Tsann kuen Co., Ltd, is a Taiwanese electronic product manufacturer and distributor, and operates the “Tsann Kuen 3C” electronics store. It is one of the largest electronic product distributors in Taiwan.
On July 23, Taiwan time, Tsann Kuen Group announced that one of its external servers had been attacked by hackers and had been disconnected to avoid further impact. The company made an announcement at 9:38 a.m. on the 23rd, stating that Tsann Kuen online shopping was suspended due to system maintenance. Tsann Kuen’s online shopping website has resumed operations on August 7, the service has been suspended for half a month.
Novel Malware Campaign Exploits Google Sheets for Espionage
There’s a sophisticated cyber espionage campaign utilizing google sheets as a command-and-control mechanism. Since August 5, 2024, this campaign targeted over 70 organizations across various sectors, such as finance, healthcare, and technology. The attackers posed as tax authorities from multiple countries, sending up to 20,000 emails with malicious links. The links directed users to a page that uses a deceptive windows shortcut file to execute a PowerShell script. The script ran a python program from a remote server to collect system information and download further malicious payloads.
On August 29th, a cyberattack on Seattle-Tacoma Intl Airport caused a system-wide outage impacting major and smaller carriers such as Delta Air Lines, JetBlue, and Spirit. The Port of Seattle reports that they are working to restore major services but are struggling to recover from this cyberattack. WIFI, ticketing systems, and self-service kiosks are completely out leading these airlines to use “manual bag tags and boarding passes”. In recent years, attacks on the aviation industry have become a regular occurrence with both AerCap and Kenya Airways being hit in January 2023. Shipping ports, airports, and other physical infrastructures all rely on an interconnected system making cybersecurity measures even more critical not only to ensure data and public safety but also the operational efficiency of these systems.
Data Retention Policies Must Evolve to Address Emerging Technologies and Data Growth.
The rise of new technologies like AI, IoT, and blockchain has led to a significant increase in corporate data, with a growing reliance on data analytics for data-driven decision-making. However, this data also requires large volumes of current and quality data to feed large language models (LLMs). As a result, companies must reassess their data retention and lifecycle policies to ensure compliance with global data privacy regulations.
To do this, enterprises should perform a data audit, classify data based on sensitivity and importance, and implement endpoint security measures. This will help protect corporate data and help develop remediation plans.
Next, businesses should mitigate risks from cloned data by identifying which data has been duplicated and where it has been stored. This will help prevent data theft and ensure that the organization’s data is protected from potential breaches. By implementing these steps, businesses can ensure the security and efficiency of their data and comply with global data privacy regulations.
New Voldemort Malware Using Google Sheets To Store Stolen Data
A new malware named “Voldemort” was sent to users in Europe, Asia and the US. The malware was sent through emails that claimed to be from US tax attorneys telling the recipient to change their tax filings. The malware was downloaded when users clicked on the link in the email. The backdoor created was then able to access google sheets for data extraction. The emails targeted users from aerospace, transportation, academia, insurance, finance, technology, industrial, energy, government, media, healthcare, automotive, hospitality, manufacturing, and social benefit organizations.
Fundamentals of Data Classification by Keith D. Foote on April 3, 2024
The article explores the significance and methodology of data classification, which involves arranging data into categories based on its security requirements to enhance accessibility and safeguarding. This process is essential for handling extensive volumes of data and serves various purposes, including ensuring data security, complying with regulations, and conducting efficient data analysis.
Data Classification involves categorizing data based on its sensitivity, enabling easier retrieval and protection. This process supports data security initiatives, regulatory compliance, and overall business efficiency.
Data Tagging is an integral part of classification, and it entails adding metadata to files, indicating their sensitivity and quality, which facilitates quick identification and management.
Types of Data include Public data, Private data, Internal data, Confidential data, and Restricted data.
Classification Methods include Content-based, Context-based, and User-based
Compliance Standards entail regulations like GDPR, PCI DSS, HIPAA, and CCPA mandate data classification to protect privacy and ensure proper handling of sensitive data.
