In today’s cybersecurity news…
Microsoft warns of potential Windows 10 update failure
The company has confirmed it is investigating an issue in which a bug causing the Windows 10 KB5068781 extended security update to fail to install. It is instead showing numbered errors (0x800f0922) on devices with corporate licenses. The security update was released on November 11 as part of Patch Tuesday. Some business Windows 10 users have since reported on its failure to install. More precisely, it appears to install successfully, but after a restart, it fails to apply and rolls back.
China-backed hackers launch first large-scale autonomous AI cyberattack
In September, the threat actors used Claude Code AI from Anthropic to “automate and execute cyberattacks in a sophisticated espionage campaign.” They made use of its advanced “agentic” capabilities rather than using AI only for guidance and so allowed the attack to execute itself autonomously. Experts describe this as an unprecedented shift from AI as advisor to AI as operator. The attack targeted 30 global tech, finance, chemicals, and government organizations, and succeeded in a few cases.
Feds fumbled Cisco patches requirements, says CISA
According to a new report from CISA, U.S. government agencies are “failing to adequately patch critical vulnerabilities in Cisco devices despite [the presence of] hackers who pose significant risk.” This report was published Wednesday after the agency had become aware of “multiple organizations that believed they had applied the necessary updates but had not in fact updated to the minimum software version.” This follows an emergency directive from the agency after uncovering a widespread hacking campaign, known as “Arcane Door,” targeting Cisco adaptive security appliances and firewalls. Current and former federal cyber officials did say that the government shutdown “exacerbated the threat landscape” by slowing down response and coordination efforts.
Five U.S. based individuals plead guilty to helping North Korean IT workers infiltrate 136 companies
The U.S. Department of Justice announced on Friday that these five individuals had pleaded guilty in violation of international sanctions. The counts were of wire fraud and conspiracy for knowingly allowing IT workers located outside of the U.S. to use their U.S. identities to secure jobs at American firms between September 2019 and November 2022. Three of these defendants had also served as facilitators, “hosting the company-issued laptops at their residences and installing remote desktop software so that the IT workers could give the impression that they were working remotely within the U.S. They also helped with passing employer vetting procedures, including appearing for drug testing on behalf of their North Korean clients.
Huge thanks to our episode sponsor, KnowBe4
That’s why there’s KnowBe4’s Cloud Email Security platform. It’s not just another filter—it’s a dynamic, AI-powered layer of defense that detects and stops advanced threats before they reach your users’ inbox.
Request a demo of KnowBe4’s Cloud Email Security at knowbe4.com or visit them this week at Microsoft Ignite booth #5523.
Cyberattack on Russian port operator aimed to disrupt coal, fertilizer shipments
The Russian port operator Port Alliance stated on Thursday it was in its third day of disruptions resulting from a cyberattack that was targeting key parts of its digital infrastructure. The attacks tool the form of a DDoS attack and attempts to breach its networks. Port Alliance claims the goal of the attacks was to “destabilize operations and disrupt business processes tied to exports of coal and mineral fertilizers through its numerous seaports in the Baltic, Azov–Black Sea, Far Eastern and Arctic regions. The unidentified hackers used a botnet of more than 15,000 unique IP addresses from around the world and continuously changed tactics to evade security defenses but were not successful in their mission.
DoorDash suffers new data breach
The attack occurred on October 25. In an announcement sent to customers this past week, the company says the information stolen “may have included first and last name, physical address, phone number and email address.” The incident has been “traced to a DoorDash employee falling victim to a social engineering scam.” The notification does not specify how many users were affected, but they did say it impacts consumers, Dashers, and merchants in the U.S. and Canada. This is the third notable security incident suffered by the company.
North Korean hackers turn JSON services into malware delivery channels
Building on their extensive experience in using job offers to distribute malware, these threat actors are now using JSON storage services like JSON Keeper, JSONsilo, and npoint.io “to host and deliver malware from trojanized code projects.” Again they approached victims through networking sites such as LinkedIn, “either under the pretext of conducting a job assessment or collaborating on a project, as part of which they are instructed to download a demo project hosted on platforms like GitHub, GitLab, or Bitbucket.”
Jaguar Land Rover cyberattack cost the company over $220 million
Following up on a story we have been covering since September, the Jaguar Land Rover car manufacturer has published its financial results for July 1 to September 30 and has warned that the cost of the September cyberattack totaled £196 million ($220 million) in that quarter. The attack forced the British carmaker to shut down production at its major plants and send its staff home. Data was stolen during the cyberattack, which was allegedly deployed by the Scattered Lapsus$ Hunters group.