Cyber Briefing ~ 02/14/2024

CISA Warns of Exploited Fortinet Bug in the Wild

The US Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about two critical vulnerabilities in Fortinet, specifically affecting FortiOS SSL VPN. The first vulnerability, CVE-2024-21762, could allow attackers to execute arbitrary code or commands and is potentially being exploited in the wild. CISA has ordered federal civilian agencies to install the patch within a week, highlighting the level of alarm. The second vulnerability, CVE-2024-23313, is not believed to be actively exploited. Fortinet devices are popular targets for nation-state hackers, particularly those associated with the Chinese government. (THERECORD.MEDIA )

White House to Combat Deepfakes with Cryptographic Verification

The White House plans to cryptographically verify official releases, including President Joe Biden's addresses, to combat the rise of deepfakes and AI scams. The aim is to establish trust by ensuring that information coming from the White House is authentic and not generated by AI tools. The verification process involves using private and public key pairing to encrypt and decrypt hash values, allowing the public to verify the source. However, challenges remain in building public trust and avoiding potential misuse of cryptographic verification. (CYBERNEWS.COM )

Former CISA Director Chris Krebs On Vote-By-Mail Process

In this interview, former CISA director Chris Krebs discusses recent efforts to improve election security and infrastructure resilience leading up to fall elections. State and local election officials are readying themselves for the 2024 election cycle and hope to address lingering public doubts over the security of mail-in voting through pre-certification audits and transparency around signature verification and ballot tracking processes, according to Krebs, while affirming there was no evidence of fraud in 2020. (CNBC.COM )

Ongoing Campaign Compromises Senior Execs' Azure Accounts, Locks Them Using MFA

Unknown attackers are targeting Microsoft Azure accounts, including those belonging to senior executives, in a campaign aimed at stealing sensitive data and financial assets. The attackers use phishing techniques to compromise the accounts and then enroll them in various forms of multifactor authentication to make it harder for victims to regain control. The campaign involves data exfiltration, internal and external phishing, financial fraud, and the creation of mailbox rules to cover their tracks. The attackers utilize proxies and change their operational infrastructure to obfuscate their activities. Organizations are advised to be vigilant and implement security defenses to detect and respond to these attacks. (ARSTECHNICA.COM )

Cyber Focus Episode 3 ~ Securing the Digital Ecosystem with Melissa Hathaway

This episode of Cyber Focus discusses the threats to our digital ecosystem with cybersecurity expert Melissa Hathaway. Hathaway shares insights from her work leading national cyber efforts under two administrations. Key topics explored include the growing risks of "living off the land" tactics used by China and other adversaries, who are exploiting unpatched software vulnerabilities to gain unauthorized access. The discussion emphasizes the need for more secure coding practices and focuses the innovation agenda on cyber resilience. This timely conversation provides valuable perspectives on collective actions needed to shore up defenses and counter growing threats in both the public and private sectors. (BIT.LY )

The Importance of Information Quality in the Age of AI

Ensuring information quality is crucial for maintaining trust in democratic institutions and preventing the spread of misinformation and disinformation. The proliferation of generative AI poses a significant challenge, requiring a collective effort to establish reliable, transparent, and accurate information as a national advantage. Measures such as creating interoperable information quality standards and developing tools to access trustworthy election-related information are necessary to protect the integrity of elections and counteract the influence of malign actors. Ultimately, aligning AI with information quality is essential for preserving trust in institutions and democratic norms. (REUTERS.COM )

200,000 Facebook Marketplace User Records Leaked on Hacking Forum

A threat actor has leaked 200,000 records on a hacker forum, claiming they contain the personal information of Facebook Marketplace users, including mobile phone numbers and email addresses. BleepingComputer has verified some of the leaked data. The data breach is attributed to a cybercriminal who breached a Meta contractor's systems. This incident highlights another data security issue for Meta, as they previously faced a large fine for failing to protect Facebook users' personal information from scrapers. The leaked data can be used in phishing attacks and SIM swap attacks. (BLEEPINGCOMPUTER.COM )

FCC Telecoms Breach Reporting Mandate

The Federal Communications Commission (FCC) has introduced new regulations requiring telecommunication companies to report data breaches involving customers' personally identifiable information (PII) within a 30-day timeframe. This expansion of breach notification rules aims to modernize and ensure swift communication to affected customers. The FCC emphasizes the importance of holding telecom providers accountable for safeguarding sensitive data and empowering customers to protect themselves. The regulations remove the waiting period for customer notification and prioritize prompt communication, with a maximum 30-day delay unless law enforcement requires a longer delay. FCC Chairwoman Jessica Rosenworcel emphasizes the significance of protecting personal data in the digital age and mitigating the risks associated with data breaches. (CYBERMATERIAL.COM )

