Cyber Threat Report: Cyber Security News for 04/05/24

US State Department Investigating Another Data Leak
Five Eyes data was stolen from right under their nose. The threat actor stole and leaked documents from tech consulting firm Acuity, which specializes in cybersecurity, DevSecOps, data analytics, and operations support services. Read More

Scathing Federal Report Rips Microsoft For Shoddy Security, Insincerity In Response To Chinese Hack
Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into the email accounts of senior U.S. officials. Read More

Massive AT&T Breach Triggers Class-action Lawsuits
"We allege AT&T knew about the vulnerability that allegedly led to this breach but allowed it to occur by failing to act. Read More

US Cancer Center Data Breach Impacting 800,000
City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information. Read More

‘Brain Weasels’: Impostor Syndrome in Cybersecurity
There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome. Read More

OWASP Data Breach Caused by Server Misconfiguration
The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. Read More

Hosting Firm's VMware ESXi Servers Hit By New SEXi Ransomware
PowerHost apologized to customers, warning that it may not be possible to restore servers as the backups have also been encrypted. Read More

OMB Issues First Governmentwide AI Risk Mitigation Rules
Guidance Calls for Agencies to Appoint Chief AI Officers and set Up Governance Boards. Read More

Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO
The regulator’s case against the individual leader is more stick, less carrot. Read More

Considerations for Operational Technology Cybersecurity
The unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security architectures. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

A cybersecurity breach has been reported involving the theft of sensitive data from Acuity, a tech consulting firm working with the US government, by a threat actor known as IntelBroker. The stolen data reportedly includes personal information related to the Five Eyes intelligence alliance, encompassing intelligence agencies from the US, UK, Canada, New Zealand, and Australia. The State Department is actively investigating the incident, emphasizing its commitment to safeguarding information and enhancing cybersecurity measures in response to the breach.

A review board appointed by the Biden administration heavily criticized Microsoft for allowing state-backed Chinese cyber operators to breach the email accounts of senior U.S. officials due to a series of errors, inadequate security culture, and lack of transparency. The board urged Microsoft to overhaul its security culture and practices, including halting the addition of features to its cloud computing environment until significant security improvements are made, and called for rapid cultural change within the company. Microsoft acknowledged the investigation's findings, pledged to enhance its systems against cyber threats and recognized the need for a new culture of engineering security.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.