Mixin Network loses $200 million
The decentralized finance startup disclosed on September 25th that a cyber attack against its cloud service provider database saw it lose $200 million in cryptocurrency over the weekend. Mixin suspended deposits and withdrawals until it could fix the vulnerability. Transfers remain available to customers. Assuming no recovery of assets, this likely marks the fifth largest crypto loss from a cyberattack in the last 2 years. Mixin began working with Google and the blockchain security firm Slow Mist to investigate the attack.
Kia and Hyundai exploit linked to massive car thefts
In January 2022, thieves stole 85 Kia and Hyundai vehicles in Chicago. By October that spiked to over 1,400. Milwaukee saw thefts of the brands jum 2,500% to account for two-thirds of all cars stolen. Other metro areas saw other astronomical jumps. These thefts are possible because over 9 million vehicles from the brands shipped in the US without an engine immobilizer, allowing anyone with a simple USB connection to a phone to hotwire a car. Kia and Hyundai released a software update to add an ignition kill feature to prevent thefts, but roughly two million of these vehicles cannot receive the update. In July Carfax reported five million vehicles either didn’t receive or weren’t eligible for the update.
Stress testing voting equipment
The IT-Information Sharing and Analysis Center granted vetted cybersecurity researchers access to voting equipment from vendors Election Systems & Software, Hart InterCivic and Unisyn at an event hosted by Mitre Corp. Researchers attempted several attack scenarios, from knocking election logbooks offline to stuffing ballots. While results haven’t been publicly released, the equipment OEMs said they made changes based on exercise.
(CNN)
AI chatbots getting vocal
ChatGPT subscribers will get new voice features over the next two weeks. Users will be able to submit queries to the chatbot by voice, as well as with images. And it will also get the capability to respond with text-to-speech with five voice options. Not to be outdone, the Wall Street Journal’s sources say Meta plans to release generative AI chatbots as soon as this week with several distinct personality options. Test bots seen by the journal include the sarcastic Bob the Robot, the inquisitive Alvin the Alien, and a bot named Gavin which reportedly made misogynistic remarks to a reporter.
Thanks to our sponsor, AppOmni
CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
National Student Clearinghouse hit by MOVEit breach
The educational nonprofit disclosed to the California attorney general that this impacts nearly 900 schools using its services. In its breach notification, NSC said threat actors breached its MOVEit server in late May, and it determined this impacted student records on June 20th. While data loss varied by individual, it included names, dates of birth, social security numbers, student IDs, and enrollment data. Emsisoft estimates that over 2000 organizations saw breaches from the MOVEit attack, with over 57 million victims.
MGM Resorts sees class action lawsuits
Last week MGM Resorts resumed normal operations after over 10 days of disruption from a cyber attack. Now it’s facing two lawsuits from the cyberattack in the US District Court in Nevada. These allege negligence from the company for failing to protect customer data. The lawsuits also claims MGM should have been aware of increased risks of an attack due to warnings from Okta about social engineering attacks. The Federal Trade Commission declined to comment if its investigating the incident.
UK conducting “hunt forward” operations
The Record published an interview with Lieutenant General Tom Copinger-Symes, deputy commander of the UK’s Strategic Command. In it, he disclosed that his agency began following the US Cyber Command initiative of so-called hunt forward operations. This sees the UK deploying military cyber experts in foreign nations to look for malicious activity. The interview also overviews the state of the UK’s new National Cyber Force, which is still staffing up, how the war in Ukraine influenced strategic priorities, and how the agency interacts with private industry. A link to the full interview is available in our show notes at CISOSeries.com.
Temu referral scams on the rise
The direct from China e-commerce platform Temu uses customer referral codes to offer rewards for bringing people to the service. Because these rewards carry monetary value, scammers aren’t far behind. Bleeping Computer reports a rise in sharing Temu referral codes on TikTok. These accounts imply clicking through the link will lead to sensitive photos of celebrities. There doesn’t seem to be any malware tied to these videos, although scammer tactics could change at any time.