Challenges of data classification include false positives and negatives due to context misunderstanding, and the high cost of implementing classification tools, especially for large datasets.
Overall, data classification enhances data management and security but poses challenges that require careful planning and suitable tools for resolution.
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data
Rocinante Trojan is a complex malware that appeared in September 2024. This Trojan, which mostly targets Brazilian and Mexican users, disguises itself as legal banking software. It steals critical financial information such as login credentials, bank account information, and personal identification numbers. In addition to its primary functionalities, Rocinante uses phishing techniques to lure users into disclosing more personal information. The malware is written in JavaScript, which allows it to carry out intricate attacks and bypass typical security measures. It can also monitor and intercept communications between users and their banks, obtaining even more sensitive information. Rocinate establishes contact with a command-and-control (C2) server to receive remote instructions, simulating touch and swipe events, and exfiltrates harvested personal information to a Telegram bot. The stolen data, which includes device information, CPF numbers, passwords, and account numbers, is formatted and shared in a chat accessible to criminals.
US agencies have issued a warning about RansomHub, a rapidly growing ransomware group formed in February with at least 210 victims across various sectors, including critical infrastructure. RansomHub exploits vulnerabilities with common hacking tools.
RansomHub leverages well-known vulnerabilities in software and systems, often using publicly available hacking tools. This approach allows them to compromise systems quickly and efficiently. The group primarily targets outdated software, unpatched systems, and weak network defenses. Like many modern ransomware groups, RansomHub employs a double extortion strategy. After encrypting the victim’s data, they threaten to release sensitive information publicly unless the ransom is paid. This puts additional pressure on victims, who risk not only losing access to their data but also facing reputational damage and legal consequences. RansomHub operates on a Ransomware-as-a-Service model, where the group recruits affiliates who carry out the actual attacks in exchange for a share of the ransom. This model has contributed to the rapid expansion of their operations, as it allows multiple actors to launch attacks simultaneously, increasing the group’s reach and impact. While monitoring network logs, defenders should keep an eye out for the usual suspects: Mimikatz for credential harvesting, and Cobalt Strike and Metasploit for moving around the network, establishing C2 infrastructure, and data exfiltration.
A South Korean hacking group has found a secret flaw in WPS Office software. They’re using this flaw to trick people into downloading harmful software onto their computers. This software can steal information from the computer. Security experts are warning people to be careful when using WPS Office and to keep their software up to date.
For this week’s article, “Why Every Business Should Prioritize Confidential Computing”, we took a look at protecting data when it’s in its most vulnerable state. Confidential Computing refers to a cloud computing technology that can isolate data within a protected central processing unit (CPU) while it is being processed. Applications process data, and to do this, they interface with a computer’s memory. Before an application can process data, it has to go through decryption in memory. Because the data is, for a moment, unencrypted, it is left exposed. It can be accessed, encryption-free, right before, during, and right after it has been processed. Confidential computing fixes this issue by using a hardware-based architecture referred to as a trusted execution environment (TEE). The article starts off with mentioning that most data leaks happen when the data is in this vulnerable state. This is important in certain industries with strict regulations such as finance, healthcare, and government. This is the first reason the article points to for using confidential computing. In essence, confidential computing guarantees adherence to these regulations such as HIPAA or the GDPR. The next reason the article points to for using confidential computing is “Securing public cloud-based infrastructure” It mentions that confidential computing’s ability to make private data invisible to cloud providers and preventing unauthorized access to the cloud provider on the host. The scalability and elasticity of cloud computing will only improve on this ability which is another key benefit. One last reason the article argues for the adoption of confidential computing is the expansion of AI. AI has the potential to make data even more vulnerable and confidential computing can mitigate this by ensuring AI models will only learn from authorized data allowing organizations to have full control over their data. All in all, as the usage of cloud environments becomes more viable, data will be put at a greater risk for breaches. Confidential computing is an additional safeguard to mitigate this risk and help organizations to continue to innovate and expand their business. https://www.darkreading.com/cyberattacks-data-breaches/why-every-business-should-prioritize-confidential-computing
All of us know which application comes in handy when we want to extract a compressed file – Its WinRAR. But did you know that the hacktivist group Head Mare have exploited WinRAR to leverage a vulnerability in WinRAR to infiltrate and encrypt systems running on Windows and Linux.
