Link: https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html
For the first time in recent history a South Korean national was arrested in Russia on cyber espionage charges and was moved to Moscow for further investigation. Baek Won-soon is accused of handing over classified information to an unnamed foreign intelligence agencies. This come days after the U.S. arrested former Google engineer for espionage. Baek is currently in the same detention center as the journalist Evan Gershkovich who was arrested earlier last year on espionage and is still detained there to this day awaiting charges. This arrest is concerning as Russia and North Korean geopolitical ties seem to be growing.
Article: Microsoft expands availability of its AI-powered cybersecurity assistant
This article covers how Microsoft is incorporating AI into their cybersecurity services to create a more thorough and reliable system. I found this article interesting because it covers a topic that I’m interested as an IT specialist, AI.. While a lot of ink has been spilled with fears over AI, I think it’s easy to forget the often positive or useful things that AI can provide us. AI is useful in a cybersecurity field for automating many functions, saving time for auditors or security specialists, and allowing a more creative hands-off approach will certainly change the way that we look at cyber security and architecture in the future of our industry
The House overwhelmingly passed a bill on Wednesday that would give TikTok’s Chinese owner ByteDance about six months to divest the US assets of the short-video app, or face a ban, in the greatest threat to the app since the Trump administration.
To be fair, TikTok has already been in Congress’s crosshairs – but this time, the ultimatum sounds serious.
Topic: What Companies & CISOs Should Know About Rising Legal Threats
In recent times, the cybersecurity community has faced heightened litigation risks, evidenced by cases such as Tesla suing ex-employees for breaches, the FTC charging Uber’s former CISO, and the SEC charging SolarWinds and its CISO. Even private companies face liabilities as regulatory bodies mandate cybersecurity accountability. The SEC’s jurisdiction extends to both public and private entities. Consequently, many cybersecurity leaders are wary of CISO roles, leading to turnover and dissolution of such roles in some companies like Uber. However, this trend raises concerns about the future of the profession.
To address these challenges, there’s a call for sufficient cybersecurity budgets, with CEOs and boards taking responsibility. Risk-based audits beyond compliance requirements are advocated for, along with a reevaluation of penetration testing and bug bounty programs. Moreover, there’s criticism of government enforcement on non-officers and a plea for clearer rules to protect security officers from personal prosecution. Overall, the community seeks a balanced approach to enforcement and support to foster progress and sustainability in cybersecurity.
MarineMax, the self-proclaimed world’s largest recreational boat and yacht service company filed documents with the SEC of the breach. The attackers gain access to parts of the information network. Once it was discovered MarineMax implemented its incident response plan and was able to contain the incident. Although the incident did not have a major impact on operations, they brought people in to assist with the investigation.
In the News
I did not know that solar was reliant on satellites and is one of the most overlooked aspects of the crucial need for cybersecurity for solar. As the technology grows along with demand, the United States Department of Energy is making it a priority to find a solution with cybersecurity. The majority of the solar converters are all web based along with the interconnectedness of the solar that always needs to be online, making this technology very vulnerable to cyberthreats. The article highlights how different parts of the solar technology systems have many vulnerabilities. A lot of the supervisor controls and data systems, computer networks equipment and supervision needed for such equipment have shown that solar has numerous physical and cyber vulnerabilities. The US Cybersecurity and Infrastructure Security Agency are warning that these systems are vulnerable to a critical vulnerability that allows for attacks.
Why Cybersecurity for Solar Is Crucial — And Difficult | HackerNoon
The Cyber Sentinel Skills Challenge is your chance to showcase your skills, win your share of $15,000 in cash prizes, and kickstart a career with the US Department of Defense.
ABOUT THE COMPETITION
The Mission: This DoD-sponsored competition is designed to identify individuals interested in pursuing a cybersecurity career with the DoD. Our mission is to find experienced and emerging cybersecurity job-seekers looking to advance their careers while safeguarding our nation’s critical, digital infrastructure.
The Challenge: Participants will be given a series of real-world challenges that represent the skillsets most in demand by the DoD. These challenges are designed to measure your understanding of tasks and test your technical, analytical, and strategic abilities in the following skills categories: Forensics, Malware/ Reverse Engineering, Networking & Reconnaissance, Open-Source Intelligence Gathering (OSINT), and Web Security.
