In today’s cybersecurity news…
Kansas water plant pivots to analog after cyber event
Yesterday we updated you on a ransomware attack that hit the state Kansas earlier this year. Now there’s more bad news for The Sunflower State as a water treatment facility in Arkansas City suffered a “cybersecurity incident” on Sunday and forced the facility to move to fully manual operations. A city official said, “Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period.” Authorities and security experts are working to restore the facility to normal operations and the facility has enhanced its security measures to protect the water supply.
(Dark Reading and Bleeping Computer)
CrowdStrike exec apologizes in Congress for global IT outage
In testimony before the House Subcommittee on Cybersecurity, CrowdStrike vice president Adam Meyers issued an apology for the faulty sensor update that caused a widespread Windows meltdown in July. Meyers said, “We let our customers down. On behalf of everyone at CrowdStrike I want to apologize. We are deeply sorry and we are determined to prevent this from ever happening again.” Meyers outlined measures the company is taking to avoid a repeat incident, including carefully controlled rollouts of software updates, improved code input validation, and testing procedures that cover a broader array of problematic scenarios. CrowdStrike has also provided customers more control over the deployment of system configuration updates. Microsoft also plans to help by providing “new platform capabilities” in Windows 11 to allow security vendors to operate “outside of kernel mode.”
(SecurityWeek and CyberScoop)
MoneyGram goes offline after cyber incident
The money-wiring service’s in-person and online payment systems have been down since this past Friday. On Monday, MoneyGram posted an update on X, that it has launched an investigation into a cybersecurity issue and said its working with third-party cybersecurity experts and coordinating with law enforcement. This potentially indicates that MoneyGram may have fallen victim to a data breach, though that has yet to be confirmed. The company has not indicated when it expects its services to be restored.
Caroline Ellison sentenced for role in FTX fraud
The former CEO of Alameda Research, was sentenced to 24 months in prison for her role in the FTX crypto platform collapse. She must also forfeit $11 billion. Back in December 2022, Ellison pled guilty to conspiring with FTX’s Sam Bankman-Fried to steal $8 billion worth of customers’ funds. Prosecutors recommended a lenient sentence due to her cooperation in building a case against Bankman-Fried. At Ellison’s sentencing hearing, Judge Lewis Kaplan said that, in sharp contrast to Sam Bankman-Fried, there were no obvious inconsistencies in her testimony, which was “very incriminating of herself.”
(The Verge and TechCrunch)
Huge thanks to our sponsor, Vanta
With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs.
Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.
Visit vanta.com to learn more about Questionnaire Automation.
GenAI malware spotted in phishing attacks
While investigating a malicious email back in June, HP researchers discovered a malware likely created by generative artificial intelligence.The phishing message used an invoice-themed lure and an encrypted HTML attachment that uses HTML smuggling to avoid detection. The attacker embedded the AES decryption key in the attachment’s JavaScript which is unusual. Upon decryption, the attachment mimics a website but runs a VBScript to deploy the AsyncRAT infostealer. The researchers said that based on the structure of the comments found throughout the malware’s code, “we think it’s highly likely that the attacker used GenAI to develop these scripts.”
Critical ATG bugs threaten critical infrastructure
Automatic tank gauge (ATG) systems are commonly found in gas stations and airports but also at other critical facilities (like hospitals and military installations) that require large backup generators. Researchers have discovered 11 new vulnerabilities across six ATG systems from five different vendors. The vulnerabilities could allow an attacker to gain full control of an ATG to make fuel unavailable or wreak environmental havoc. The bugs were discovered six months ago, with Bitsight, the US Cybersecurity and Infrastructure Security Agency (CISA) working with some of the affected vendors to mitigate the problems. However two vendors (Proteus and Alisonic) have yet to engage with CISA in remediation efforts. Experts recommend disconnecting ATGs from the public Internet, even if they’ve been patched.
(Dark Reading and SecurityWeek)
AI can now solve reCAPTCHA tests as accurately as you can
Researchers in Switzerland have successfully trained an AI model to solve Google’s reCAPTCHAv2 image challenge. The researchers named their AI model YOLO for “You Only Look Once” and trained it on images of the usual reCAPTCHA fodder including road vehicles, traffic lights, and other related objects. The model improved accuracy by roughly 30% versus prior models and performed similar to the accuracy rate of a human. Google may already be mitigating the risks posed by such models by using device fingerprinting techniques alongside tools like CAPTCHA. Additionally, a spokesperson from Google said that with the launch of reCAPTCHA v3 in 2018, the company is moving away from visual challenges by incorporating behavioral tracking methods like cursor movements. Google said, “the majority of reCAPTCHA’s protections across 7 [million] sites globally are now completely invisible.”
(ZDNet)
GPS spoofing spooks pilots and air-safety officials
Spoofing Global Positioning System (GPS) signals is an electronic warfare tactic that has been used near active conflict zones to confuse cockpit navigation and safety systems. However, pilots and aviation experts say that GPS spoofing attacks started affecting a large number of commercial flights about a year ago. The number of flights affected daily has surged from a few dozen in February to more than 1,100 in August. Pilots have reported clocks resetting to earlier times, false warnings and misdirected flight paths. While pilots are trained on how to use non-GPS navigation systems as a backup, managing the bogus GPS signals risks dividing pilots’ attention if a more serious problem strikes. Industry and government officials are working out how best to address this growing risk.
(MSN)