This group, active since the onset of the Russo-Ukrainian conflict, has primarily targeted organizations in Russia and Belarus. Their attacks are characterized by sophisticated techniques that focus on causing maximum disruption.
According to the Secure List report, the vulnerability exploited by Head Mare, identified as CVE-2023-38831, resides in WinRAR, a popular file archiver utility.
This flaw allows attackers to execute arbitrary code on a victim’s system through specially crafted archive files. By exploiting this vulnerability, Head Mare can more effectively deliver and conceal its malicious payloads.
Four unencrypted laptops were stolen from Advocate, a physician group based out of Chicago. This resulted in (at the time) one of the largest healthcare breaches reported to federal regulators. The information on the laptops contained the information of 4 million patients. The notable information being names, SSN, clinical diagnosis, medical records, and health insurance information. Advocate released a statement promising a reinforcement of their protocols and encryption programs, as well as adding 24/7 security personnel at their facility.
Interestingly, HIPAA Security Rule says that if other reasonable and appropriate measures are taken (and well documented), encryption is not explicitly required. Though in the Advocate situation, it is hard to assume that appropriate measures were taken. The reason data encryption is not commonplace in cases such as Advocate is often due to a lack of IT funding or a lack of skill in the IT department, or a lack of support from senior leadership. Rebecca Herold, CEO of “The Privacy Professor” consulting firm, suggest that state attorney general offices need to take a stricter stance on HIPAA compliance, as well as hold senior executives liable for their poor security practices.
The potential of AI generated image effecting information security?
The article starts off by discussing the recent Elon Musk post of an AI-generated Kamala Harris picture. This has inspired me to think about the potentials of AI-generated threats relating to identity theft and other information security scandals. AI-generated fake images pose a significant threat to information security in the realms of data integrity and trust. These fabricated visuals can be used to manipulate public perception and spread misinformation. In cybersecurity, verifying the authenticity of digital content becomes increasingly difficult, making it essential for organizations to adopt advanced detection tools. For example, biometric passwords like scanning faces and eyeballs can potential be duplicated through AI images. This is an enormous security loophole. Moreover, the malicious use of such images can exploit other security vulnerabilities, potentially leading to phishing and fraud.
This article discusses the finalization of the European Union (EU) Artificial Intelligence (AI) Act, which will take effect on August 1, 2024. The Act imposes new cybersecurity and incident reporting obligations on companies that develop or implement AI systems, particularly those considered “high-risk” or “General Purpose AI” (GPAI) models. These requirements are part of a broader effort by governments, including the United States through the National Institute of Standards and Technology (NIST), to address the increasing cyberattacks on AI systems. The article details specific types of cyberattacks identified by NIST, such as data poisoning, data abuse, privacy attacks, and evasion attacks, and how the EU AI Act aims to mitigate these risks by mandating security measures and reporting obligations. The article concludes by advising companies to strengthen their information governance, regularly test AI models, and update incident response plans to align with the new regulations. https://www.morganlewis.com/pubs/2024/07/eu-ai-act-us-nist-target-cyberattacks-on-ai-systems-guidance-and-reporting-obligations
Justin Chen says
Tsann kuen Co., Ltd, is a Taiwanese electronic product manufacturer and distributor, and operates the “Tsann Kuen 3C” electronics store. It is one of the largest electronic product distributors in Taiwan.
On July 23, Taiwan time, Tsann Kuen Group announced that one of its external servers had been attacked by hackers and had been disconnected to avoid further impact. The company made an announcement at 9:38 a.m. on the 23rd, stating that Tsann Kuen online shopping was suspended due to system maintenance. Tsann Kuen’s online shopping website has resumed operations on August 7, the service has been suspended for half a month.
Sorry everyone, these articles are written in Chinese because only Taiwan news companies wrote report on this.