The Reward: Winners of the competition will not only get the unique opportunity to learn more about jobs with DoD but also a share of the $15,000 cash prize pool.
Who Can Participate: Applicants must be US citizens (native or naturalized) and over the age of 18 to qualify. Individuals from all levels of cybersecurity experience, whether you are seasoned cybersecurity professionals or just starting in the field, with a genuine interest in a career at the DoD, are welcome to apply.
DoD Cyber Sentinel Challenge | Correlation One (correlation-one.com)
While the necessity of strong passwords and safe password management is well understood in many organizations, a considerable number of enterprises continue to store passwords in plaintext on files that are not password secured. Many organizations struggle with password and identity management. One major issue with password management is the quantity of passwords required in the office. Although SSO solutions address this issue, 45% of firms have deployed password management systems, allowing employees to reuse or use identical passwords.
NIST SP 800-123 covers an essential aspect of server security, known as server hardening. It involves creating a system security plan, updating the operating system regularly, and appropriately configuring resource controls. By implementing server hardening practices, vulnerabilities can be reduced, and servers become more resilient against attacks. These practices include password policies, authentication mechanisms, and the proper management of services and applications. Hardening practices enhance security and help maintain system performance and reliability by reducing unnecessary load and potential points of failure.
https://www.sdxcentral.com/articles/news/nvidia-supercharges-cybersecurity-with-ai-at-gtc-2024/2024/03/
Not a specific article on a breach, but more-so new moves being made in the industry to push advancements in cybersecurity. This article talks about how multiple cybersecurity companies said they will partner with Nvidia to use AI to enhance abilities for cybersecurity. Making the partnership with Nvidia was a good decision considering Nvidia is already involved in the AI market. To give an example of one of the partnerships, Check Point Software Technologies and Nvidia have a main objective of improving security of AI for cloud infrastructure.
“APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage”
The “State of API Security in 2024 Report” by Imperva underscores the critical role of Application Programming Interfaces (APIs) in digital modernization, noting that they accounted for 71% of internet traffic in 2023. Despite their significance, the rapid push to production often leaves APIs vulnerable, with the typical enterprise site handling around 1.5 billion calls annually and an average of 613 endpoints in use. This situation poses a substantial risk, as evidenced by the $75 billion annual cost to businesses from API-related security incidents. The report highlights the finance and online retail sectors as particularly susceptible to attacks, such as account takeovers, primarily due to poorly managed APIs—categorized as shadow, deprecated, or unauthenticated. To mitigate these threats, Imperva recommends continuous discovery and inventory of APIs, protection of sensitive endpoints, robust monitoring, and an integrated security approach that includes Web Application Firewalls (WAF), DDoS prevention, and Bot Protection.
URL: “https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html”
Imperva highlights the role of APIs in facilitating digital modernization, with most internet traffic attributed to API calls in 2023. It was stated that APIs often enter production without proper authentication. Endpoints in organizations can be vulnerable which makes APIs a target of hackers. To enhance API security posture, organizations should discover, classify, and have an inventory of APIs.
The ransomware group “ShadowSyndicate” has been observed scanning servers vulnerable to CVE-2024-23334 which is a directory traversal vulnerability discovered in the aiohttp Python library. Aiohttp is an open-source library that allows for handling large amounts of concurrent HTTP requests asynchronously without thread-based networking. Many tech firms, developers, etc. use these kinds of tools and APIs to aggregate data in high-performance web applications.
On January 28th, aiohttp released a new version of their library that patches the exploit resulting from inadequate validation for certain static routes, allowing external access to a server’s root directory. The group has been found to run scans for this specific exploit in an attempt to deploy ransomware.
Link: https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html
For the first time in recent history a South Korean national was arrested in Russia on cyber espionage charges and was moved to Moscow for further investigation. Baek Won-soon is accused of handing over classified information to an unnamed foreign intelligence agencies. This come days after the U.S. arrested former Google engineer for espionage. Baek is currently in the same detention center as the journalist Evan Gershkovich who was arrested earlier last year on espionage and is still detained there to this day awaiting charges. This arrest is concerning as Russia and North Korean geopolitical ties seem to be growing.
