Infosec Monitor: No. 23

No. 23, April 5, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor?— The XY backdoor vulnerability, AT&T confirms a data breach, and Microsoft's cascade of avoidable errors.

Get The Infosec Monitor every Friday in your inbox

Subscribe ???https://infosecmonitor.substack.com

Highlight of the Week

The XZ Backdoor

Last week, MS employee Andres Freund discovered something was amiss on his server. Not a researcher but highly observant, he stumbled upon an incredible long-play of trojan horsing backdoor code into a Linux utility called XZ. The XZ library is an open-source project for data compression. The hacker, only so far known as "Jia Tan," spent years carefully ingratiating themselves with the community around the project to insert the backdoor. The exploit allows the attacker to bypass secure shell authentication and gain complete access to the affected system. Thankfully, Andres discovered the vulnerability early on, and only beta versions of Linux distros were affected. The remedy is mostly to downgrade to an early version of XZ. Meanwhile, this highlights vendor risk again and brings back memories of Log4Shell vulnerability.?Dark Reading?Tenable?The Record?Bleeping Computer

News

Ivanti pledges to change, but will it?

Ivanti has been in the news for one vulnerability after another for months. This week, their CEO released an open letter to customers pledging to a "Secure-by-Design" ethos. I like Patrick Garrity ?????? 's take the most. If you're going for security, shouldn't your hiring reflect this??The Record?SC Magazine

Microsoft's Security Failures Enabled Chinese Hackers to Breach Government Emails. Microsoft remains uncertain how the Chinese hacking group Storm-0558 obtained an authentication key to unlock emails in 2023. The Cyber Safety Review Board (CSRB) stated this week the breach resulted from Microsoft's inability to identify security issues and a lack of sufficient cloud security measures. They went on to say the hack was made possible by a "cascade" of avoidable errors.?Help Net Security?CSO Online

FCC is concerned about "significant weaknesses" in telecommunication networks.?The Record

AI & Security

AI Chatbots Nudge Developers Toward Non-existent Software Packages

According to a report by Lasso Security, developers may end up using non-existent software packages recommended by AI chatbots. These "hallucinated" packages are created by large language model tools and then used by developers in their code. The test also demonstrated the alarming trust in AI recommendations, with a fake empty package downloaded over 30,000 times.?Security Week

ChatGPT jailbreak prompts proliferate on hacker forums.?SC Magazine

Cyber Security Incidents

AT&T confirms data breach impacting 73M customers

Just a week ago, AT&T mainly was silent about the possible breach. And two weeks ago, they said they had not been breached. Now, AT&T has confirmed that the data leak on 73M of its past and current customers appears to be from them. They are unsure if the data is directly from them or a vendor. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."?The Record

US State Department Probes Major Data Leak

The US State Department is investigating a sizable data leak, possibly involving classified Five Eyes intelligence and personal information of government and military staff. Tech consulting firm Acuity is suspected to be the source of the breach, conducted by threat actor IntelBroker, who has a history of leaking government agency data.?Bleeping Computer

SurveyLama data breach impacts 4.4M accounts

SurveyLama was hit by a data breach in February, affecting 4.4M users. Compromised data includes dates of birth, email addresses, IP addresses, full names, passwords, phone numbers, and physical addresses. SurveyLama has not given any information on how the breach occurred.?Bleeping Computer

City of Hope cancer center hit with data breach exposing 827K patients

The center was hit by a security breach between September and October 2023. The breach resulted in unauthorized access and copying of files, including personal identification and medical records. No identity theft or fraud directly resulting from this breach has been reported.?Security Week

RGB-TEAM Claims Hack on Russia's Criminal Database

Hacktivist group RGB-TEAM claims to have hacked Russia's prosecutor general's database, revealing about 100,000 criminal records. The leaked data spans three decades and includes information on crimes like theft and drug sales.?The Record

Omni Hotels hit by cyber attack causing ongoing outages

The attack was first discovered on March 29 and forced a system shutdown for protection. This incident has caused technological issues, hampering check-ins and new reservations. The hotel chain is investigating the attack's full impact, including possible data theft.?The Record

Jackson County, MO, declared a state of emergency due to a ransomware attack.?Bleeping Computer

Prudential's February cyber attack impacted 37K customers.?SC Magazine

A data breach hit OWASP Foundation, and 1K resumes were stolen.?The Record

Google Ad's being used to distribute malware.?Dark Reading

Millions of WordPress sites are vulnerable to a SQL injection vulnerability in the LayderSlider plugin.?The Hacker News

Threat actor TA558 launches an extensive phishing campaign in Latin America targeting various sectors to deploy Venom RAT.?The Hacker News

Interesting Reads

Zoom has paid out over $10M in bug bounties since 2019

Zoom has reported paying over $10 million through its bug bounty program since its creation in 2019. Last year alone, the firm handed out about $2.4 million to security researchers, recognizing over 1,000 vulnerability reports. Advisories were published addressing 58 vulnerabilities, including three critical severity and several high-severity flaws. The video conferencing platform has also created its own open-source Vulnerability Impact Scoring System (VISS). VISS complements CVSS and helps organizations prioritize vulnerabilities based on actual exploitation data rather than theoretical impact.?Security Week

NIST's NVD needs help to scale and needs help.?Dark Reading

Another HTTP/2 DoS Attack. Continuation Flood can pose a greater risk than Rapid Reset.?Security Week

Data & Research

Impersonation scams cost victims $1.1B in 2023, according to FTC

40% of the scams started online. $1.1B is nearly 3x higher than it was in 2020.?The Record

Meanwhile, 76% of consumers don't see themselves as cybercrime targets.?Help Net Security

68 cyberattacks caused physical consequences to operational technology in 2023.?Dark Reading

21% of the S&P 500 experienced a data breach in 2023.?SiliconANGLE

Cybersecurity Mergers, Acquisitions, and Funding

Permiso, cloud threat detection, raises $18M in Series A.?Security Week

SydeLabs, generative-AI security, raises $2.5M in Seed funding.?Security Week

Rubrik, data security, announces IPO plans.?SiliconANGLE

Get The Infosec Monitor every Friday in your inbox

Subscribe ???https://infosecmonitor.substack.com