CISO Daily Update - June 3, 2024
NEW DEVELOPMENTS
Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts
Source: Help Net Security
Snowflake disputes claims that a breach of their systems was used to access data belonging to Santander and Ticketmaster (both impacted by breaches this past week). Rather, Snowflake attributes data theft to compromised customer login credentials rather than vulnerabilities in its platform. Specifically, Snowflake states that attackers accessed accounts without two-factor authentication using previously stolen credentials. Investigations by Snowflake, Crowdstrike, and Mandiant found no evidence of a platform vulnerability. Both Santander and Ticketmaster acknowledged unauthorized access to their data hosted by third-party providers, with Ticketmaster confirming Snowflake as the host.
Ticketmaster Confirms Data Breach Impacting 560 Million Customers
Source: Security Affairs
Live Nation Entertainment confirmed the Ticketmaster data breach that impacted 560 million customers. The breach was discovered on May 20, 2024, when unauthorized activity was detected in a third-party cloud database environment containing Ticketmaster data. Live Nation immediately launched an investigation with forensic investigators. A week later, on May 27, a threat actor offered the stolen data for sale on the dark web. Live Nation notified regulatory authorities and affected users. The breach was attributed to threat actors gaining access to the cloud database environment using credentials obtained through information-stealing malware–thus enabling data exfiltration, including authentication tokens for accessing customer accounts. ShinyHunters, the administrator of BreachForums, claimed responsibility for the breach and stated that the data was stolen from Snowflake using compromised credentials.
Data Leak Exposes Business Leaders and Top Celebrity Data
Source: Hackread
A data leak at Clarity[.]fm exposed the personal information of business leaders and celebrities–boasting members such as Mark Cuban. The exposed dataset includes names, contact details, consultation content, and payment records. A cybersecurity researcher discovered that the leak involved 155,531 records and 121,000 member accounts and did not require authentication to view the data. This breach potentially exposes high-profile clients to targeted scams, phishing, and blackmail. While the database was secured after disclosure, the duration of exposure and the possibility of unauthorized access remain unknown.
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Source: The Hacker News
The AI company Hugging Face disclosed unauthorized access to its Spaces platform that hosts AI/ML applications. The company suspects exposure of a subset of secrets, prompting revocation of impacted Hugging Face tokens and notification to affected users via email. While the investigation continues, Hugging Face recommends refreshing keys/tokens and switching to fine-grained access tokens. Law enforcement and data protection authorities have been notified of the breach. Hugging Face has previously addressed security vulnerabilities that could enable cross-tenant access and AI model poisoning.
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Source: The Hacker News
Microsoft warns of increased cyber attacks on internet-exposed operational technology (OT) devices since late 2023. These attacks can allow hackers to tamper with industrial processes and create malfunctions and outages. OT systems often lack adequate security, making them easy targets. Microsoft, Rockwell Automation, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have all issued warnings and recommendations to improve OT security. The Israel-Hamas conflict and other geopolitical tensions have exacerbated these attacks, with groups like Cyber Av3ngers and Soldiers of Solomon targeting OT assets. To mitigate these risks, organizations are advised to reduce attack surfaces and implement zero-trust practices.
领英推荐
More Than 600,000 Routers Knocked Out in October by Chalubo Malware
Source: The Record
The Chalubo malware rendered over 600,000 routers inoperable in the U.S. between October 25-27, 2023, impacting small offices and homes. Lumen Technologies reported that compromised routers from Sagemcom and ActionTec, likely deployed by Arkansas-based Windstream, were targeted via a malicious firmware update. The incident primarily affected rural and underserved areas and disrupted critical services. The Chalubo malware has been active since 2018 and typically creates botnets for DDoS attacks–this event showcased its destructive potential. The malware obfuscates attribution and encrypts C2 communications and continues to pose a significant threat to internet infrastructure.
VULNERABILITIES TO WATCH
Critical Apache LOG4J2 Flaw Still Threatens Global Finance
Source: Security Affairs
The Apache Log4j2 vulnerability (CVE-2021-44832) continues to pose a severe risk to global organizations. This flaw allows remote code execution and affects all Log4j2 versions from 2.0-alpha7 to 2.17.0–excluding security fix releases. Discovered by Checkmarx and patched in Log4j 2.17.1, the vulnerability permits attackers with logging configuration access to exploit a JDBC Appender with a JNDI URI. Immediate enhancements in security protocols, including PEM key-based authentication, are critical to safeguarding financial systems against further exploitation.
SPECIAL REPORTS
Privacy is the Leading Concern Regarding AI Smartphones, Study Finds
Source: Cybernews
A Canalys study highlights that privacy is the primary concern regarding AI smartphones–despite projected growth and benefits. AI smartphones use dedicated hardware for efficient AI model execution and are expected to rise from 16% of all smartphones sold in 2023 to 54% by 2028. While AI capabilities offer significant opportunities, including enhanced security through on-device processing, over half of the 5,000 survey participants expressed concerns about personal data privacy. Additional concerns include the cost, transparency, and user understanding of AI features. Apple is predicted to dominate the AI smartphone market by 2025 with its well-integrated hardware and software ecosystem.
Lack of Skills and Budget Slow Zero-Trust Implementation
Source: Help Net Security
Despite growing urgency driven by rising cyber threats, lack of skills and budget pose significant challenges to organizations implementing zero-trust strategies. Entrust's 2024 State of Zero Trust & Encryption Study surveyed over 4,000 IT security professionals globally and revealed a notable shift in priorities. While compliance was previously the main driver for security investments, 41% of respondents now prioritize reducing data breach and security incident risks. Two-thirds cite cyber-risk concerns as the top motivator for adopting zero-trust frameworks, with the US leading at 79%. Although 60% report substantial senior leadership support, skill shortages and budgetary constraints remain the biggest roadblocks–highlighting a disconnect between support and resource allocation. Only 48% of US organizations have begun their zero-trust journey. Top security concerns include data exposure by hackers (46%), system malfunctions, and unmanaged certificates, while employee mistakes are no longer ranked as a primary threat. Credential management challenges stem from personnel shortages (50%), lack of clear ownership (47%), and inadequate staffing (46%).
Utilities Saw Fewer Q1 Ransomware Attacks Than Other Sectors. A Dragos Analyst Explains Why
Source: Cybersecurity Dive
Electric utilities experienced relatively few ransomware attacks in Q1 2024 compared to other industrial sectors like manufacturing–partly due to robust security practices driven by NERC's Critical Infrastructure Protection standards. However, experts caution against complacency as ransomware risks remain high with spillover potential from IT to operational technology environments. To reduce business impact, ransomware attacks on IT infrastructure can prompt precautionary OT shutdowns even if OT systems are not directly breached. The upcoming 2024 elections are expected to increase cyber threats targeting critical infrastructure like the power grid–necessitating a delicate balance between separating and integrating IT and OT systems to optimize cybersecurity and operational resilience.
Finding value in this newsletter? Like or share this post on LinkedIn