Hello Cybersecuriters! 🍩

Before you scroll down and enjoy this week's newsletter, why not join our LinkedIn Group to keep in touch and see our updates. Click here to join.

This is what you missed this week, and read the newsletter for more

• 💻 Remember Solarwinds? A Similar Attack on 3CX Users in Massive Supply Chain Attack

• 📈 Students’ bank accounts hacked because of ticketing software breach

• 📈 Crown Resorts confirms ransom demand after GoAnywhere breach

• 📈 Twitter says source code was leaked on GitHub, now it’s trying to find the culprit

• 🚨 Employees Are Feeding Sensitive Business Data to ChatGPT

• 🚨 CISA tool 'Untitled Goose Tool' detects hacking activity in Microsoft cloud services

• ⚖️ Biden Acts to Restrict U.S. Government Use of Spyware

• 🎙️ The Business of Security - Partnering with Business Leaders to Build Your Security Program from Scratch

Enjoy this weekly newsletter.

💻 Malware and Vulnerabilities

Remember Solarwinds? A Similar Attack on 3CX Users in Massive Supply Chain Attack

• A massive supply chain attack linked to North Korea has been identified, impacting users of the 3CX voice application. The attack was detected through an analysis of the application's code, which revealed the presence of a malicious script designed to steal data from infected devices. The attack has impacted multiple organizations, and users are advised to update to the latest version of the 3CX application and conduct thorough security checks to mitigate the risk of further breaches.

• Victims included tech companies Malwarebytes, FireEye, and Microsoft; 10 US government agencies, including the Departments of Justice, Commerce, Treasury, Energy, and Homeland Security, and think tanks and NGOs, making the hacking campaign among the worst in modern US history. [read more]

📈 Breaches and Incidents

Students’ bank accounts hacked because of ticketing software breach

• Several students at Ithaca College have reported having their bank accounts hacked after purchasing tickets through the college's ticketing software, ShowClix. The breach, which occurred in late February, involved the theft of personal information, including credit card numbers, from ShowClix's database. It is not yet clear how many students were affected by the breach, but the college has urged all students who purchased tickets through the software to monitor their bank accounts for any suspicious activity. [read more]

Crown Resorts confirms ransom demand after GoAnywhere breach

• Crown Resorts, an Australian casino operator, has confirmed that it received a ransom demand after suffering a data breach through the file transfer software, GoAnywhere. The company disclosed that the breach exposed sensitive information of its customers, employees, and vendors, including names, addresses, and driver's license numbers. Crown Resorts stated that it is cooperating with law enforcement agencies and engaging cybersecurity experts to investigate the incident. [read more]

Twitter says source code was leaked on GitHub, now it’s trying to find the culprit

• GitHub has been ordered by a US judge to reveal the identity of a user who allegedly leaked Twitter's source code on the platform. Twitter filed a DMCA subpoena against GitHub to obtain the user's identity after the source code was leaked and shared on the platform. The judge granted Twitter's request, citing that the social media giant had a legitimate interest in pursuing the identity of the user.

• The decision highlights the potential legal consequences of posting sensitive or confidential information on public platforms, even if it was shared anonymously or under a pseudonym. The case also serves as a reminder for companies to take adequate measures to protect their sensitive data, as well as to enforce their intellectual property rights in case of a breach or a leak. [read more]

🚨 Threat Intel & Info Sharing

Employees Are Feeding Sensitive Business Data to ChatGPT

• A survey has found that 58% of employees have shared sensitive business data with a chatbot or virtual assistant like ChatGPT, raising concerns over data security.

• The survey also revealed that 70% of IT professionals fear that chatbots and virtual assistants are a security risk, and 68% believe that these technologies will be targeted by hackers in the future.

• In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company. [read more]

New CISA tool 'Untitled Goose Tool' detects hacking activity in Microsoft cloud services

• Twitter is reportedly testing a new verification process based on government-issued IDs. The new process is designed to verify user identities and prevent bots, trolls, and fake accounts from spreading misinformation and engaging in malicious activities on the platform.

• The Cybersecurity and Infrastructure Security Agency (CISA) has developed a new tool that can detect potential hacking activity in Microsoft cloud services. The tool, called 'Untitled Goose Tool', analyzes audit logs to identify any suspicious activity and provides organizations with guidance on how to investigate and respond to potential threats. This tool aims to enhance the security of Microsoft cloud services and help organizations better protect their data from cyber attacks. [read here]

📊 Trends, Reports, Analysis ​

Cyber Storm Predicted at the 2023 World Economic Forum

• At the 2023 World Economic Forum, cybersecurity experts warned of a "cyber storm" on the horizon, with the potential to cause widespread damage and disruption to businesses and governments around the world. The experts highlighted the growing sophistication of cyber attacks, as well as the increasing use of automation and artificial intelligence by hackers to carry out their attacks. They also noted that many organizations are unprepared to deal with the scale and complexity of modern cyber threats, leaving them vulnerable to potentially devastating attacks.

• To address these challenges, the experts called for a more coordinated and proactive approach to cybersecurity, including increased collaboration between governments, businesses, and other stakeholders. They also emphasized the need for greater investment in cybersecurity research and development, as well as in training and education for cybersecurity professionals. Overall, the experts stressed that the threat of cyber attacks is only going to increase in the years to come, and that businesses and governments must take action now to protect themselves and their critical assets from these growing threats. [read the report here]

⚖️ Laws, Policy, Regulations

Biden Acts to Restrict U.S. Government Use of Spyware

• The Biden administration has issued an executive order that aims to address the threat of spyware and other malicious software to U.S. national security. The order directs federal agencies to implement new measures to detect, prevent, and respond to the use of spyware by foreign governments and criminal organizations. The order also establishes a new interagency task force to coordinate the government's response to the threat of spyware and other malware.

• The executive order reflects growing concerns among U.S. officials about the use of spyware and other malicious software by foreign governments and criminal organizations to steal sensitive information, disrupt critical infrastructure, and carry out other cyber attacks. In recent years, a number of high-profile cyber attacks, including the SolarWinds hack and the recent Microsoft Exchange hack, have underscored the need for stronger measures to combat the threat of spyware and other malware.

• The executive order also comes amid a broader push by the Biden administration to strengthen U.S. cybersecurity and address the growing threat of cyber attacks. In addition to the measures outlined in the executive order, the administration has also proposed a $10 billion investment in cybersecurity initiatives as part of its infrastructure plan. These initiatives are aimed at improving the security of critical infrastructure, enhancing the cybersecurity workforce, and increasing public-private partnerships to combat cyber threats. [read more]

🎙 Podcast Recommendations

The Business of Security - Partnering with Business Leaders to Build Your Security Program from Scratch

• In today's episode, Allan will share his insights on the fundamentals of building a robust cybersecurity program, the importance of understanding an organization's unique needs, and how to forge strong partnerships with business leaders. [listen here]

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮

If you liked our content, be a part of our Cybersecurity journey, then you can join our communities below or go to The Cybersecurity Club for resources.

Signing off! Stay safe and we’ll see you soon.