Full width home advertisement

Post Page Advertisement [Top]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Alexandra Landegger, Executive Director and CISO Collins Aerospace .

To get involved you can watch live and participate in the discussion on YouTube Live
https://youtube.com/live/mbjN_CtZ56c or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover, time permitting:

Microsoft says Russian hackers breached its systems, accessed source code
The breach is a result of a January cyberattack by the hacking group Midnight Blizzard (aka NOBELIUM), in which corporate email servers were penetrated through a password spraying attack. On Friday, Microsoft posted a blog that stated they have seen evidence that Midnight Blizzard is using the exfiltrated information to access some of the company’s source code repositories and internal systems. They add, “to date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.” According to Bleeping Computer, “while Microsoft has not explained precisely what may have been accessed, they are likely authentication tokens, API keys, or credentials.
(Bleeping Computer and Microsoft)

JetBrains fires back at Rapid7 over vuln disclosures
Cybersecurity firm Rapid7 recently criticized JetBrains, the company behind the popular TeamCity CI/DC platform, over allegations of silent patching. JetBrains fired back in a blog post this week accusing Rapid7 of being “entirely unethical and harmful” to its customers. JetBrains said Rapid7 released enough information about two TeamCity vulns for low-skilled attackers to exploit them in ransomware attacks just hours after patches went live. JetBrains say they support timely vuln disclosure but only provide enough details for customers to take appropriate actions. OWASP weighed in acknowledging the merits of both sides but noted that it would be “sensible” for details about serious vulnerabilities to have a publication delay to limit potential harm. Seeing this kind of public war of words is a rarity in the infosec community which typically abides by agreed-upon norms.
(The Register)

Change Healthcare: AHA asks for aid, HHS questions HIPAA compliance
Further fallout from the Change Healthcare cyberattack came in three forms this week. First, a survey conducted by the American Hospital Association revealed that 74% of the 1,000 responding hospitals reported “direct patient care impact” from the attack, 94% stating that the attack was impacting them financially, with half of that 94% describing the damage as “significant or serious.” These findings were then presented to the leadership of the Senate Finance Committee. This led to a request that “Congress should consider any statutory limitations that exist for an adequate response from the Centers for Medicare & Medicaid Services and Department of Health and Human Services to help hospitals and other providers minimize further fallout.” This was in comparison to Covid-19, which, as a Public Health Emergency and National Emergency, did not have statutory limitations. The letter, which was sent ahead of a Senate Finance Committee hearing on the HHS fiscal year 2025 budget proposal, was held yesterday, Thursday.In addition, the Department of Health and Human Services Office for Civil Rights seeks to investigate whether a breach of protected health information occurred through Change Healthcare or UnitedHealth whether this violated compliance with the HIPAA regulations.
(American Hospital Association and American Hospital Association)

Microsoft Copilot for Security approaches general availability
Cybersecurity is quickly emerging as a major use case for new LLM-based tools. As an early leader in the AI chatbot space, it’s not surprising to see it pushing into this vertical. It will release its new Copilot for Security on April 1st, with consumption-based pricing using “security compute units.” Microsoft framed the new service as a way to increase current analyst productivity, as well as a way to upskill junior workers. Microsoft uses its Copilot branding for chatbots across its properties, including Windows 11 and GitHub.
(TechRadar)

Over 225,000 compromised ChatGPT credentials for sale
According to security firm Group-IB, these logs, almost a quarter million of them, contain compromised ChatGPT credentials that were found inside information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware. They were placed up for sale between January and October 2023. Writing in its Hi-Tech Crime Trends 2023/2024 report, published last week, the company correlates the sharp increase in the number of ChatGPT credentials for sale with the overall rise in the number of hosts infected with information stealers.”
(The Hacker News)

French government agencies targeted in “unprecedented” attacks
The French Prime Minister’s office disclosed that multiple French government agencies were subjected to “intense” cyberattacks, with characteristics suggesting they were distributed-denial-of-service (DDoS) attacks. These attacks, described with “unprecedented intensity,” aimed to overload servers with excessive requests, hindering access to network resources without stealing information. The French government has not attributed the event to any group, although similar incidents have historically been linked to groups supporting Russia’s actions in Ukraine, some possibly with external backing. In response, the French government activated a crisis cell to implement countermeasures, successfully mitigating the impact and restoring access to most state websites.
(Th Record)

Researchers find vulnerabilities in Gemini
In a blog post, Google announced it began to “roll out restrictions on the types of election-related queries for which Gemini will return responses” in India, ahead of its general elections. However research from Kenneth Yeung at Hidden Layer makes these measures’ effectiveness an open question. Their new report details three content manipulation vulnerabilities in Gemini, Google’s latest LLM family. These allow for leaking a system prompt, using variations of uncommon tokens to get the model to leak previous responses, and getting around content restrictions by framing a request as an act of fiction. This last vulnerability allowed the researchers to get the high-end Gemini Ultra model to write a short story giving detailed technical instructions on how to hotwire a Honda Civic.
(Google India Blog, HiddenLayer)

ChatGPT plugin vulnerabilities could lead to account takeover
According to researchers at Salt Security, at least three types of ChatGPT plugins can lead to data exposure and account takeovers. ChatGPT plugins are extensions that tailor the technology with additional features, such as search capabilities, text analysis tools, and interaction with services such as GitHub, Google Drive, and SalesForce. These connections, along with the agreement that users click on to install the plugins are naturally, the key entry points for the vulnerabilities.
(Security Affairs) submitted by /u/CISO_Series_Producer
[link] [comments]


http://dlvr.it/T47FSf

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib