CISO Daily Update - March 14, 2024
NEW DEVELOPMENTS
Duty Free Americas Claimed by Black Basta Ransom Group
Source: Cybernews
Duty Free Americas (DFA), a prominent tax-free travel retail chain, has become one of the latest victims of the Black Basta ransomware group, which claimed to steal ~1.5 terabytes of sensitive data from DFA's corporate network systems. The group set a deadline of March 18th for DFA to negotiate a deal. The stolen data reportedly includes copies of driver’s licenses, passports, social security cards, financial records, and personal documents from employee storage drives. The attack also appears to affect The Falic Group, the parent company of DFA, with sensitive documents belonging to the Falic family appearing on the leak site. Black Basta, believed to be linked to the Conti ransomware gang, has targeted several other organizations, including the Flemish ‘Duvel’ Moortgat Brewing Company, Xcel luxury brand licensing and management company, and Imperial Trading Company.
Billion-Dollar Boat Seller MarineMax Reports Cyberattack to SEC
Source: The Record
Leading boat seller, MarineMax disclosed a cyberattack in regulatory filings this week–indicating unauthorized access to portions of its information environment by a third party. While the incident disrupted some portions of their business, the company assures customers and partners of continued operations. Cybersecurity experts are engaged to support the investigation, and law enforcement has been informed. MarineMax has not confirmed the nature of the attack but denies storing sensitive data in the impacted environment. The incident's material impact on operations is still under evaluation.?
LockBit Ransomware Affiliate Gets Four Years in Jail, to Pay $860K
Source: Bleeping Computer
An Ontario court has convicted Russian-Canadian cybercriminal Mikhail Vasiliev to four years in prison for his involvement in the LockBit ransomware campaign–specifically in planning high-profile cyberattacks. Vasiliev entered a guilty plea to several offenses–including mischief and cyber extortion–and is required to reimburse victims in Canada with $860,000 and may be extradited to the US to face additional charges. Although LockBit's operations have been disrupted by recent law enforcement measures, the ransomware gang has shown signs of return, albeit with reduced activity.
Feds Seize $1.4 Million of Tech Support Scam Proceeds With the Help of Crypto Firm
Source: The Record
With the cooperation of cryptocurrency business Tether, US authorities confiscated $1.4 million in earnings from a tech support scam aimed at the elderly. The fraud involved cybercriminals impersonating Microsoft or Apple and enticing victims to transfer money under false pretenses. Tether's involvement in freezing and transferring illicit funds to a government-controlled wallet demonstrates the company's dedication to supporting law enforcement and protecting the crypto community. Despite claims of being utilized by fraudsters, Tether continues to tackle illegal activities in the cryptocurrency field.
'PixPirate' RAT Invisibly Triggers Wire Transfers From Android Devices
Source: Darkreading
A sophisticated Brazilian banking Trojan named PixPirate has emerged with a novel method to infiltrate Android devices invisibly. This malware exploits the Pix app, a popular platform for bank transfers in Brazil. Despite stringent security measures implemented by Google, PixPirate can evade detection—posing a significant threat to users' financial security. While this malware targets Pix specifically, its advanced techniques raise concerns about potential adaptations to target US payment apps like Venmo, Zelle, and PayPal.
Anonymous Sudan Unleashes InfraShutdown: Alabama Government Agencies Targeted
Source: The Cyber Express
Anonymous Sudan, purportedly using its latest DDoS tool, InfraShutdown, has targeted three government agencies in Alabama. While the State of Alabama, Office of Information Technology, and the Alabama Supercomputer Authority are experiencing disruptions, officials are yet to confirm the cyberattack. The attackers attribute their actions to U.S. support for Israel and alleged interference in Sudanese affairs, signaling their intent to continue targeting U.S. entities until grievances are addressed. Despite their attempt to draw attention to issues in Sudan, resorting to cyberattacks raises ethical and legal concerns due to potential harm to innocent parties.
Investment Scams Grow, 13,000 Domains Detected in January 2024
Source: Infosecurity Magazine
Internet security experts discovered a concerning trend, with roughly 13,000 deceptive investment platform domains found in January 2024 alone–marking a 25% rise over the previous month. This growth illustrates the growing threat posed by online scams which continue to target innocent individuals around the globe. Cybercriminals use sophisticated strategies such as social media recruitment and email campaigns to trick victims into depositing money into fake investing platforms. As internet investment scams become more prevalent, individuals are reminded to remain attentive and informed to avoid falling victim to these fraudulent schemes.??