1. https://www.ithome.com.tw/news/164155
2. https://udn.com/news/story/7241/8116845
Steven Lin says
Novel Malware Campaign Exploits Google Sheets for Espionage
There’s a sophisticated cyber espionage campaign utilizing google sheets as a command-and-control mechanism. Since August 5, 2024, this campaign targeted over 70 organizations across various sectors, such as finance, healthcare, and technology. The attackers posed as tax authorities from multiple countries, sending up to 20,000 emails with malicious links. The links directed users to a page that uses a deceptive windows shortcut file to execute a PowerShell script. The script ran a python program from a remote server to collect system information and download further malicious payloads.
https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html
Lily Li says
Seattle-Tacoma Intl Airport Cyberattack Triggers Handwritten Boarding Passes
On August 29th, a cyberattack on Seattle-Tacoma Intl Airport caused a system-wide outage impacting major and smaller carriers such as Delta Air Lines, JetBlue, and Spirit. The Port of Seattle reports that they are working to restore major services but are struggling to recover from this cyberattack. WIFI, ticketing systems, and self-service kiosks are completely out leading these airlines to use “manual bag tags and boarding passes”. In recent years, attacks on the aviation industry have become a regular occurrence with both AerCap and Kenya Airways being hit in January 2023. Shipping ports, airports, and other physical infrastructures all rely on an interconnected system making cybersecurity measures even more critical not only to ensure data and public safety but also the operational efficiency of these systems.
https://cybernews.com/news/seattle-tacoma-airport-cyberattack-handwritten-boarding-passes/
Daniel Akoto-Bamfo says
Data Retention Policies Must Evolve to Address Emerging Technologies and Data Growth.
The rise of new technologies like AI, IoT, and blockchain has led to a significant increase in corporate data, with a growing reliance on data analytics for data-driven decision-making. However, this data also requires large volumes of current and quality data to feed large language models (LLMs). As a result, companies must reassess their data retention and lifecycle policies to ensure compliance with global data privacy regulations.
To do this, enterprises should perform a data audit, classify data based on sensitivity and importance, and implement endpoint security measures. This will help protect corporate data and help develop remediation plans.
Next, businesses should mitigate risks from cloned data by identifying which data has been duplicated and where it has been stored. This will help prevent data theft and ensure that the organization’s data is protected from potential breaches. By implementing these steps, businesses can ensure the security and efficiency of their data and comply with global data privacy regulations.
https://www.dataversity.net/data-retention-policies-must-evolve-to-address-emerging-technologies-and-data-growth/
Sarah Maher says
New Voldemort Malware Using Google Sheets To Store Stolen Data
A new malware named “Voldemort” was sent to users in Europe, Asia and the US. The malware was sent through emails that claimed to be from US tax attorneys telling the recipient to change their tax filings. The malware was downloaded when users clicked on the link in the email. The backdoor created was then able to access google sheets for data extraction. The emails targeted users from aerospace, transportation, academia, insurance, finance, technology, industrial, energy, government, media, healthcare, automotive, hospitality, manufacturing, and social benefit organizations.
https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html
https://cybersecuritynews.com/voldemort-malware-google-sheets-data-theft/
Clement Tetteh Kpakpah says
Fundamentals of Data Classification by Keith D. Foote on April 3, 2024
The article explores the significance and methodology of data classification, which involves arranging data into categories based on its security requirements to enhance accessibility and safeguarding. This process is essential for handling extensive volumes of data and serves various purposes, including ensuring data security, complying with regulations, and conducting efficient data analysis.
Data Classification involves categorizing data based on its sensitivity, enabling easier retrieval and protection. This process supports data security initiatives, regulatory compliance, and overall business efficiency.
Data Tagging is an integral part of classification, and it entails adding metadata to files, indicating their sensitivity and quality, which facilitates quick identification and management.
Types of Data include Public data, Private data, Internal data, Confidential data, and Restricted data.
Classification Methods include Content-based, Context-based, and User-based
Compliance Standards entail regulations like GDPR, PCI DSS, HIPAA, and CCPA mandate data classification to protect privacy and ensure proper handling of sensitive data.
Challenges of data classification include false positives and negatives due to context misunderstanding, and the high cost of implementing classification tools, especially for large datasets.
