Cyber Threat Report: Cyber Security News for 03/22/24

White House And EPA Warn Of Hackers Breaching Water Systems
EPA Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. Read More

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack
Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. Read More

Tech Support Firms Agree to $26M FTC Settlement Over Fake Services
Restoro and Reimage agree to a $26 million settlement after selling fake antivirus and tech services to undercover FTC agents. Read More

Critical Flaw In Atlassian Bamboo Data Center And Server Must Be Fixed Immediately
Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Read More

Hackers Posing as Law Firms Phish Global Orgs in Multiple Languages
Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware. Read More

Tracker Backtrack? Feds Revise HIPAA Guidance on Web Tools
Facing AHA Lawsuit, HHS Tempers 2022 Warning About Tracking IP Addresses, Other PHI. Read More

How Companies Describe Cyber Incidents in SEC Filings
The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts, and legal liabilities. Read More

Ransomware Groups: Trust Us. Uh, Don't.
Review of Attacks Finds Inconsistent Data Leaks and Victim Naming, Broken Promises. Read More

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
An investigation into onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Read More

Apparel Giant VF Sends Out Breach Letters To Millions Following 2023 Cyberattack
The VF Corporation — the owner of brands like Vans, North Face, Timberland, Dickies, Jansport, and more — warned customers that a December 13 hack leaked troves of information about customers. Read More

House Unanimously Passes Bill To Block Data Brokers From Selling Americans’ Info To Foreign Adversaries
The bill would bar data brokers from selling Americans’ sensitive data to foreign adversaries like China, as well as to the companies under their thumb. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

The U.S. National Security Advisor and EPA Administrator have warned governors of cyberattacks targeting vital water infrastructure, urging improved defenses and readiness. They emphasized the importance of cybersecurity measures in safeguarding drinking water and wastewater systems, highlighting recent breaches by state-backed threat groups from Iran and China. To address these risks, a joint effort between the National Security Council, the EPA, and state leaders will establish a Water Sector Cybersecurity Task Force to develop nationwide strategies for mitigating cyber threats to water systems.

On the first day of the Pwn2Own Vancouver 2024 hacking competition, where participants earned over $700,000 by successfully demonstrating exploits against various targets, including a Tesla car, Linux, Windows operating systems, and popular software. Notably, the Synacktiv team earned $200,000 and a Tesla Model 3 for their exploit targeting Tesla's electronic control unit (ECU). Other significant rewards were given for exploits targeting VMware Workstation, Oracle VirtualBox, Chrome, Safari, Adobe Reader, Edge, and Ubuntu. 

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.