I was expecting to keep up with technology being in this program and working in the tech field, but this article goes to show how much you really do need to stay up to date. The California Privacy Protection Agency (CPPA) has drafted two new sets of draft regulations addressing a range of data protection issues. The two foundations responsible for moving this forward are the draft cybersecurity audit regulations and draft risk assessment regulations. This discussion will be brought up in the September 8th meeting. These proposed regulations are” proposed definition of AI that differentiates the technology from automated decision-making and transparency obligations for companies that train AI to be used by consumers or other businesses.
The Draft Cybersecurity Audit regulations also have a high level of modification and actions to other CCPA regulations. Some of those regulations are: Propose new definitions for AI and AI decision making technologies, identify specific processing activities that present a significant risk of harm to customers, and request a risk assessment. Some of those activities include selling or sharing personal info, processing personal information of consumers in publicly accessible places, proposing standards for stakeholders etc.
As you can see it is important to stay up to date on both sides of the AUDIT and Cyber worlds. It also makes me think who in the program could possibly be on one of these boards one day.
The following synopsis of the article shows how ever-changing challenges and technology show how important identifying and continuing to review your Risk Management Framework is crucial in helping to address risk. A new technology and an industry where it is continuing to be attacked from a cyber security standpoint by going after PII and PHI data.
At least four class action lawsuits seeking monetary damages for failure to safeguard protected health information (PHI) and personally identifiable information (PII) were filed against HCA before the week was out.
This isn’t an isolated incident. The healthcare sector is a preferred target of attack. Cyberextortion repeatedly disrupts care delivery.
The first step to recovery is admitting you have a problem, and the healthcare sector must confront its persistent cybersecurity weakness.
Healthcare has developed a similar recklessness in handling protected data and critical information technology. Why does it keep leaving its proverbial keys in the ignition?
The healthcare industry is uniquely saddled with a lot of highly sensitive information flowing through a combination of hard-to-replace legacy infrastructure and incredibly fast-evolving digital technology that cannot be easily integrated.
Consider the SEC’s new rules on cybersecurity risk management, strategy, governance and incident disclosure, which stipulate:
• Board oversight of cybersecurity threats and risks, fast reporting and an obligation to explain how cybersecurity incidents impacted or will impact the company.
• Disclosure of cybersecurity risk processes and details on the cybersecurity expertise of management.
• Reports on all third-party vendor system and cloud infrastructure cybersecurity incidents explaining the impact on the company.
My previous employer used a 3rd party company to handle global logistics and when they were hacked, they were down for 2 weeks. This was never disclosed in any of the risk profiles security had established. We had no contingency plans and lost millions due to product not being able to ship.
The California Privacy Protection Agency (CPPA) has introduced Draft Regulations on Risk Assessment and Cybersecurity Audit. These regulations impose substantial compliance obligations on businesses and provide new definitions for “artificial intelligence” and “automated decision-making technology.” They require businesses to perform risk assessments for specific processing activities and to submit them to CPPA or the California Attorney General. Additionally, businesses processing personal information with substantial privacy or security risks must conduct yearly cybersecurity audits, following detailed requirements. These regulations have significant changes in how businesses handle privacy and security risks in California. The drafts modify existing CCPA regulations are below:
Draft Cybersecurity Audit Regulations:
– Mandate annual cybersecurity audits for businesses posing significant security risks to consumers.
– Propose standards for “significant risk” determination.
– Specify cybersecurity audit scope and requirements.
– Introduce new data protection agreement terms for service providers.
Draft Risk Assessment Regulations:
– Define “Artificial Intelligence” and “Automated Decision-making” technologies separately.
– Identify specific processing activities requiring risk assessments.
– Propose stakeholder involvement standards.
– Outline disclosure requirements for businesses using automated decision-making technologies
Article: North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Summary:
North Korean threat actors have been targeting the cybersecurity community using a zero-day software vulnerability, as revealed by Google’s Threat Analysis Group (TAG). They create fake social media accounts to gain victims’ trust, then send malicious files via encrypted messaging apps, exploiting the software vulnerability. These attackers have a history of using collaboration-themed tactics and have even released proof-of-concept exploit code for Windows Kernel vulnerabilities.
In addition to these activities, the attackers have hosted a tool named “GetSymbol” on GitHub, enabling the download and execution of arbitrary code from a command-and-control domain. These North Korean threat actors have also been involved in phishing campaigns, intelligence collection efforts, and cryptocurrency theft, with recent links to a $41 million theft in cryptocurrency.
