🚨 Cybersecurity Debrief: Massive Data Breach at French ISP, LinkedIn €310 Million GDPR Fine, Hacker Returns $19 Million, Fake Crypto Job Portals on the Rise, Microsoft CEO Takes Pay Cut and more

We're excited to announce our new WhatsApp Community for cybersecurity professionals! This dedicated space is designed for networking, knowledge sharing, and mentorship among experts and enthusiasts in the field. Whether you're looking to stay updated on the latest cybersecurity trends, exchange ideas, or connect with mentors and peers, this community offers a valuable resource to grow together.

Join us to expand your professional network, gain insights, and support each other in tackling today’s cybersecurity challenges https://shorturl.at/971us

💻 Malware and Vulnerabilities

• Domain Registrars Under Scrutiny for Enabling Russian Influence Operations Senator Warner is urging domain registrars, including Namecheap and GoDaddy, to take action against Russian influence operations. Warner highlights tactics like using cryptocurrency and anonymizing infrastructure to purchase domains. He warns that Congress may consider legislation if the industry fails to address these issues.

• Fake Crypto Job Portals on the Rise Researchers have discovered a surge in fake cryptocurrency job portals designed to scam users. The campaign, active since July, involves 60 domains registered in three bulk purchases and linked to the same IP address. All domains feature distinct naming patterns and direct users to fraudulent job listings. Since October 15th, there's been a noticeable increase in traffic to these sites.

• Open-Source AI and ML Models Plagued by Vulnerabilities Researchers have discovered over three dozen vulnerabilities in open-source AI and ML models. These flaws, found in tools like ChuanhuChatGPT, Lunary, and LocalAI, could allow attackers to execute arbitrary code, steal data, and gain unauthorized access. Experts urge users to update their installations to mitigate these risks.

• Cisco Patches Actively Exploited VPN Vulnerability Cisco addressed multiple vulnerabilities in its ASA, FMC, and FTD products, including an actively exploited DoS flaw (CVE-2024-20481) impacting the Remote Access VPN service. An attacker could trigger the vulnerability by sending numerous VPN authentication requests, leading to resource exhaustion and service disruption. Cisco urges users to update their systems promptly.

📈 Breaches and Incidents

• Hacker Returns Millions to U.S. Government A U.S. government crypto wallet, previously drained of $20 million, saw most of its funds returned. Blockchain analysts linked the incident to a possible theft. The wallet, holding assets seized in the 2016 Bitfinex hack, used DeFi protocols and instant exchanges in a series of "nefarious" transfers. While $19.3 million was returned, funds sent to certain exchanges are still missing.

• Ransomware Gang Strikes Bucharest City Hall RansomHub, known for attacking Timișoara City Hall, targeted Bucharest's Sector 5 City Hall demanding a €5 million ransom. The city refused to negotiate and publicly confirmed the incident. Some commentators on social media are skeptical that a ransomware attack could significantly impact the city hall due to outdated technology and extensive paperwork processes. Others expressed concern about potential misuse of public funds under the guise of a cyberattack.

• Free S.A.S., a major French internet provider, confirmed a data breach impacting millions of customers A hacker, "drussellx", is auctioning databases containing names, phone numbers, email and postal addresses, and dates of birth. Free maintains that passwords, bank details, and communication contents remain safe, and their services are unaffected. The company is contacting authorities, regulators, and affected customers.

• University of Maribor Cyberattack: The University of Maribor, the second largest university in Slovenia, has been hit by a cyberattack. Supposedly all files are locked by ransomware including the daily backups that were supposedly on the same or a connected server and not offline or separate enough.

• HYPR Thwarts Fake IT Worker Attempt HYPR, a passwordless authentication company, recently detected and stopped a fraudulent hire attempt using their own identity verification platform, HYPR Affirm. The individual, who had passed multiple rounds of video interviews, presented discrepancies in location data, facial recognition scans, and liveness detection tests during the onboarding process. HYPR emphasizes the importance of tying credential issuance to identity verification and implementing robust security measures throughout the hiring process.

🚨 Threat Intel & Info Sharing

• Apple Offers $1 Million Bounty To Hack Private Cloud Compute Apple is challenging security researchers to find vulnerabilities in its new Private Cloud Compute (PCC) system, offering up to $1 million for successful exploits. The PCC will support Apple's upcoming AI features, processing complex data requests on Apple's own secure servers. The bug bounty program aims to ensure the robustness of PCC's security architecture and protect user privacy. Researchers can submit their findings through the Apple Security Bounty page.

