Cyber Briefing ~ 02/13/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
US Government Accountability Office Notified of Data Breach by IT Contractor CGI Federal
The US Government Accountability Office (GAO) has been notified of a data breach by IT contractor CGI Federal. The breach has affected approximately 6,000 individuals, primarily current and former GAO employees, from 2007 to 2017. The size and scope of the breach have not been immediately ascertained, and it is unclear if other departments have been affected. CGI Federal has not yet commented on the matter. (REUTERS.COM )
Attackers Hit More Networking Gear, This Time a Critical Fortinet CVE
Threat actors are actively exploiting a critical remote code execution vulnerability, CVE-2024-21762, in Fortinet's FortiOS operating system. The vulnerability allows unauthenticated attackers to execute arbitrary code or commands. The Cybersecurity and Infrastructure Security Agency (CISA) has added it to its list of known exploited vulnerabilities. Fortinet has released a patch and workaround, advising customers to upgrade or migrate to patched versions of FortiOS and the FortiProxy secure web gateway. CISA has ordered federal agencies to remediate the vulnerability by February 16. (CYBERSECURITYDIVE.COM )
Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps
A campaign targeting Microsoft Azure corporate clouds is compromising dozens of environments and hundreds of user accounts. Attackers are using tailored phishing techniques to obtain Microsoft 365 login credentials, specifically targeting strategic individuals in organizations, including executives and managers. Once access is gained, the attackers engage in various malicious activities, such as data theft, financial fraud, and manipulation of multifactor authentication settings. Organizations are advised to be vigilant, enforce strict password hygiene, and implement auto-remediation policies to mitigate the risk of compromise. (DARKREADING.COM )
What to Know About China's Cyber Threats
China has emerged as the top hacking threat in 2024, with a recent string of attacks targeting critical U.S. infrastructure. Public officials have been sharing unprecedented details about ongoing cyber threats, highlighting the Biden administration's deep concern about a Beijing-backed cyberattack. The Volt Typhoon hacking group, linked to the Chinese government, has gained access to U.S. infrastructure for at least five years, tampering with essential services like water and energy controls. This marks a shift from traditional Chinese hacking, as the Volt Typhoon focuses on destructive cyberattacks. The Biden administration is considering regulations to mandate cybersecurity measures for critical infrastructure operators. The average person is advised to regularly update their routers and implement multifactor authentication for online accounts. (AXIOS.COM )
David Kahn, Leading Historian of Codes and Code Breaking, Dies at 93
David Kahn, renowned author of "The Codebreakers," a groundbreaking book on cryptology, passed away at the age of 93. Published in 1967, "The Codebreakers" shed light on the history of secret codes and inspired a generation of code breakers. Despite initial resistance from the U.S. government, the book became a success and propelled the study of cryptology into the private sector. Kahn's contributions to the field earned him respect and recognition from the National Security Agency. (NYTIMES.COM )
FCC Makes It Official: AI-Generated Voices in Robocalls Are Illegal
The FCC has ruled that using AI-generated voices in robocalls is illegal, providing new tools for state attorneys general to crack down on voice-cloning technology used in robocall scams. The ruling clarifies that generating an AI voice for a robocall is illegal in itself. The rise of sophisticated AI-generated voice technology has made it easier and cheaper for scammers to perpetrate phone scams, prompting action from regulators. (WASHINGTONPOST.COM )
FCC Orders Telecom Carriers to Report PII Data Breaches Within 30 Days
The FCC has issued a final rule requiring telecommunications companies to report data breaches impacting customers' personally identifiable information (PII) within 30 days. The updated data breach reporting requirements aim to ensure accountability for telecom carriers in safeguarding sensitive customer information and providing customers with the necessary tools to protect themselves. The rule expands the scope of breach notification requirements to include PII and inadvertent access, use, or disclosure of customer information. The FCC has removed the waiting period for carriers to inform customers, mandating prompt notification after alerting relevant federal agencies. (BLEEPINGCOMPUTER.COM )
JCDC 2024 Priorities: Expanding Partnerships to Address Cyber Risks
The Joint Cyber Defense Collaborative (JCDC) has published its 2024 Priorities, aiming to enhance partnerships in tackling future cyber risks. The priorities include defending against APT operations, improving cybersecurity posture, anticipating emerging technology risks, and decreasing the impact of ransomware and AI-related threats on critical infrastructure. JCDC will work with interagency and private sector partners to strengthen defenses and provide support to state and local election officials. The collaborative also seeks to promote Secure by Design principles and decrease the risk posed by AI. (CISA.GOV )
Ivanti Connect Secure Threat Activity Continues as Researchers Flag Additional Flaws
Suspected nation-states and financially motivated threat groups are still exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure, even after the release of initial security patches. Ivanti backtracked on claiming to have internally discovered a new vulnerability and failed to credit the security firm watchTowr for disclosing it. The vulnerability involves an XML external entity (XXE) vulnerability, allowing attackers to access restricted resources without authentication. Researchers have noted that the accelerated patching process can sometimes introduce new vulnerabilities. Shadowserver has reported ongoing threat activity related to both newly discovered and previously known vulnerabilities. (CYBERSECURITYDIVE.COM )
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union
