AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/04/2024

Iranians Accused of Hacking US Presidential Campaigns; $10 Million Offered for Info on their Location

The Justice Department announced that three Iranian nationals and Islamic Revolutionary Guard Corps (IRGC) employees, at the same time, have been indicted for hacking accounts belonging to US officials, journalists, and individuals associated with US political campaigns. Several reports of hacks related to political campaigns have surfaced in recent months as unknown hackers breached various systems and networks, then stole information and tried to disseminate it in the mass media. All the major publications refused to publish the information, and it turns out that it was for good reason.

 

Majority of Companies will Miss Looming NIS2 Deadline as New European Union Cybersecurity Directive Goes into Effect

The European Union (EU) Network and Information Security Directive 2022/2555 (NIS2) which aims to strengthen cybersecurity, goes into effect on October 18 with administrative fines of up to EUR10 million or 2% of total annual worldwide turnover for those who fail to comply. A new survey from Censuswide, commissioned by Veeam® Software, the #1 market leader by market share in Data Resilience, revealed that only 43% of EMEA IT decision-makers believe NIS2 will significantly enhance EU cybersecurity. This is despite an overwhelming 90% of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months. Alarmingly, 44% of respondents experienced more than three cyber incidents, with 65% of those categorized as “highly critical.”

 

SOC teams falling out of love with threat detection tools

About two-thirds of security operations centre (SOC) staff feel overwhelmed by a tide of pointless cyber alerts from products made by suppliers anxious to avoid responsibility for a breach, and this is causing them to fall out of love with the tools of their trade, with almost half saying they no longer trust the ability of the products and services they use to work as they should. This is according to extended detection and response (XDR) specialist Vectra AI, which has released its 2024 state of threat detection report The defenders’ dilemma, claiming that security professionals feel they are losing the battle to unearth real threats due to too many siloed tools and a lack of clear and accurate signals.

 

Telegram revealed it shared U.S. user data with law enforcement

Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. The social media platform “potentially revealed” that it has shared the IP addresses or phone numbers of over 100 users with law enforcement. In the past, Telegram claimed that it has never supported law enforcement investigations, however recently it has updated its policy on data sharing with authorities. At the end of September, Telegram updated its privacy policy informing users that it will share users’ phone numbers and IP addresses with law enforcement in response to valid legal requests. The company CEO Pavel Durov announced the policy update. Telegram will comply with requests from law enforcement if the user under investigation is found to be violating the platform’s rules.

 

NIST’s security flaw database still backlogged with 17K+ unprocessed bugs

NIST has made some progress clearing its backlog of security vulnerability reports to process – though it’s not quite on target as hoped. The US government standards body just blew its self-imposed September 30 deadline to bring the speed at which its National Vulnerability Database (NVD) processes new flaws up to its pre-February rate, following a decline in output this year. Patrick Garrity of infosec intelligence outfit VulnCheck, pored over the CVE-labeled bugs successfully analyzed by the NVD between February 12 and September 21, and reported “mixed” results.

 

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.

 

Sellafield, UK’s largest nuclear site, fined £330,000 for cybersecurity failings

The company managing the Sellafield nuclear site in the United Kingdom has been fined £332,500 ($435,400) in a landmark prosecution after pleading guilty to three criminal charges over cybersecurity failings. Earlier this year, Britain’s nuclear safety regulator announced it was bringing charges against the company operating the facility over “alleged information technology security offenses during a four year period between 2019 and early 2023.” The company operating the site, which is owned by the British state, pleaded guilty in June to the three charges of cybersecurity failings, although its legal representative denied in court claims that the facility had been hacked.

 

Related Posts