Scammers Used AI To Tell The World I Was Dead. Why? I Had To Find Out

Los Angeles Times arts and culture writer Deborah Vankin investigates why she was the target of an AI-generated scam claiming she had died. She tries to uncover the motives and methods behind these fake death hoaxes that are proliferating online. (LATIMES.COM )

How Machine Learning Will Transform Supply Chain Management

The article discusses a new supply chain planning approach called optimal machine learning (OML) that directly connects supply and demand data to decisions instead of relying on demand forecasts. OML overcomes flaws in existing methods by using machine learning and cloud computing to create a detailed digital twin model of the supply chain. Implementing OML allowed companies to achieve higher service levels and inventory turns at lower costs. Realizing the benefits requires cross-functional planning teams, redesigned sales and operations processes, and stakeholder alignment on key performance indicators. (HBR.ORG )

Ransomware Attack Forces Colorado Public Defenders to Disable Network

The Office of Colorado State Public Defenders had to shut down its computer network due to a cyberattack that encrypted its data. While the attack did not impact the state's judicial department or court system, public defenders have been unable to access case information, leading to mass requests for postponements and potentially causing a backlog of cases. The duration and timing of the cyberattack have not been disclosed. (STATESCOOP.COM )

CISA Releases 2024 Priorities for the Joint Cyber Defense Collaborative

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the 2024 priorities for the Joint Cyber Defense Collaborative (JCDC), a government and private collaborative initiative. The JCDC's focus will be on defending against advanced persistent threat operations, enhancing baseline protections for critical infrastructure, and anticipating emerging technology and risks. This comes amid concerns about the effectiveness of the JCDC due to a lack of technical expertise and criticisms of being a "cool-club for vendors." CISA aims to provide value to the industry by showcasing risk mitigation and reducing cybersecurity risks. (CYBERSCOOP.COM )

United Nations Digging Into DPRK Crypto Cyberattacks Totaling $3B

The United Nations is launching an investigation into North Korean-sponsored cyberattacks on cryptocurrency companies, aiming to uncover how these attacks have generated approximately $3 billion to fund the country's illicit nuclear program. The investigation will examine 58 specific cyberattacks conducted by the Democratic People's Republic of Korea (DPRK) between 2017 and 2023. The forthcoming UN report will also highlight new trends in North Korean state-sponsored hacking, such as increased collaboration among threat groups, targeting of the defense sector, and supply chain attacks. (DARKREADING.COM )

House GOP Tees Up Revived Surveillance Bill

House Republicans are preparing to reintroduce legislation to reauthorize and make changes to Section 702 of the Foreign Intelligence Surveillance Act, which has raised concerns about its impact on Americans' privacy. The bill is expected to go through the Rules Committee before being brought to the floor for a vote, possibly on Thursday or Friday. Amendments to the bill, including a warrant requirement and restrictions on data brokers selling consumer information to law enforcement, are also expected. The deadline for a deal is mid-April, but Republicans want quicker action. (POLITICOPRO.COM )

Meet the Vatican’s AI Mentor

Friar Paolo Benanti, a Franciscan friar, is shaping AI control in Rome and the Vatican. He calls for "human-centric" AI and emphasizes the risk of delegating critical thinking and decision-making power to machines. Benanti has influenced AI policy through strategy papers like the Rome Call for AI Ethics, which has gained support from tech giants, religious leaders, and governments. He is concerned about the impact of AI on jobs and the potential over-reliance on AI systems for important choices. Benanti also sees the potential for AI to make religious knowledge more accessible. (POLITICOPRO.COM )

China’s Shipyards Are Ready for a Protracted War. America’s Aren’t.

China's shipbuilding industry dominates the global market, while the U.S. has fallen behind. China's shipyards, which can build at wartime rates, give them a significant advantage in a protracted conflict, while the U.S. struggles to keep up with peacetime demand and lacks the necessary infrastructure. (WSJ.COM )

Rhysida Ransomware Decryption Tool Released

South Korean researchers have released a decryption tool for Rhysida ransomware based on a vulnerability in its encryption process. The tool can recover files encrypted by the Windows Portable Executable (PE) version of Rhysida but not the ESXi or PowerShell payloads. The release of the decryption method may prompt the Rhysida group to fix the vulnerability. (SCMAGAZINE.COM )

Cyberattack Shuts Down Colorado Public Defender’s Office

The Office of the Colorado State Public Defender was hit by a cyberattack, forcing the agency to shut down its computer network. Public defenders are unable to access their work computers, court dockets, or files, causing delays in court cases. The outage could last up to a week. The attack, possibly ransomware, highlights the vulnerability of government agencies and the potential exposure of sensitive client information. (FORTMORGANTIMES.COM )

NYC Cabbies Get Prison Time in Russian Hack Scheme to Skip JFK Taxi Line

Queens cab drivers Daniel Abayev and Peter Layman have been sentenced to prison for collaborating with Russian hackers to breach the JFK Airport taxi dispatch system. They charged other cabbies $10 each to skip to the front of the pick-up line, earning kickbacks. The duo sent part of their earnings to the hackers, who helped them gain access to the system. Abayev received a four-year sentence, while Layman was sentenced to two years. Two Russian individuals indicted in the scheme remain at large. (NYPOST.COM )

AI Use on Dating Apps Rising, 1 in 4 Americans Use to Enhance Profile

A new study by cybersecurity firm McAfee reveals that 23% of Americans are now using artificial intelligence (AI) to improve their online dating profiles and messages, up from 15% last year. However, the increased use of AI in dating apps is also leading to a rise in romance scams, fake profiles, and inauthentic descriptions. The study found that 58% of respondents encountered fake, AI-generated profiles over the past year, and 31% had encountered scammers attempting to steal money or personal information. The prevalence of AI in dating apps is making it more difficult for users to distinguish between real people and fake profiles. McAfee Chief Technology Officer Steve Grobman advises users to approach online dating with a healthy level of skepticism and to protect their privacy and personal information. (READWRITE.COM )

Ransomware Attack Takes 100 Hospitals Offline

A ransomware attack on the Hipocrate platform, which provides IT systems for multiple healthcare providers in Romania, has caused at least 100 hospitals to go offline. The attack, which occurred on February 11, resulted in the encryption of files and databases, rendering them inaccessible. While 25 hospitals were directly impacted, an additional 79 took systems offline as a precautionary measure. The Romanian National Cybersecurity Directorate confirmed that a ransom of 3.5 BTC ($100,000) has been demanded, and it advises against contacting the attackers or paying the ransom. Healthcare organizations are urged to isolate affected systems, preserve evidence, and restore systems from backups once they have been cleaned and updated. (FORBES.COM )

Bank of America Warns Customers of Data Breach Following 2023 Hack

Bank of America has confirmed a data breach impacting its customers following a supply chain hack at IT consulting and service provider Infosys McCamish Systems in November 2023. The number of affected customers and the extent of the exposed personally identifiable information, including social security numbers and account details, is yet to be confirmed. Cybersecurity experts emphasize the importance of protecting the supply chain and fostering a proactive security consciousness to mitigate such breaches. (FORBES.COM )

TheTruthSpy Exposed: This Spyware Lookup Tool Says If Your Android Device Was Compromised

TechCrunch has unveiled a spyware lookup tool that enables users to check if their Android device was compromised by the notorious spyware operation called TheTruthSpy. The consumer-grade spyware apps, including TheTruthSpy, iSpyoo, and Copy9, allow secret surveillance by uploading private contents such as call logs, messages, and real-time location to a dashboard. TechCrunch's investigation found a security vulnerability in TheTruthSpy's apps, leading to the exposure of the personal data of hundreds of thousands of Android users. The spyware lookup tool uses leaked lists of compromised devices to determine if a device was compromised and provides resources for removing the spyware. (TECHCRUNCH.COM )

Hackers Uncover New TheTruthSpy Stalkerware Victims: Is Your Android Device Compromised?

Hackers have exploited a security flaw in TheTruthSpy, a consumer-grade spyware operation, gaining access to stolen mobile device data. The hacking groups SiegedSec and ByteMeCrew identified the flaw, exposing tens of thousands of Android phones compromised by TheTruthSpy. TechCrunch has added these unique identifiers to their spyware lookup tool to help users determine if their device has been compromised. TheTruthSpy is part of a network of Android spyware apps that allow secret surveillance on unsuspecting victims. (TECHCRUNCH.COM )

Want a Stronger Cybersecurity Culture? Time to Destigmatize Mistakes.

To build a strong cybersecurity culture, organizations should focus on creating a safe space for employees to learn and make mistakes without fear of punishment. Training should be about learning and empowering employees rather than instilling fear. By destigmatizing mistakes, organizations can foster a culture of compassion and facilitate effective cybersecurity training. (DICE.COM )

Man Arrested in Malta in Global Operation to Shut Down Cybercrime Network Targeting Australians

Daniel Meli, a 27-year-old man, has been arrested in Malta as part of an international operation targeting a global cybercrime network that focuses on Australians. Meli is accused of selling and training criminals in the use of Warzone, a remote access trojan software. The software allows criminals to bypass security systems and gain unauthorized access to computers, enabling them to steal sensitive information. The Australian Federal Police (AFP), along with the FBI and Europol, participated in the operation. The AFP warns that they will continue to track down other individuals involved in this cybercrime network. (THEGUARDIAN.COM )

Subscribe to our LinkedIn Cyber Briefing .

Subscribe to our Cyber Focus podcast .

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn , Twitter , Threads , Instagram , Facebook , and YouTube .