Hello Cybersecuriters! 🍩

Let's dive into this week’s cybersecurity highlights. If you would like to be a sponsor, then do reach out to us at [email protected]

This week the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about an exploited Linux vulnerability, while research has revealed vulnerabilities in AI and machine learning models that could allow for data manipulation. In addition, there have been several notable breaches, including a cyberattack on the Idaho National Laboratory, a significant breach affecting the Canadian government, and a data breach at AutoZone. Morgan Stanley has also experienced a breach, and Poland is investigating the former government's use of spyware.

Furthermore, an ex-NTT staffer has been found stealing private data, while Ukraine has fired its top cybersecurity officials over an alleged $1.7 million embezzlement scheme. To help mitigate these risks, CISA has provided guidance to healthcare organizations, and the US and Indonesia have agreed to partner up on cybersecurity efforts. However, Indian cybercrime groups continue to pose a threat, using SMS and messaging apps to spread malware. It's essential to stay informed and take necessary precautions to protect yourself and your organization from these types of threats.

💻 Malware and Vulnerabilities

• CISA Warning: Looney Tunables Linux Vulnerability Exploited. Qualys’ Threat Research Unit disclosed the vulnerability last week, accompanied by a published proof-of-concept exploit.

• Research reveals vulnerabilities in AI and machine learning models that could allow manipulation and theft of data, raising questions about the integrity and security of these emerging technologies.

📈 Breaches and Incidents

• The Idaho National Laboratory, a pivotal U.S. research facility specializing in nuclear energy research, recently fell victim to a cyberattack. SiegedSec asserts that it has obtained “hundreds of thousands of users, employee, and citizen data”. Which comprises full names, social security numbers, bank account information, addresses, and more.

• Canadian government revealed a significant breach detected on October 19th, exposing sensitive information belonging to both current and former Government of Canada employees, Canadian Armed Forces members, and Royal Canadian Mounted Police personnel.

• AutoZone Confirms Data Breach, 185K Customers Impacted in Clop Cyberattack

🚨 Threat Intel & Info Sharing

• Poland to probe former government's use of Pegasus spyware on opposition, journalists via special commission.

• The former Chief Operating Officer of cybersecurity firm Securolytics has pleaded guilty to hacking two hospitals in 2018 as a bizarre publicity stunt for his company.

• Morgan Stanley has fallen victim to a breach of customer information, and it was revealed that the breach included the exposure of confidential customer information, including personal details such as account numbers. This breach could cost them in $6.5 million in fines.

• Ex-NTT Staffer Steals Private Data of 9 Million Customers, Sells Records to Shadowy Data Brokers

• Ukraine fires top cybersecurity officials Shchyhol and Zhora over alleged $1.7 million embezzlement scheme contracting software at inflated prices amid war with Russia.

⚖️ Laws, Policies, and Regulations

• CISA provides guidance to healthcare organizations with actionable cybersecurity insights, covering risk assessments, cyber hygiene, incident response plans, threat intelligence integration, collaboration, supply chain security, endpoint protection, and comprehensive employee training.

• Biden and Widodo pledge to elevate US-Indonesia partnership, cooperating on economy, climate, defense, health, strengthening cybersecurity including securing communications networks and addressing threats through regular security dialogues.

📊 Trends, Reports, Analysis ​

• Microsoft details Indian cybercrime groups using SMS and messaging apps to distribute Android banking malware designed to steal user info and credentials.

😊 Picture of the week

Types of Cyber Attacks

We hope you enjoyed your weekly digest! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

If you liked our content, and be a part of our Cybersecurity journey, then you can get updates on our The Cybersecurity Club site, and why not consider joining our Discord Community or our LinkedIn Group.

Thank you for being a part of our newsletter community. Stay informed, stay inspired, and stay connected. Until next time7