Overall, data classification enhances data management and security but poses challenges that require careful planning and suitable tools for resolution.
https://www.dataversity.net/fundamentals-of-data-classification/
Sara Sawant says
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data
Rocinante Trojan is a complex malware that appeared in September 2024. This Trojan, which mostly targets Brazilian and Mexican users, disguises itself as legal banking software. It steals critical financial information such as login credentials, bank account information, and personal identification numbers. In addition to its primary functionalities, Rocinante uses phishing techniques to lure users into disclosing more personal information. The malware is written in JavaScript, which allows it to carry out intricate attacks and bypass typical security measures. It can also monitor and intercept communications between users and their banks, obtaining even more sensitive information. Rocinate establishes contact with a command-and-control (C2) server to receive remote instructions, simulating touch and swipe events, and exfiltrates harvested personal information to a Telegram bot. The stolen data, which includes device information, CPF numbers, passwords, and account numbers, is formatted and shared in a chat accessible to criminals.
https://thehackernews.com/2024/09/rocinante-trojan-poses-as-banking-apps.html
Aaroush Bhanot says
US agencies have issued a warning about RansomHub, a rapidly growing ransomware group formed in February with at least 210 victims across various sectors, including critical infrastructure. RansomHub exploits vulnerabilities with common hacking tools.
RansomHub leverages well-known vulnerabilities in software and systems, often using publicly available hacking tools. This approach allows them to compromise systems quickly and efficiently. The group primarily targets outdated software, unpatched systems, and weak network defenses. Like many modern ransomware groups, RansomHub employs a double extortion strategy. After encrypting the victim’s data, they threaten to release sensitive information publicly unless the ransom is paid. This puts additional pressure on victims, who risk not only losing access to their data but also facing reputational damage and legal consequences. RansomHub operates on a Ransomware-as-a-Service model, where the group recruits affiliates who carry out the actual attacks in exchange for a share of the ransom. This model has contributed to the rapid expansion of their operations, as it allows multiple actors to launch attacks simultaneously, increasing the group’s reach and impact. While monitoring network logs, defenders should keep an eye out for the usual suspects: Mimikatz for credential harvesting, and Cobalt Strike and Metasploit for moving around the network, establishing C2 infrastructure, and data exfiltration.
https://www.theregister.com/2024/08/30/ransomhub/?utm_source=tldrinfosec
Rohith says
A South Korean hacking group has found a secret flaw in WPS Office software. They’re using this flaw to trick people into downloading harmful software onto their computers. This software can steal information from the computer. Security experts are warning people to be careful when using WPS Office and to keep their software up to date.
https://www.securityweek.com/wps-office-zero-day-exploited-by-south-korea-linked-cyberspies/
Charles Lemon says
For this week’s article, “Why Every Business Should Prioritize Confidential Computing”, we took a look at protecting data when it’s in its most vulnerable state. Confidential Computing refers to a cloud computing technology that can isolate data within a protected central processing unit (CPU) while it is being processed. Applications process data, and to do this, they interface with a computer’s memory. Before an application can process data, it has to go through decryption in memory. Because the data is, for a moment, unencrypted, it is left exposed. It can be accessed, encryption-free, right before, during, and right after it has been processed. Confidential computing fixes this issue by using a hardware-based architecture referred to as a trusted execution environment (TEE). The article starts off with mentioning that most data leaks happen when the data is in this vulnerable state. This is important in certain industries with strict regulations such as finance, healthcare, and government. This is the first reason the article points to for using confidential computing. In essence, confidential computing guarantees adherence to these regulations such as HIPAA or the GDPR. The next reason the article points to for using confidential computing is “Securing public cloud-based infrastructure” It mentions that confidential computing’s ability to make private data invisible to cloud providers and preventing unauthorized access to the cloud provider on the host. The scalability and elasticity of cloud computing will only improve on this ability which is another key benefit. One last reason the article argues for the adoption of confidential computing is the expansion of AI. AI has the potential to make data even more vulnerable and confidential computing can mitigate this by ensuring AI models will only learn from authorized data allowing organizations to have full control over their data. All in all, as the usage of cloud environments becomes more viable, data will be put at a greater risk for breaches. Confidential computing is an additional safeguard to mitigate this risk and help organizations to continue to innovate and expand their business.
https://www.darkreading.com/cyberattacks-data-breaches/why-every-business-should-prioritize-confidential-computing
Parth Tyagi says
Hackers using WinRAR for exploitations? Well yes!