Article: Microsoft expands availability of its AI-powered cybersecurity assistant
This article covers how Microsoft is incorporating AI into their cybersecurity services to create a more thorough and reliable system. I found this article interesting because it covers a topic that I’m interested as an IT specialist, AI.. While a lot of ink has been spilled with fears over AI, I think it’s easy to forget the often positive or useful things that AI can provide us. AI is useful in a cybersecurity field for automating many functions, saving time for auditors or security specialists, and allowing a more creative hands-off approach will certainly change the way that we look at cyber security and architecture in the future of our industry
Link: https://www.reuters.com/technology/microsoft-expands-availability-its-ai-powered-cybersecurity-assistant-2024-03-13/
Husband ‘made over a million’ by eavesdropping on BP wife.
https://www.bbc.com/news/business-68379318
The House overwhelmingly passed a bill on Wednesday that would give TikTok’s Chinese owner ByteDance about six months to divest the US assets of the short-video app, or face a ban, in the greatest threat to the app since the Trump administration.
To be fair, TikTok has already been in Congress’s crosshairs – but this time, the ultimatum sounds serious.
https://cybernews.com/editorial/house-vote-tiktok-ban-china/
Topic: What Companies & CISOs Should Know About Rising Legal Threats
In recent times, the cybersecurity community has faced heightened litigation risks, evidenced by cases such as Tesla suing ex-employees for breaches, the FTC charging Uber’s former CISO, and the SEC charging SolarWinds and its CISO. Even private companies face liabilities as regulatory bodies mandate cybersecurity accountability. The SEC’s jurisdiction extends to both public and private entities. Consequently, many cybersecurity leaders are wary of CISO roles, leading to turnover and dissolution of such roles in some companies like Uber. However, this trend raises concerns about the future of the profession.
To address these challenges, there’s a call for sufficient cybersecurity budgets, with CEOs and boards taking responsibility. Risk-based audits beyond compliance requirements are advocated for, along with a reevaluation of penetration testing and bug bounty programs. Moreover, there’s criticism of government enforcement on non-officers and a plea for clearer rules to protect security officers from personal prosecution. Overall, the community seeks a balanced approach to enforcement and support to foster progress and sustainability in cybersecurity.
Link: https://www.darkreading.com/cyber-risk/what-companies-cisos-should-know-about-rising-legal-threats
Erskine Payton
In the News Article- Unit 9
MIS 5214
Temple University
Billion-dollar boat seller MarineMax reports cyberattack to SEC
https://therecord.media/boat-seller-marinemax-reports-cyberattack-sec
MarineMax, the self-proclaimed world’s largest recreational boat and yacht service company filed documents with the SEC of the breach. The attackers gain access to parts of the information network. Once it was discovered MarineMax implemented its incident response plan and was able to contain the incident. Although the incident did not have a major impact on operations, they brought people in to assist with the investigation.
In the News
I did not know that solar was reliant on satellites and is one of the most overlooked aspects of the crucial need for cybersecurity for solar. As the technology grows along with demand, the United States Department of Energy is making it a priority to find a solution with cybersecurity. The majority of the solar converters are all web based along with the interconnectedness of the solar that always needs to be online, making this technology very vulnerable to cyberthreats. The article highlights how different parts of the solar technology systems have many vulnerabilities. A lot of the supervisor controls and data systems, computer networks equipment and supervision needed for such equipment have shown that solar has numerous physical and cyber vulnerabilities. The US Cybersecurity and Infrastructure Security Agency are warning that these systems are vulnerable to a critical vulnerability that allows for attacks.
Why Cybersecurity for Solar Is Crucial — And Difficult | HackerNoon
https://hackernoon.com/why-cybersecurity-for-solar-is-crucial-and-difficult
The Cyber Sentinel Skills Challenge is your chance to showcase your skills, win your share of $15,000 in cash prizes, and kickstart a career with the US Department of Defense.
ABOUT THE COMPETITION
The Mission: This DoD-sponsored competition is designed to identify individuals interested in pursuing a cybersecurity career with the DoD. Our mission is to find experienced and emerging cybersecurity job-seekers looking to advance their careers while safeguarding our nation’s critical, digital infrastructure.