Link: https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html
The Australian bookselling chain Dymocks has reportedly been breached by a dark web info and asset collection scheme. According to the chain. 1.2 million unique customer records were leaked. These records include sensitive customer data including dates of birth, addresses, and other vital information. The retailer has alerted customers and requested that they stay alert for any possible suspicious account activity going forward. This breach could theoretically put a vast amount of critical info at risk and could allow attackers or thieves to use customer data to create false accounts, apply for various loans or baking processes or otherwise exploit users. The chain has not yet fully evaluated the breach or released further info on the exact nature and method used. This article is just another example of how dynamic and changing threats to IT security require an adaptive and responsive prevention and response plan in the event of possible breaches
Link: https://www.itnews.com.au/news/dymocks-discloses-breach-after-dark-web-data-leak-600042
Two Zero-Day vulnerabilities affecting Apple devices (macOS, iOS, and iPadOS) have been discovered. These vulnerabilities allow for arbitrary code execution and involve a buffer overflow, and they are actively being exploited by threat actors. Apple has promptly responded by releasing security patches to address these vulnerabilities, which primarily affect the ImageIO and Wallet services.
Reports suggest that the NSO Group’s Pegasus mercenary spyware, along with a maliciously crafted image in PassKit, has been used in these exploits. The exploit chain has been named BLASTPASS by Citizen Lab. Enabling Lockdown Mode can block this attack, according to Apple.
Citizen Lab highlights the importance of collective cybersecurity in safeguarding users, companies, and governments worldwide. The affected versions include macOS Ventura 13.5.2, iOS 16.6.1, and iPadOS 16.6.1, and the severity of the vulnerabilities is still under assessment. Apple has released updates to fix these issues, including macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 for Apple Watch. The severity of the vulnerability in watchOS is also awaiting confirmation.
As a result of weak passwords securing Microsoft SQL databases, threat actors are targeting users to deliver Cobalt Strike, a penetration tool, and the FreeWorld ransomware. The FreeWorld ransomware is a variant of Mimic ransomware which, as it implies, encrypts accessed data demanding ransoms for decryption. On the other hand, Cobalt Strike is an advanced penetration tool with a range of features that could be categorized as candy for threat actors. These features include social engineering and exploit tools, port scanners, vulnerability scanners, password-cracking tools, C2 framework allowing attackers to remote control and monitor activities, and a reporting and analysis system that generates reports on activities analyzing accessor findings. The utilization of Cobalt Strike to execute ransomware is not altogether new, however, the exploitation of a poorly secured Microsoft SQL server is somewhat of a new tactic. At the end of August, the AhnLab Security Emergency Response Center reported a new wave of cyber attacks on these compromised servers through proxyjacking which allow an attacker to rent out the host monetizing from unused bandwidth. According to this same source, publicly accessible MS SQL servers with simple passwords are one of the main attack points when targeting Windows systems.
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices.
According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.
The activity has been codenamed Evil Telegram by the Russian cybersecurity company.
MGM Resorts has likely fallen victim to a cyber attack for the second time in 4 calendar years. In response, the company has shut down certain systems to try to less the impact and hopefully prevent the loss of additional data and save their information systems from further damage.
The chain continues to operate with certain limitations in place. Onsite ATMs and slot machines are currently offline in the casino, and hotel reservations are being accepted exclusively via telephone. It’s evident that this potential security breach, which could lead to the loss of customer information and trust, coupled with the unavailability of some casino amenities, and the inconvenience of having to call for reservations (likely resulting in wait times on hold), is significantly affecting the revenue stream.
Mozilla has released security updates in order to address a critical zero-day vulnerability (CVE-2023-4863) after Google released an updated for its issue in chrome browser. Prior to the update, Firefox has always been exploited by allowing arbitrary code execution when processing a specially crafted image. The flaw of Mozilla could allow attackers to write a memory with a crafted HTML page.
TEMU is an online shopping application which advertises highly through TikTok’s and Reels. They are known for quirky/unique products ranging from clothes, home goods, kitchen etc (Similar to Alibaba/Shein). Recently, multiple people have reported that their payment information was stolen after it was used on TEMU for shopping. After initial investigations, it was found that the company had a sister app which had been breached.
