🚨 Cybersecurity Debrief: CISA warns of exploits, Texas Tech Breach impacts 1.4M, N. Koreans Indicted in $88M scheme, CIRCIA reporting rules and holiday cyber threats.

This week's cybersecurity news includes CISA warnings about Adobe ColdFusion and Windows vulnerabilities, a new attack chain delivering espionage RATs, a data breach at Texas Tech University impacting 1.4 million, and 5 million stolen payment card details. Amazon paused its Microsoft Office rollout after hacks, and threat actors are using holiday-themed lures. Google Play may suspend payments for Russian developers and TP-Link faces a US national security probe. Meta was fined €251 million, and fourteen North Koreans were indicted for fraud.

Join us to expand your professional network, gain insights, and support each other in tackling today’s cybersecurity challenges https://shorturl.at/971us

💻 Malware and Vulnerabilities

• CISA Warns of Exploited Adobe ColdFusion and Windows Vulnerabilities: The Cybersecurity and Infrastructure Security Agency (CISA) is alerting users to the ongoing exploitation of vulnerabilities in Adobe ColdFusion and Windows. It is urging users to apply necessary patches and updates to mitigate these risks.

• New Attack Chain Delivers Espionage Rats: A new attack chain used by TA397 delivers espionage Remote Access Trojans (RATs). This highlights the evolving methods used by threat actors to compromise systems.

📈 Breaches and Incidents

• Texas Tech University Data Breach Impacts 1.4 Million People: A significant data breach at Texas Tech University has compromised the personal information of approximately 1.4 million individuals. The breach highlights the potential for large-scale data compromises at educational institutions.

• 5 Million Payment Card Details Stolen: There was a significant theft of 5 million payment card details, serving as a reminder to monitor financial accounts closely. This incident highlights the need for increased vigilance during holiday spending.

• Clober Liquidity Vault Compromised in Security Breach: A security breach has occurred at the Clober Liquidity Vault, resulting in the loss of funds. The Clober protocol itself is unaffected and continues to operate securely. The team has provided a transaction link for the attack1. A 20% bounty is offered for the return of the stolen funds, with assurance that no legal action will be taken if the attacker complies. The funds should be sent to the provided address. The Clober team is working to track and recover the stolen assets.

🚨 Threat Intel & Info Sharing

• North Korean Nationals Indicted for Multi-Year IT Fraud Scheme and Extortion: Fourteen North Korean nationals have been indicted for their involvement in a long-running scheme to defraud U.S. companies. They are accused of using false identities to obtain remote IT jobs, stealing sensitive company information, and engaging in extortion. This scheme generated at least $88 million over approximately six years, which was ultimately directed to the North Korean government. The individuals worked for DPRK-controlled companies Yanbian Silverstar and Volasys Silverstar. Some conspirators were ordered to earn at least $10,000 per month. The North Korean government has deployed thousands of IT workers to perpetrate similar schemes. The workers used a variety of techniques to conceal their identities, including using stolen identities, paying others to attend interviews, and creating phony websites. In some instances, the conspirators extorted employers by threatening to leak stolen data. The Justice Department has taken multiple actions to disrupt this group including seizing approximately $2.26 million in total. The State Department is offering a reward of up to $5 million for information related to the scheme.

• Threat Actors Use Holiday Lures in Attacks: Security researchers have observed that threat actors are using holiday-themed lures to carry out attacks. This tactic is used to take advantage of increased online activity and decreased vigilance during the holiday season.

  

  Xmas Employee Payroll email

• Google Play Allegedly to Suspend Payments for Russian App Developers: Google Play is allegedly planning to suspend payments for Russian app developers. This action will have a significant impact on the Russian app market.

• TP-Link Faces US National Security Probe, Potential Ban: TP-Link is facing a US national security probe that may lead to a potential ban on its devices in the United States. This probe raises concerns about the security of foreign-made technology products.

⚖️ Laws, Policies and Regulations

• CISA Highlights Cyber Incident Reporting for Critical Infrastructure: CISA is emphasizing the importance of reporting cyber incidents to protect critical infrastructure, as outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022. This act is a key component in national cyber defense.

• Bank of England Consults on Operational Incident and Outsourcing Reporting: The Bank of England is consulting on new guidelines for reporting operational incidents, outsourcing, and third-party risks for financial institutions. These new guidelines will impact how financial institutions manage and report operational risks.

• ESAs Dry Run Shows Goal for Reporting Information Under Digital Operational Resilience Act: The European Supervisory Authorities (ESAs) conducted a dry run exercise that confirms the reporting of information under the Digital Operational Resilience Act. This exercise demonstrates the goal of ensuring resilience in the digital financial sector.

• Irish Data Protection Commission Fines Meta €251 Million: The Irish Data Protection Commission has fined Meta €251 million for violating data protection regulations. This penalty underscores the strict enforcement of data privacy laws in Europe.

⚖️ Cybersecurity Start Ups and VCs

• OPSWAT Acquires Data Diode Technology Leader: OPSWAT has acquired a leader in advanced data diode technology to strengthen cyber defenses for critical infrastructure. This acquisition aims to improve security for critical systems.

• SonarSource to Acquire Tidelift: SonarSource is set to acquire Tidelift, expanding its capabilities in software development security. The acquisition will enhance SonarSource's ability to improve the security of the software development process.

• Cymulate Recognized as Leader in Security and Exposure Validation: Cymulate has been recognized as a leader in security and exposure validation in G2’s Winter 2024 report. This recognition highlights the company's role in helping organizations identify and mitigate security risks.

📊 Trends, Reports, Analysis

• Amazon Paused Microsoft Office Rollout After Hacks: Amazon paused the rollout of Microsoft Office for a year following a series of hacks. This action shows the impact of security incidents on large-scale software deployments.

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our Discord Community or our LinkedIn Group.