• Ledger Fined for Data Protection Violations The French data protection authority (CNIL) fined Ledger €750,000 for data breaches in 2020. The breaches exposed personal data of customers and prospects, including names, email addresses, and phone numbers. The CNIL found Ledger's data retention practices and security measures inadequate, violating the GDPR. Ledger acknowledged the breaches and claims to have implemented corrective measures and improved security protocols.

• LinkedIn Fined €310 Million for GDPR Violations Ireland's Data Protection Commission (DPC) fined LinkedIn €310 million for misusing personal data for targeted advertising. The DPC found that LinkedIn did not obtain proper consent for processing user data and relied on the "legitimate interests" argument, which the regulator rejected. LinkedIn has accepted the ruling and is making changes to comply with the GDPR.

⚖️ General Cyber Updates

• Attracting Top CISO Talent: Challenges and Opportunities The cybersecurity industry faces a shortage of qualified Chief Information Security Officers (CISOs). Organizations need to educate boards on cybersecurity governance and the importance of attracting CISOs who can drive organizational change towards a security-conscious culture. To attract top talent, companies should strategically position the CISO role, frame cybersecurity as a business advantage, and foster a tech-savvy culture.

• Australia Strengthens Cybersecurity with New Bill Australia is bolstering its cybersecurity posture with the new Cyber Security Bill 2024. The legislation, the first of its kind in the country, mandates minimum cybersecurity standards for IoT devices and requires critical infrastructure organizations to report ransomware payments. The bill also reforms the Security of Critical Infrastructure Act 2018 to improve incident response.

• Delta Airlines Seeks Damages After CrowdStrike Outage Delta Air Lines has hired lawyer David Boies to pursue damages from CrowdStrike and Microsoft after an outage cost the airline an estimated $350 million to $500 million. The outage, caused by a CrowdStrike software update that crashed Microsoft systems, led to widespread flight cancellations and service failures. Delta plans to seek compensation, although no lawsuit has been filed.

• EU Boosts Cybersecurity With New Device Regulations The European Union has officially adopted the Cyber Resilience Act (CRA), which establishes cybersecurity standards for all digital devices sold in the EU. These standards aim to enhance device security throughout their lifecycle, from design to production. Products that meet these standards will bear the CE marking. The CRA will take effect in stages over the next three years.

• CISA Unveils International Strategy to Strengthen Global Cybersecurity CISA's new plan aims to bolster the security of foreign infrastructure upon which the US depends, strengthen integrated cyber defense globally, and unify the agency's international efforts. The plan acknowledges the interconnected nature of global infrastructure and the need for collaborative efforts to mitigate risks. CISA aims to identify crucial international systems and assets, working with partners to understand vulnerabilities and manage shared risks. They plan to enhance information sharing, promote secure software development practices, and strengthen international partners' capabilities.

• Microsoft CEO Takes Pay Cut After Security Overhaul Microsoft CEO Satya Nadella requested a reduction in his cash compensation following a security overhaul at the company. Nadella's pay cut reflects his accountability for Microsoft's response to cyberattacks and the need for a stronger security culture. Despite the reduction, Nadella's total compensation for fiscal year 2024 exceeded $79 million due to the company's strong market performance.

⚖️ Cybersecurity Start Ups and VCs

• Growing over 200% y/y, Safe Security Is Recognized in Fortune Magazine's Cyber 60 List of the 60 Fastest-Growing Cybersecurity Startups Globally.

• BackBox Wins Top Infosec Innovator Award for Cyber Resilience Market Leadership

• ContraForce Secures $3.25M Seed Round Led by GALLOS Technologies and DataTribe

📊 Trends, Reports, Analysis

• Kaspersky Exposes Global Telegram Spyware Campaign Kaspersky researchers discovered a campaign using Telegram to spread "DarkMe" spyware, primarily targeting individuals and businesses in the fintech and trading sectors. The attackers, potentially linked to the "DeathStalker" group, employed malicious archives containing harmful files to infect victims and steal sensitive data. This campaign highlights the importance of exercising caution even with messaging apps.

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our Discord Community or our LinkedIn Group.