Erskine Payton
In the News Article- Unit 3
MIS 5206
Temple University
British Officials say AI Chatbots Could Carry Cyber Risks
This article speaks to the potential danger of AI chatbot integration into business applications. According to research help desk and support centers are being conned into granting access to cyber criminals with relative ease. I instantly think of the recent ransomware attack on MGM Las Vegas and how it took only ten minutes for hackers to bring operations to a halt. Although AI was not involved in this attack, but I feel this needs to be mentioned as it presents a real security risk. The concern that our friends across the pond cite is research that AI technology can be tricked into performing “hurtful task”.
They also mention that experts do not fully understand the risk in introducing artificial intelligence that can generate human-sounding interactions. Britain’s National Cyber Security Centre (NCSC) detailed the risk carried with researchers were able to corrupt chatbots via commands that bypass built-in guardrails. Large Language models, or LLM chat bots perfectly mimicking a human voice is already a game changer but like any technology it is susceptible to hacking unfortunately.
This has the makings of another battle between business units, whose priority is the bottom line and technology whose priority is on keeping the environment safe and in compliance. LLMs have saved companies millions in replacing a human with an automated voice so it can be difficult to sell folks on the security threat. If history teaches us is that these major intrusions began as a mundane request. AI has been around for some time but is starting to pick up steam with the popularity with tool like ChatGPT, Apple’s Siri, Amazon’s Alexa, and other tools that we ask to think for us. I find myself always asking Siri how to get somewhere or how to do something and I get what I need relatively quick. To think that someone could hack my friend Siri is unsettling.
Jeff Sullivan
MIS 5206
In the news Week 2
Temple University
CPPA publishes new draft regulations addressing AI, risk assessments, cyber audits | Consumer Finance Monitor
I was expecting to keep up with technology being in this program and working in the tech field, but this article goes to show how much you really do need to stay up to date. The California Privacy Protection Agency (CPPA) has drafted two new sets of draft regulations addressing a range of data protection issues. The two foundations responsible for moving this forward are the draft cybersecurity audit regulations and draft risk assessment regulations. This discussion will be brought up in the September 8th meeting. These proposed regulations are” proposed definition of AI that differentiates the technology from automated decision-making and transparency obligations for companies that train AI to be used by consumers or other businesses.
The Draft Cybersecurity Audit regulations also have a high level of modification and actions to other CCPA regulations. Some of those regulations are: Propose new definitions for AI and AI decision making technologies, identify specific processing activities that present a significant risk of harm to customers, and request a risk assessment. Some of those activities include selling or sharing personal info, processing personal information of consumers in publicly accessible places, proposing standards for stakeholders etc.
As you can see it is important to stay up to date on both sides of the AUDIT and Cyber worlds. It also makes me think who in the program could possibly be on one of these boards one day.
https://www.consumerfinancemonitor.com/2023/09/07/cppa-publishes-new-draft-regulations-addressing-ai-risk-assessments-cyber-audits/
website is listed in original article at top but didn’t hyperlink per the website.
The following synopsis of the article shows how ever-changing challenges and technology show how important identifying and continuing to review your Risk Management Framework is crucial in helping to address risk. A new technology and an industry where it is continuing to be attacked from a cyber security standpoint by going after PII and PHI data.
At least four class action lawsuits seeking monetary damages for failure to safeguard protected health information (PHI) and personally identifiable information (PII) were filed against HCA before the week was out.
This isn’t an isolated incident. The healthcare sector is a preferred target of attack. Cyberextortion repeatedly disrupts care delivery.
The first step to recovery is admitting you have a problem, and the healthcare sector must confront its persistent cybersecurity weakness.
Healthcare has developed a similar recklessness in handling protected data and critical information technology. Why does it keep leaving its proverbial keys in the ignition?
The healthcare industry is uniquely saddled with a lot of highly sensitive information flowing through a combination of hard-to-replace legacy infrastructure and incredibly fast-evolving digital technology that cannot be easily integrated.
Consider the SEC’s new rules on cybersecurity risk management, strategy, governance and incident disclosure, which stipulate:
• Board oversight of cybersecurity threats and risks, fast reporting and an obligation to explain how cybersecurity incidents impacted or will impact the company.
• Disclosure of cybersecurity risk processes and details on the cybersecurity expertise of management.