All of us know which application comes in handy when we want to extract a compressed file – Its WinRAR. But did you know that the hacktivist group Head Mare have exploited WinRAR to leverage a vulnerability in WinRAR to infiltrate and encrypt systems running on Windows and Linux.
This group, active since the onset of the Russo-Ukrainian conflict, has primarily targeted organizations in Russia and Belarus. Their attacks are characterized by sophisticated techniques that focus on causing maximum disruption.
According to the Secure List report, the vulnerability exploited by Head Mare, identified as CVE-2023-38831, resides in WinRAR, a popular file archiver utility.
This flaw allows attackers to execute arbitrary code on a victim’s system through specially crafted archive files. By exploiting this vulnerability, Head Mare can more effectively deliver and conceal its malicious payloads.
Read more about it at https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
Elias Johnston says
Four unencrypted laptops were stolen from Advocate, a physician group based out of Chicago. This resulted in (at the time) one of the largest healthcare breaches reported to federal regulators. The information on the laptops contained the information of 4 million patients. The notable information being names, SSN, clinical diagnosis, medical records, and health insurance information. Advocate released a statement promising a reinforcement of their protocols and encryption programs, as well as adding 24/7 security personnel at their facility.
Interestingly, HIPAA Security Rule says that if other reasonable and appropriate measures are taken (and well documented), encryption is not explicitly required. Though in the Advocate situation, it is hard to assume that appropriate measures were taken. The reason data encryption is not commonplace in cases such as Advocate is often due to a lack of IT funding or a lack of skill in the IT department, or a lack of support from senior leadership. Rebecca Herold, CEO of “The Privacy Professor” consulting firm, suggest that state attorney general offices need to take a stricter stance on HIPAA compliance, as well as hold senior executives liable for their poor security practices.
https://www.databreachtoday.com/advocate-medical-breach-no-encryption-a-6021
Haozhe Zhang says
The potential of AI generated image effecting information security?
The article starts off by discussing the recent Elon Musk post of an AI-generated Kamala Harris picture. This has inspired me to think about the potentials of AI-generated threats relating to identity theft and other information security scandals. AI-generated fake images pose a significant threat to information security in the realms of data integrity and trust. These fabricated visuals can be used to manipulate public perception and spread misinformation. In cybersecurity, verifying the authenticity of digital content becomes increasingly difficult, making it essential for organizations to adopt advanced detection tools. For example, biometric passwords like scanning faces and eyeballs can potential be duplicated through AI images. This is an enormous security loophole. Moreover, the malicious use of such images can exploit other security vulnerabilities, potentially leading to phishing and fraud.
https://cybernews.com/ai-news/elon-musk-kamala-harris-fake-image-artificial-intelligence/
Lili Zhang says
This article discusses the finalization of the European Union (EU) Artificial Intelligence (AI) Act, which will take effect on August 1, 2024. The Act imposes new cybersecurity and incident reporting obligations on companies that develop or implement AI systems, particularly those considered “high-risk” or “General Purpose AI” (GPAI) models. These requirements are part of a broader effort by governments, including the United States through the National Institute of Standards and Technology (NIST), to address the increasing cyberattacks on AI systems. The article details specific types of cyberattacks identified by NIST, such as data poisoning, data abuse, privacy attacks, and evasion attacks, and how the EU AI Act aims to mitigate these risks by mandating security measures and reporting obligations. The article concludes by advising companies to strengthen their information governance, regularly test AI models, and update incident response plans to align with the new regulations.
https://www.morganlewis.com/pubs/2024/07/eu-ai-act-us-nist-target-cyberattacks-on-ai-systems-guidance-and-reporting-obligations