Hyundai Motor Europe and the Service Employees International Union (SEIU) Local 1000 in California have both reported cyberattacks in January. Black Basta, a ransomware group, claimed to have stolen 3TB of data from Hyundai Motor Europe, while LockBit, another ransomware group, claimed responsibility for the attack on SEIU Local 1000, stealing 308GB of data. Both organizations are working with cybersecurity experts to investigate the incidents and restore operations. (DARKREADING.COM )
领英推荐
California Privacy Agency Can Start Enforcing Its Regulations, Court Rules
The California Privacy Protection Agency (CPPA) can now begin cracking down on privacy violations after an appeals court overturned a decision that limited its enforcement capabilities. The court order that prevented the CPPA from enforcing privacy rules finalized in March 2023 has been nixed. The CPPA had previously been restricted from enforcing the regulations until March 2024. The decision serves as a reminder to businesses to review their privacy practices for compliance. The California Chamber of Commerce, which filed the original lawsuit, has not yet responded to the ruling. (POLITICOPRO.COM )
A Bronx Cheer Greets Biden’s First Health AI Rules
The healthcare industry expresses dissatisfaction with the Biden administration's AI regulations, fearing a lack of coordination and overlapping rules from multiple agencies. The Office of the National Coordinator for Health Information Technology (ONC) finalized rules requiring transparency from AI developers, but concerns remain about the breadth of regulation and potential disadvantages for startups. ONC Head Micky Tripathi acknowledges the need for a more formalized governance structure for AI and calls for a national data privacy law to empower agencies. (POLITICOPRO.COM )
Contractual Obligations Driving Data Privacy, Cybersecurity Upgrades
Companies are increasingly being driven to prioritize data privacy and cybersecurity due to contractual provisions from business partners. Small and mid-sized companies are starting to understand the importance of having protections in place, even if they don't hold sensitive information. In-house counsel can enhance their privacy and security posture by seeking assistance from outside counsel with established relationships with insurance companies, technical specialists, and law enforcement agencies. Maintaining confidentiality in internal communications about privacy and security is crucial, as outside counsel can help ensure privilege is maintained in the event of an incident. (LEGALDIVE.COM )
UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts are investigating 58 cyberattacks attributed to North Korea between 2017 and 2023, worth approximately $3 billion. The funds are reportedly being used to support the country's weapons of mass destruction program. The cyberattacks, carried out by North Korean hacking groups affiliated with the Reconnaissance General Bureau, are ongoing. The report also highlights North Korea's flouting of U.N. sanctions, development of nuclear weapons, and production of nuclear fissile materials. (APNEWS.COM )
Danbury OKs $600K for Schools After Ransomware Attack, Unbudgeted Special Education Costs
The City Council of Danbury has approved funding of over $600,000 to address the costs incurred from a ransomware attack on the school district's computer network and previously unbudgeted special education expenses. The ransomware attack, which occurred in September 2020, led to expenses of $202,274 for network security improvements and credit monitoring. Additionally, the district incurred $400,000 in special education costs due to a change in state law. The funds will be sourced from the school district's committed fund balance. (CTINSIDER.COM )
Taiwan Reports More Chinese Balloons over Taiwan Strait
Taiwan's defense ministry has reported the detection of eight Chinese balloons crossing the Taiwan Strait, with five flying across Taiwan, marking the second consecutive day of a large number of balloons. Taiwan has expressed concerns about the balloons, considering them a threat to aviation safety and psychological warfare. China's defense ministry did not comment on the issue. Chinese warplanes frequently operate in the Taiwan Strait, disregarding the unofficial barrier between the two sides. Taiwan recently elected Vice President Lai Ching-te as its next president, prompting tensions with China. The use of balloons for potential spying has become a global concern. (REUTERS.COM )
Alabama Governor Creates Task Force for Responsible AI Adoption
Alabama Governor Kay Ivey has issued an executive order to establish a task force called the Task Force on Generative Artificial Intelligence. The task force, consisting of seven cabinet members, representatives from higher education, and legislators, will analyze the risks and applications of generative AI in state government agencies. They are expected to submit a report with policy and administrative recommendations to the governor by November 30th. The executive order also includes provisions for the Alabama Office of Information Technology to create a cloud infrastructure for AI-related pilot projects in approved environments. This move aligns with the growing trend of states enacting regulations on AI development and use. (GOVTECH.COM )
Volt Typhoon: Keep Calm and Carry On + VPNs Wounded in CyberKnife Fight
The U.S. government has confirmed that a Chinese hacker group called Volt Typhoon has compromised multiple critical infrastructure organizations, likely to enable disruptive cyber-attacks during a potential conflict. On January 31, the Justice Department disrupted an infrastructure botnet used by Volt Typhoon. More actions are likely underway to undermine Volt Typhoon's capabilities and confidence in launching effective attacks, though public government warnings may be aimed more at critical infrastructure operators than deterring China. (LAWFAREMEDIA.ORG )
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.
?? Navigating cyberspace is like sailing the vast ocean - challenges are vast but not insurmountable. Adaptability & persistence light the way. - Ancient wisdom & tech giants ?? #CybersecurityJourney #InnovationThroughChallenge
Vice President & Chief Security Officer @ AVANGRID | Critical Infrastructure Protection
9 个月These are always very well done. If you don’t get these, you should. Great job, Frank Cilluffo