• Reports on all third-party vendor system and cloud infrastructure cybersecurity incidents explaining the impact on the company.
https://www.forbes.com/sites/forbestechcouncil/2023/09/08/confronting-the-chronic-healthcare-cybersecurity-crisis/?sh=23a1d6c478e4
My previous employer used a 3rd party company to handle global logistics and when they were hacked, they were down for 2 weeks. This was never disclosed in any of the risk profiles security had established. We had no contingency plans and lost millions due to product not being able to ship.
https://www.itprotoday.com/compliance-and-risk-management/how-third-party-risks-increase-data-breach-vulnerabilities
3rd party relationships should never fall out of scope when creating a companywide risk profile.
https://www.bakerlaw.com/insights/california-unveils-new-draft-requirements-for-privacy-risk-assessments-cybersecurity-audits-and-ai/
The California Privacy Protection Agency (CPPA) has introduced Draft Regulations on Risk Assessment and Cybersecurity Audit. These regulations impose substantial compliance obligations on businesses and provide new definitions for “artificial intelligence” and “automated decision-making technology.” They require businesses to perform risk assessments for specific processing activities and to submit them to CPPA or the California Attorney General. Additionally, businesses processing personal information with substantial privacy or security risks must conduct yearly cybersecurity audits, following detailed requirements. These regulations have significant changes in how businesses handle privacy and security risks in California. The drafts modify existing CCPA regulations are below:
Draft Cybersecurity Audit Regulations:
– Mandate annual cybersecurity audits for businesses posing significant security risks to consumers.
– Propose standards for “significant risk” determination.
– Specify cybersecurity audit scope and requirements.
– Introduce new data protection agreement terms for service providers.
Draft Risk Assessment Regulations:
– Define “Artificial Intelligence” and “Automated Decision-making” technologies separately.
– Identify specific processing activities requiring risk assessments.
– Propose stakeholder involvement standards.
– Outline disclosure requirements for businesses using automated decision-making technologies
Article: North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Summary:
North Korean threat actors have been targeting the cybersecurity community using a zero-day software vulnerability, as revealed by Google’s Threat Analysis Group (TAG). They create fake social media accounts to gain victims’ trust, then send malicious files via encrypted messaging apps, exploiting the software vulnerability. These attackers have a history of using collaboration-themed tactics and have even released proof-of-concept exploit code for Windows Kernel vulnerabilities.
In addition to these activities, the attackers have hosted a tool named “GetSymbol” on GitHub, enabling the download and execution of arbitrary code from a command-and-control domain. These North Korean threat actors have also been involved in phishing campaigns, intelligence collection efforts, and cryptocurrency theft, with recent links to a $41 million theft in cryptocurrency.
Link: https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html
The Australian bookselling chain Dymocks has reportedly been breached by a dark web info and asset collection scheme. According to the chain. 1.2 million unique customer records were leaked. These records include sensitive customer data including dates of birth, addresses, and other vital information. The retailer has alerted customers and requested that they stay alert for any possible suspicious account activity going forward. This breach could theoretically put a vast amount of critical info at risk and could allow attackers or thieves to use customer data to create false accounts, apply for various loans or baking processes or otherwise exploit users. The chain has not yet fully evaluated the breach or released further info on the exact nature and method used. This article is just another example of how dynamic and changing threats to IT security require an adaptive and responsive prevention and response plan in the event of possible breaches
Link: https://www.itnews.com.au/news/dymocks-discloses-breach-after-dark-web-data-leak-600042
Two Zero-Day vulnerabilities affecting Apple devices (macOS, iOS, and iPadOS) have been discovered. These vulnerabilities allow for arbitrary code execution and involve a buffer overflow, and they are actively being exploited by threat actors. Apple has promptly responded by releasing security patches to address these vulnerabilities, which primarily affect the ImageIO and Wallet services.
Reports suggest that the NSO Group’s Pegasus mercenary spyware, along with a maliciously crafted image in PassKit, has been used in these exploits. The exploit chain has been named BLASTPASS by Citizen Lab. Enabling Lockdown Mode can block this attack, according to Apple.
Citizen Lab highlights the importance of collective cybersecurity in safeguarding users, companies, and governments worldwide. The affected versions include macOS Ventura 13.5.2, iOS 16.6.1, and iPadOS 16.6.1, and the severity of the vulnerabilities is still under assessment. Apple has released updates to fix these issues, including macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 for Apple Watch. The severity of the vulnerability in watchOS is also awaiting confirmation.
