomware attack.

LockBit & Conti Ransomware Hacker Busted in Ukraine

Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.

Canada & UK Partner in Joint 23andMe Data Breach Investigation

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

Process to Verify Software Was Built Securely Begins Today

The US government launched a self-attestation form asking software developers to affirm their software was developed securely. Compliance starts today for software used in critical infrastructure.

Blood Shortages Hit London Hospitals After Ransomware Attack

Operations at Synnovis medical labs have been disrupted for more than a week, prompting the NHS to implore the public to donate blood.

Tokenization Moves Beyond Payments to Personal Privacy

Pseudonymous masking has made credit card transactions more secure, but Visa has even greater plans for tokenization: giving users control of their data.

New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.

Smishers Stand Up Fake Phone Tower to Blast Malicious Texts

London cops make arrests in connection with scam SMS messages, purportedly from official organizations, being sent out from bespoke phone mast.

Is a US Nationwide Privacy Law Really Coming?

If passed, APRA will be a giant leap forward for the rights and freedoms of Americans.

Making Choices for Stronger Vulnerability Management

The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.

Governments, Businesses Tighten Cybersecurity Around Hajj Season

While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.

CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.

Cybersecurity Job Hunting May Come Down to Certifications

If current cybersecurity workers only fill 85% of the need in the US, why are so many people still looking for positions? The data from the private-public NIST partnership CyberSeek offers some insight.

SolarWinds Flaw Flagged by NATO Pen Tester

The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs.

Hotel Check-in Kiosks Expose Guest Data, Room Keys

CVE-2024-37364 affects hospitality kiosks from Ariane Systems, which are used for self-check-in at more than 3,000 hotels worldwide.

'Commando Cat' Digs Its Claws into Exposed Docker Containers

Attackers are taking advantage of misconfigured containers to deploy cryptocurrency mining software.

Technology, Regulations Can't Save Orgs From Deepfake Harm

Monetary losses, reputational damage, share price declines — it's hard to counter, much less try to stay ahead of, AI-based attacks.

Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments

Novel attack vector uses a custom shell for payload delivery and execution — and only goes after systems with administrative privileges.

EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations

Hijacking Scheme Takes Over High-Profile TikTok Accounts

Hijacking malware gets spread through TikTok's direct messaging and doesn't require the victim to click links or download anything.

Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org

A trio of Chinese-affiliated clusters performed specialized tasks in a broader attack chain, likely under the watch of a single organization.

Africa Ranks Low on Phishing Cyber Resilience

As threats to Africa's cybersphere continue to grow, the continent faces high risks to its society and economy with a growing cyber skills gap and lack of preparedness.

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File

The campaign uses a multistage payload-delivery process and various mechanisms for evasion and persistence.

'Fog' Ransomware Rolls in to Target Education, Recreation Sectors

A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day.

Russia Aims Cyber Operations at Summer Olympics

As always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption.

Europol's Hunt Begins for Emotet Malware Mastermind

International law enforcement Operation Endgame shifts its crackdown to focus on individual adversaries.

Ticketmaster Confirms Cloud Breach, Amid Murky Details

Ticketmaster parent Live Nation has filed a voluntary SEC data breach notification, while one of its cloud providers, Snowflake, also confirmed targeted cyberactivity against some of its customers.

Name That Edge Toon: Zonked Out

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

CISA's Secure by Design Initiative at 1: A Report Card

There is more that needs to be done, but, so far, the initiative is a success.

As Allies, Kenya & US Aim to Bolster Digital Security in Africa

Amid surging attacks, Kenya aims to expand its technology sector and improve cybersecurity to protect the country's fast-growing digital economy.

Lawyers Ask Forensics Investigators for Help Outside Cybersecurity

Attorneys are increasingly realizing that forensics investigators have skills analyzing documents and uncovering digital clues that could help them in non-cybersecurity cases.