Cyber Threat Report: Cyber Security News for 03/07/24

Organizations Are Knowingly Releasing Vulnerable Applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house. Read More

Facebook/Insta FAIL — ‘Anonymous Sudan’ has a Super Tuesday: ‘We Did It.’
Kremlin-affiliated hackers Anonymous Sudan, with two lesser-known groups, Skynet and Godzilla, have claimed responsibility for the downing of Facebook, Instagram, and Threads. Read More

Researchers Warn Of Stuxnet-Style Web-Based PLC Malware, Redefining Industrial Cybersecurity Threats
The scheme allows the malware to stealthily attack the underlying real-world machinery using the legitimate web application program interfaces (APIs) exposed by the admin portal website. Read More

VMware Reveals Patches For A Host Of Security Flaws, So Update Now
Two high-severity flaws could be used to execute code, researchers say. Read More

Self-Propagating Worm Created to Target Generative AI Systems
“Morris II,” which targets GenAI ecosystems through adversarial self-replicating prompts, leads to GenAI systems delivering payloads to other agents. Read More

Iowa Electric, Water Utility Says Info Of Nearly 37,000 Leaked In January Ransomware Attack
The company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI). Read More

U.S. Judge Ordered Nso Group To Hand Over The Pegasus Spyware Code To Whatsapp
Meta won the litigation against the Israeli spyware vendor NSO Group, and a U.S. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. Read More

Apple Warns Users Against Critical Memory-Corrupting Attacks
Apple advises immediate patching against two critical zero-day vulnerabilities attackers use to carry out memory-corruption attacks on Apple devices. Read More

Insurance Giant Fidelity Hit By Data Breach — Thousands Of Customers May Have Had Data Stolen
Fidelity data was taken following a similar attack on Infosys. Read More

Ransomware Group Behind Change Healthcare Attack Goes Dark
ALPHV/BlackCat reportedly received $22 million from Change Healthcare before scamming its affiliates ahead of a possible rebrand. Read More

Chinese Engineers Manage to get a Picture to Sing and Talk Using an AI app Called Emote Portrait Live
Engineers at the Institute for Intelligent Computing, Alibaba Group, have developed an AI app that can animate a still photo of a face and synchronize it to an audio track. Read More

Another threat actor was seen exploiting ConnectWise ScreenConnect
Kroll researchers identified new malware variant threat actors deploying against the rapidly exploited security vulnerabilities. Read More

Amex Cardholder Data Exposed In Merchant Processor Hack
The point-of-sale attack on a merchant processor may have compromised the account information of the company’s cardholders, Amex said in a state regulatory filing. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Organizations are releasing vulnerable in-house applications, leading to 92% of breaches attributed to application vulnerabilities. Responsibility for application security is increasingly shared between AppSec managers and developers, as 91% of companies acknowledge releasing vulnerable applications due to pressures like deadlines and hopes that vulnerabilities won't be exploited. Addressing these issues requires a comprehensive AppSec platform to enhance teamwork, and developer experience, and ensure end-to-end security from code to cloud.

This past week's outage affecting Meta's platforms, including Facebook, Instagram, and Threads, has been attributed to a potential targeted DDoS attack claimed by Kremlin-affiliated hackers Anonymous Sudan, along with two other groups, Skynet and Godzilla. Meta acknowledged a breach of security, prompting speculation about the cause, including DNS-related issues, although definitive proof is yet to emerge. Despite the disruption, some users highlighted the impact on businesses and practical concerns, emphasizing the necessity for alternative means of communication beyond platforms like Facebook.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.