Link Address – https://gbhackers.com/apple-discloses-2-zero-day-flaws/
Threat Actors Continue to Attack Windows OS
As a result of weak passwords securing Microsoft SQL databases, threat actors are targeting users to deliver Cobalt Strike, a penetration tool, and the FreeWorld ransomware. The FreeWorld ransomware is a variant of Mimic ransomware which, as it implies, encrypts accessed data demanding ransoms for decryption. On the other hand, Cobalt Strike is an advanced penetration tool with a range of features that could be categorized as candy for threat actors. These features include social engineering and exploit tools, port scanners, vulnerability scanners, password-cracking tools, C2 framework allowing attackers to remote control and monitor activities, and a reporting and analysis system that generates reports on activities analyzing accessor findings. The utilization of Cobalt Strike to execute ransomware is not altogether new, however, the exploitation of a poorly secured Microsoft SQL server is somewhat of a new tactic. At the end of August, the AhnLab Security Emergency Response Center reported a new wave of cyber attacks on these compromised servers through proxyjacking which allow an attacker to rent out the host monetizing from unused bandwidth. According to this same source, publicly accessible MS SQL servers with simple passwords are one of the main attack points when targeting Windows systems.
Main article link: Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware (thehackernews.com) – https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html
Sub article link: Analysis of MS-SQL Server Proxyjacking Cases – ASEC BLOG (ahnlab.com) – https://asec.ahnlab.com/en/56350/
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices.
According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.
The activity has been codenamed Evil Telegram by the Russian cybersecurity company.
https://thehackernews.com/2023/09/millions-infected-by-spyware-hidden-in.html
MGM Resorts has likely fallen victim to a cyber attack for the second time in 4 calendar years. In response, the company has shut down certain systems to try to less the impact and hopefully prevent the loss of additional data and save their information systems from further damage.
The chain continues to operate with certain limitations in place. Onsite ATMs and slot machines are currently offline in the casino, and hotel reservations are being accepted exclusively via telephone. It’s evident that this potential security breach, which could lead to the loss of customer information and trust, coupled with the unavailability of some casino amenities, and the inconvenience of having to call for reservations (likely resulting in wait times on hold), is significantly affecting the revenue stream.
https://www.nytimes.com/2023/09/11/us/cyberattack-mgm-hotel-las-vegas.html
Mozilla has released security updates in order to address a critical zero-day vulnerability (CVE-2023-4863) after Google released an updated for its issue in chrome browser. Prior to the update, Firefox has always been exploited by allowing arbitrary code execution when processing a specially crafted image. The flaw of Mozilla could allow attackers to write a memory with a crafted HTML page.
https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html
TEMU is an online shopping application which advertises highly through TikTok’s and Reels. They are known for quirky/unique products ranging from clothes, home goods, kitchen etc (Similar to Alibaba/Shein). Recently, multiple people have reported that their payment information was stolen after it was used on TEMU for shopping. After initial investigations, it was found that the company had a sister app which had been breached.
https://www.cnbc.com/2023/05/17/temu-accused-of-data-risks-amid-tiktok-pinduoduo-fears.html
Erskine Payton
In the News Article- Unit 3
MIS 5206
Temple University
British Officials say AI Chatbots Could Carry Cyber Risks
This article speaks to the potential danger of AI chatbot integration into business applications. According to research help desk and support centers are being conned into granting access to cyber criminals with relative ease. I instantly think of the recent ransomware attack on MGM Las Vegas and how it took only ten minutes for hackers to bring operations to a halt. Although AI was not involved in this attack, but I feel this needs to be mentioned as it presents a real security risk. The concern that our friends across the pond cite is research that AI technology can be tricked into performing “hurtful task”.
They also mention that experts do not fully understand the risk in introducing artificial intelligence that can generate human-sounding interactions. Britain’s National Cyber Security Centre (NCSC) detailed the risk carried with researchers were able to corrupt chatbots via commands that bypass built-in guardrails. Large Language models, or LLM chat bots perfectly mimicking a human voice is already a game changer but like any technology it is susceptible to hacking unfortunately.
This has the makings of another battle between business units, whose priority is the bottom line and technology whose priority is on keeping the environment safe and in compliance. LLMs have saved companies millions in replacing a human with an automated voice so it can be difficult to sell folks on the security threat. If history teaches us is that these major intrusions began as a mundane request. AI has been around for some time but is starting to pick up steam with the popularity with tool like ChatGPT, Apple’s Siri, Amazon’s Alexa, and other tools that we ask to think for us. I find myself always asking Siri how to get somewhere or how to do something and I get what I need relatively quick. To think that someone could hack my friend Siri is unsettling.
https://www.reuters.com/technology/british-officials-say-ai-chatbots-could-carry-cyber-risks-2023-08-29/