VULNERABILITIES TO WATCH
领英推荐
Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
Source: The Hacker News
Researchers have identified vulnerabilities in Google's Gemini large language model (LLM), which could lead to security threats, including divulging system prompts, generating harmful content, and enabling indirect injection attacks. These vulnerabilities impact both individual consumers using Gemini Advanced with Google Workspace and companies utilizing the LLM API. While Google has implemented safeguards and policies to mitigate these risks, the findings underscore the need to test and fortify language models against various adversarial behaviors.
Fortinet Patches Critical Vulnerabilities Leading to Code Execution
Source: Security Week
Fortinet has released patches addressing critical vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS, which could lead to code execution. These vulnerabilities, including out-of-bounds write and SQL injection flaws, allow attackers to execute code or commands via crafted requests. While Fortinet has not observed exploitation in the wild, users and administrators are strongly advised to apply the patches promptly to mitigate potential threats.
Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities
Source: Security Week
Intel and AMD have released 10 security advisories on Patch Tuesday, addressing vulnerabilities affecting their products. Intel's advisories include two high-severity issues, one impacting BIOS firmware and another affecting on-chip debug and test interfaces in certain 4th-generation Intel Xeon processors. The remaining vulnerabilities, rated as 'medium' or 'low' severity, could lead to information disclosure, denial of service, and local privilege escalation. Register File Data Sampling (RFDS) is a notable vulnerability that affects only Atom processors and allows a local attacker to access potentially sensitive data from memory. AMD's advisories address a newly disclosed microarchitectural vulnerability called GhostRace and a WebGPU browser-based GPU cache side-channel attack method. While AMD does not believe any exploit against their products has been demonstrated, they have provided advisories to address potential risks.
ChatGPT Plugin Vulnerabilities Exposed Data, Accounts
Source: Security Week?
Salt Security uncovered vulnerabilities in ChatGPT plugins that could lead to data exposure and account takeovers on third-party websites. These plugins allow users to access up-to-date information and integrate ChatGPT with services like GitHub and Google Drive. One vulnerability allowed attackers to install malicious plugins with their own credentials on victims' accounts, enabling them to intercept messages containing sensitive data. Another flaw in the AskTheCode plugin could have enabled attackers to take control of victims' GitHub accounts via a zero-click exploit. A third vulnerability, affecting OAuth authentication, could lead to account takeovers on plugins such as Charts by Kesem AI. The vendors were notified and patches were rolled out in response to the vulnerabilities. Custom GPTs are replacing ChatGPT plugins for paying customers, but Salt Security also plans to detail vulnerabilities found in GPTs.
SPECIAL REPORTS
Google Cloud CISO Spots Asymmetric Advantage for AI in Defense
Source: Cybersecurity Dive
Phil Venables , Google Cloud’s VP and CISO, asserts that generative AI gives defenders a significant advantage over attackers in the cybersecurity landscape. He believes that AI, trained on proprietary data and tuned to organizational contexts, can reverse the traditional "defender’s dilemma," where attackers only need one successful attempt while defenders must be consistently accurate. Google's AI Cyber Defense Initiative uses AI for digital security advancements, including autonomous cyber defenses and AI-integrated defensive systems.
LastPass’ CIO Vision for Driving Business Strategy, Innovation
Source: Help Net Security
LastPass's newly appointed CIO, Asad Siddiqui, discusses his approach to addressing key challenges in today's technology landscape, driving business strategy, and fostering innovation. He emphasizes the importance of aligning technology initiatives with business goals, fostering collaboration, and leveraging emerging technologies like AI to enhance data privacy and security. Siddiqui also highlights initiatives to contribute to company profitability through technology and strategies for cultivating talent within the IT team to support digital transformation.
IT Leaders Think Immutable Data Storage Is an Insurance Policy Against Ransomware
Source: Help Net Security
IT leaders increasingly recognize immutable data storage as a crucial component in combating ransomware attacks, with 94% already relying on or planning to implement such storage within the next 12 months. Immutable storage ensures data integrity by preventing deletion or modification once written, offering reliable data recovery in the event of a breach. Despite regional and vertical market variances in adoption rates, the consensus remains strong on the importance of immutable storage in bolstering cybersecurity defenses.
Strategic CIO | MS, Cybersecurity | Board-Level Advisor | Driving Innovation & Operational Excellence | PhD Candidate in Cybersecurity Management
12 个月Marcos, thank you for this every morning