The Challenge: Participants will be given a series of real-world challenges that represent the skillsets most in demand by the DoD. These challenges are designed to measure your understanding of tasks and test your technical, analytical, and strategic abilities in the following skills categories: Forensics, Malware/ Reverse Engineering, Networking & Reconnaissance, Open-Source Intelligence Gathering (OSINT), and Web Security.
The Reward: Winners of the competition will not only get the unique opportunity to learn more about jobs with DoD but also a share of the $15,000 cash prize pool.
Who Can Participate: Applicants must be US citizens (native or naturalized) and over the age of 18 to qualify. Individuals from all levels of cybersecurity experience, whether you are seasoned cybersecurity professionals or just starting in the field, with a genuine interest in a career at the DoD, are welcome to apply.
DoD Cyber Sentinel Challenge | Correlation One (correlation-one.com)
While the necessity of strong passwords and safe password management is well understood in many organizations, a considerable number of enterprises continue to store passwords in plaintext on files that are not password secured. Many organizations struggle with password and identity management. One major issue with password management is the quantity of passwords required in the office. Although SSO solutions address this issue, 45% of firms have deployed password management systems, allowing employees to reuse or use identical passwords.
https://mytechdecisions.com/network-security/password-security-lastpass/
https://www.calcomsoftware.com/how-hardening-is-reflected-in-the-different-nist-standards/
NIST SP 800-123 covers an essential aspect of server security, known as server hardening. It involves creating a system security plan, updating the operating system regularly, and appropriately configuring resource controls. By implementing server hardening practices, vulnerabilities can be reduced, and servers become more resilient against attacks. These practices include password policies, authentication mechanisms, and the proper management of services and applications. Hardening practices enhance security and help maintain system performance and reliability by reducing unnecessary load and potential points of failure.
https://www.sdxcentral.com/articles/news/nvidia-supercharges-cybersecurity-with-ai-at-gtc-2024/2024/03/
Not a specific article on a breach, but more-so new moves being made in the industry to push advancements in cybersecurity. This article talks about how multiple cybersecurity companies said they will partner with Nvidia to use AI to enhance abilities for cybersecurity. Making the partnership with Nvidia was a good decision considering Nvidia is already involved in the AI market. To give an example of one of the partnerships, Check Point Software Technologies and Nvidia have a main objective of improving security of AI for cloud infrastructure.
“APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage”
The “State of API Security in 2024 Report” by Imperva underscores the critical role of Application Programming Interfaces (APIs) in digital modernization, noting that they accounted for 71% of internet traffic in 2023. Despite their significance, the rapid push to production often leaves APIs vulnerable, with the typical enterprise site handling around 1.5 billion calls annually and an average of 613 endpoints in use. This situation poses a substantial risk, as evidenced by the $75 billion annual cost to businesses from API-related security incidents. The report highlights the finance and online retail sectors as particularly susceptible to attacks, such as account takeovers, primarily due to poorly managed APIs—categorized as shadow, deprecated, or unauthenticated. To mitigate these threats, Imperva recommends continuous discovery and inventory of APIs, protection of sensitive endpoints, robust monitoring, and an integrated security approach that includes Web Application Firewalls (WAF), DDoS prevention, and Bot Protection.
URL: “https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html”
APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage
https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html
Imperva highlights the role of APIs in facilitating digital modernization, with most internet traffic attributed to API calls in 2023. It was stated that APIs often enter production without proper authentication. Endpoints in organizations can be vulnerable which makes APIs a target of hackers. To enhance API security posture, organizations should discover, classify, and have an inventory of APIs.
The ransomware group “ShadowSyndicate” has been observed scanning servers vulnerable to CVE-2024-23334 which is a directory traversal vulnerability discovered in the aiohttp Python library. Aiohttp is an open-source library that allows for handling large amounts of concurrent HTTP requests asynchronously without thread-based networking. Many tech firms, developers, etc. use these kinds of tools and APIs to aggregate data in high-performance web applications.
On January 28th, aiohttp released a new version of their library that patches the exploit resulting from inadequate validation for certain static routes, allowing external access to a server’s root directory. The group has been found to run scans for this specific exploit in an attempt to deploy ransomware.
https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/