Russian court convicts cyber security executive of treason
A Russian court found Group-IB’s former CEO and co-founder Ilya Sachkov guilty of treason, sentencing him to 14 years. Authorities arrested Sachkov back in September 2021. While the charges in the case are classified, the Russian state news agency TASS said the charges involved passing along classified information to foreign operatives. Sachkov’s attorney maintained his innocence and said they would appeal the verdict. Group-IB severed ties with the Russian market in recent years, renaming itself F.A.C.C.T.
(Reuters)
SEC to require incident disclosure
On Wednesday the Securities and Exchange Commission approved new rules to require organizations to disclose “material” cybersecurity incidents to the regulator within four business days. The US Attorney General can delay public disclosure of incidents if it would threaten public safety or national security. The rules would also require companies to annually share risk management, cybersecurity strategy, and governance policies. This applies to domestic businesses and those doing business in the US. The new rules come into effect in December, although smaller companies will have an additional 180 to come into compliance.
Government cyber attacks rely on valid credentials
According to a new report from the Cybersecurity and Infrastructure Security Agency found that threat actors used valid credentials in 54% of attacks against federal civilian agencies in 2022. Spearphishing proved the second most popular, used in 33% of incidents. The report looked at 121 Risk and Vulnerability Assessments. CISA also found threat actors saw the most success using common phishing and default credential methods. The report noted that these attacks didn’t show a particular amount of creativity, largely keeping to the same methods seen in past government breaches.
AI giants form Frontier Model Forum
Anthropic, Google, Microsoft and OpenAI announced the formation of the organization, inviting both competitors and related NGOs to join as well. The forum will work to develop best practices for evaluating so-called frontier models. This would apply to models “that exceed the capabilities currently present in the most advanced existing models.” The group will seek to issue a “public library of solutions” to address issues raised by emerging model capabilities. This comes after a group of leading AI companies reached a deal with the White House on proposals to minimize AI risks and conduct research on AI safety.
(Axios)
Thanks to today’s sponsor, AppOmni
Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
The privacy implications of the fediverse
The Electronic Frontier Foundation’s Cindy Cohn and Rory Mir published a piece looking at the privacy implications of decentralized social services in the wake of a Mastodon server seizure last May. This saw the server Kolektiva.social seized as part of an FBI raid, part of a seizure of all electronics on the site. The Mastodon backups on that server included emails, hashed passwords, direct messages, interactions, and IP addresses on thousands of users, including ones from other instances. The EFF recommends fediverse admins only keep data as long as necessary, as well as limit data collection to an absolute minimum. It also recommended admins be transparent with users on any suspected access by law enforcement.
(EFF)
NATO investigating SiegedSec attack
Earlier this week, the threat group known as SiegedSec posted on Telegram it exfiltrated hundreds of documents from NATO’s COI Cooperation Portal. That portal serves as NATO’s unclassified information-sharing environment. NATO confirmed its investigation of the claims. According to analysis by CloudSEK, the documents shared on Telegram include names, company affiliation, business emails, addresses and photos, impacting 31 nations.
Education hammered by ransomware
We’ve covered numerous instances of educational organizations hit with ransomware on this show. But a new report from Sophos gives a wider view of what it means for the overall sector. According to their State of Ransomware in Education 2023 report, 79% of higher and 80% of lower education organizations surveyed saw some sort of compromise from ransomware in 2022. Overall compromised credentials accounted for 36% of breaches, while exploits accounted for 40% of compromises in higher education. The report also found the education sector saw a higher rate of paying ransoms, with 56% of higher education victims doing so. It sighted a lower rate of maintaining backups compared to other sectors as a major reason.
For Peloton, everyday is breach day
Researchers at Check Point discovered vulnerabilities in the popular Peloton Tread. The fitness appliance runs Android 10, making it uniquely vulnerable in Peloton’s lineup. This means unless it receives software updates, any bugs discovered in 2022 and 2023 could impact the machine. Additionally an attacker could potentially enable USB debugging to gain further access locally. Because the Tread connects to a network, attackers could use it to further infect any attached network. Added to this, the researchers also discovered an open unauthenticated API, meaning a threat actor could do this remotely. Peloton said it determined exploitation would require local access and that “they meet expected security measures for Android-based devices.”