Marriott Agrees $52m Settlement for Massive Data Breach
Article Link: https://www.infosecurity-magazine.com/news/marriott-settlement-massive-data/
- Marriott is paying $52 million to settle claims from all 50 U.S. States over a major data breach that exposed 131.5 million U.S. customer records between 2014 and 2018. The breach went unnoticed for years in the Starwood system, which Marriott acquired in 2016.
- Investigators found Marriott violated data security laws by failing to implement proper protections. As part of the settlement, Marriott agreed to strengthen its information security measures, including adopting zero trust principles.
- Globally, Marriott has faced other penalties, including a $24 million fine in the United Kingdom. The Federal Trade Commission (FTC) also cited multiple security failures, with breaches affecting 344 million people worldwide.
- Although Marriott denies liability, they have implemented increased key security measures to include improved access controls and monitoring, updated systems, and regular assessments.
AT&T, Verizon Reportedly Hacked to Target US Govt Wiretapping Platform
Article Link: https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
- U.S. broadband providers, including AT&T and Verizon, were breached by the Chinese hacker group Salt Typhoon, potentially accessing U.S. government wiretapping systems for intelligence gathering.
- The breach, discovered only recently, is under investigation, with the extent of the data theft still unknown, yet it is allegedly to have affected millions of Americans and businesses.
- Salt Typhoon, active since 2019, targets global telecoms using Microsoft Exchange vulnerabilities and custom hacking tools.
- Impacted companies are strengthening security, patching vulnerabilities, and investigating the role of network equipment like Cisco routers in the breach.
31 million Users Affected by Internet Archive Hack
Article Link: https://www.securityweek.com/31-million-users-affected-by-internet-archive-hack/
- The Internet Archive (Wayback Machine) was hacked, exposing 31 million records, including email addresses, usernames, and Bcrypt-hashed passwords, which vary in vulnerability depending on password strength.
- The breach was identified by Troy Hunt of Have I Been Pwned (HIBP), and the compromised data is now available for users to check on if they were affected.
- In addition to the data breach, the site suffered defacement and multiple outages caused by a DDoS attack, leaving it offline for extended periods.
- The Internet Archive is responding by disabling the compromised JavaScript library, scrubbing systems, and upgrading security measures to prevent further incidents.
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
Article Link: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html
- Microsoft warns of growing cyberattacks using legitimate file hosting services like OneDrive and Dropbox to bypass security defenses, leading to phishing pages that steal passwords and two-factor authentication tokens.
- Once compromised, attackers can control accounts to launch business email compromise (BEC) attacks, commit financial fraud, and spread malware across organizations.
- A new phishing-as-a-service threat, Mamba 2FA, facilitates these attacks by capturing credentials and cookies via Telegram bots, exploiting non-resistant multi-factor authentication (MFA) methods.
- In response, businesses should reinforce email security, monitor trusted file-sharing platforms closely, and strengthen MFA to mitigate these sophisticated threats.
- Link to Microsoft’s Blog Post: https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
The Case for Enterprise Exposure Management
Article Link: https://www.helpnetsecurity.com/2024/10/07/exposure-management-em/
- Exposure management (EM) is evolving from external attack surface management (EASM) by focusing not just on identifying vulnerabilities but also validating and prioritizing them for more efficient remediation.
- EASM’s broad visibility often created alert fatigue and missed critical risks, while EM addresses this by validating exposures based on their business impact and exploitability, reducing wasted time on false positives.
- EM integrates deeper discovery, including cloud, SaaS, and vendor-managed assets, streamlining remediation processes, and ensuring quick responses to high-priority threats.
- By shifting from visibility overload to actionable insights, EM helps organizations secure assets and reputation more effectively with simplified operational processes.
Meet the Shared Responsibility Model with New CIS Resources
Article Link: https://www.helpnetsecurity.com/2024/10/07/cis-shared-responsibility-model/
- The shared responsibility model in cloud security requires organizations to securely configure their cloud components, and the new Center for Internet Security (CIS) resources provides updated guidance to simplify this process.
- CIS has expanded its Foundations Benchmarks to cover platforms like Google Workspace, IBM Cloud, and Snowflake, catering to 89% of organizations using multiple clouds, according to a 2024 Flexera survey of over 500 businesses.
- CIS Cloud Service Category Benchmarks offer tailored security measures for services like computing, databases, and storage on platforms like Amazon Web Services (AWS) and Microsoft Azure, ensuring detailed protection beyond basic configurations.
- New CIS Benchmarks for containers and Kubernetes provide secure configuration guidelines for cloud-based systems, helping organizations protect all cloud elements, from operating systems to container orchestration platforms.
- Link to Flexera’s Report: https://info.flexera.com/CM-REPORT-State-of-the-Cloud?lead_source=Organic%20Search
American Water Hit by Cyber-Attack, Billing Systems Disrupted
Article Link: https://www.infosecurity-magazine.com/news/american-water-cyberattack-billing/
- American Water, serving fourteen million customers, was hit by a cyberattack on October 3, 2024, disrupting billing but not water services, with the company pausing billing and securing systems to protect customer data.
- The full impact is still under investigation, with no details on compromised systems, while law enforcement and internal teams assess the breach.
- This attack highlights critical infrastructure’s vulnerability to cyber threats, echoing prior warnings about state-sponsored hackers targeting U.S. water systems.
- The incident emphasizes the need for water utilities to invest in stronger information security, especially in identity management to prevent dynamic and growing cyber risks.
- Link to American Water’s 8-K Filing: https://www.sec.gov/Archives/edgar/data/1410636/000119312524233300/d869346d8k.htm?7194ef805fa2d04b0f7e8c9521f97343
Why No Code and Process Mining Are the Future of Digital Transformation
Article Link: https://www.techradar.com/pro/why-no-code-and-process-mining-are-the-future-of-digital-transformation
- No-code platforms are revolutionizing software development, allowing non-technical users to create apps quickly and easily, with 65% of application development expected to use no-code or low-code by 2024, according to a 2022 Gartner report surveying 1,500+ organizations.
- No-code’s synergy with process mining empowers businesses to analyze, automate, and optimize processes independently, addressing the 70% failure rate of digital transformation efforts highlighted in a 2018 McKinsey survey of 1600 companies.
- To secure no-code platforms, organizations should implement strong access control, regularly monitor activity, secure API connections, ensure data encryption, maintain patch management, and establish governance policies for compliance and security.
- Real-word examples show industries like finance using no-code to automate customer onboarding and complaints management, providing a competitive edge through faster, more flexible operations and stronger compliance.
- Link to Gartner’s Report: https://www.gartner.com/en/newsroom/press-releases/2022-12-13-gartner-forecasts-worldwide-low-code-development-technologies-market-to-grow-20-percent-in-2023
Lamborghini Carjackers Lured by $243M Cyberheist
Article Link: https://krebsonsecurity.com/2024/10/lamborghini-carjackers-lured-by-243m-cyberheist/
- A 19-year-old Connecticut honors student is accused of participating in a $243 million cryptocurrency heist, leading to a botched ransom attempt where his parents were carjacked and kidnapped by suspects from Florida.
- The heist involved sophisticated social engineering to steal cryptocurrency, with attackers using spoofed calls to trick the victim into sharing sensitive information, leading to the theft of millions in digital currency.
- Investigators tracked the lavish spending of suspects on luxury goods, revealing the cryptocurrency was used for high-end purchases like cars and jewelry, linking them to the crime.
- The accused cybercriminals face charges for kidnapping, assault, and fraud, while authorities stress the importance of security personal accounts to prevent such breaches and social engineering attacks.
