The Cyberwire Daily Briefing
"Fortinet confirms breach of customer data."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 15 September 2024, 1339 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/176
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 09.13.24
Announcement
Cloud Security in the Age of Generative AI.
Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni. Learn more and register now.
Summary
Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni. Learn more and register now.
At a glance.
- Fortinet confirms breach of customer data.
- Iran's Scarred Manticore deploys new malware across the Middle East.
- US government sanctions Cambodian senator for alleged involvement in forced labor scam operation.
- Fortinet confirms breach of customer data.
- Iran's Scarred Manticore deploys new malware across the Middle East.
- US government sanctions Cambodian senator for alleged involvement in forced labor scam operation.
Fortinet confirms breach of customer data.
Cybersecurity firm Fortinet has confirmed that it sustained a data breach affecting some customer data, BleepingComputer reports. The company stated, "An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers." The company hasn't disclosed what type of data was stolen, but says it has "communicated directly with customers as appropriate."
BleepingComputer notes that a threat actor posted on a hacking forum yesterday claiming to have stolen 440 GB of data from Fortinet's Azure Sharepoint instance. The crook also posted credentials to an S3 bucket containing the alleged stolen data, stating that Fortinet refused to pay a ransom to prevent the data from being leaked. BleepingComputer hasn't confirmed the validity of the threat actor's claims.
Cobalt: The Only “Outperformer” in GigaOm’s Pentesting ReportFor the second year in a row, Cobalt has been named the only “outperformer” in GigaOm’s independent report on Pentesting as a Service. Recognized for its streamlined approach, free retesting, and swift test launches, Cobalt leads the pack. Download the full report to see why Cobalt stands out as the category leader.
Cybersecurity firm Fortinet has confirmed that it sustained a data breach affecting some customer data, BleepingComputer reports. The company stated, "An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers." The company hasn't disclosed what type of data was stolen, but says it has "communicated directly with customers as appropriate."
BleepingComputer notes that a threat actor posted on a hacking forum yesterday claiming to have stolen 440 GB of data from Fortinet's Azure Sharepoint instance. The crook also posted credentials to an S3 bucket containing the alleged stolen data, stating that Fortinet refused to pay a ransom to prevent the data from being leaked. BleepingComputer hasn't confirmed the validity of the threat actor's claims.
For the second year in a row, Cobalt has been named the only “outperformer” in GigaOm’s independent report on Pentesting as a Service. Recognized for its streamlined approach, free retesting, and swift test launches, Cobalt leads the pack. Download the full report to see why Cobalt stands out as the category leader.
Iran's Scarred Manticore deploys new malware across the Middle East.
Check Point has published a report on a cyberespionage campaign by Scarred Manticore, a threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS). The threat actor is using a new malware framework dubbed "LIONTAIL" to target the government, telecommunications, military, and financial sectors in Saudi Arabia, the UAE, Jordan, Kuwait, Oman, Iraq, and Israel.
Check Point states, "LIONTAIL is a malware framework that includes a set of custom shellcode loaders and memory resident shellcode payloads. One of its components is the LIONTAIL backdoor, written in C. It is a lightweight but rather sophisticated passive backdoor installed on Windows servers that enables attackers to execute commands remotely through HTTP requests. The backdoor sets up listeners for the list of URLs provided in its configuration and executes payloads from requests sent by attackers to those URLs."
While the goal of this campaign is espionage, the researchers note that some of the same tools were used in an MOIS-sponsored destructive cyberattack against the Albanian government in 2022.
Elevate Your Enterprise Identity SolutionsSeamlessly connect legacy apps to any identity provider with Strata. Effortlessly apply MFA and maintain identity continuity without disruptions. Enhance security and reduce tech debt with Strata’s efficient identity orchestration platform. Share your identity challenge and receive free AirPods Pro.
Check Point has published a report on a cyberespionage campaign by Scarred Manticore, a threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS). The threat actor is using a new malware framework dubbed "LIONTAIL" to target the government, telecommunications, military, and financial sectors in Saudi Arabia, the UAE, Jordan, Kuwait, Oman, Iraq, and Israel.
Check Point states, "LIONTAIL is a malware framework that includes a set of custom shellcode loaders and memory resident shellcode payloads. One of its components is the LIONTAIL backdoor, written in C. It is a lightweight but rather sophisticated passive backdoor installed on Windows servers that enables attackers to execute commands remotely through HTTP requests. The backdoor sets up listeners for the list of URLs provided in its configuration and executes payloads from requests sent by attackers to those URLs."
While the goal of this campaign is espionage, the researchers note that some of the same tools were used in an MOIS-sponsored destructive cyberattack against the Albanian government in 2022.
Seamlessly connect legacy apps to any identity provider with Strata. Effortlessly apply MFA and maintain identity continuity without disruptions. Enhance security and reduce tech debt with Strata’s efficient identity orchestration platform. Share your identity challenge and receive free AirPods Pro.
US government sanctions Cambodian senator for alleged involvement in forced labor scam operation.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Cambodian businessman and senator Ly Yong Phat for his alleged involvement in "serious human rights abuse related to the treatment of trafficked workers subjected to forced labor in online scam centers." OFAC alleges that Ly owns a resort that's used as a scam center, with human trafficking victims forced to carry out online scam operations.
Treasury states, "For more than two years, from 2022 to 2024, O-Smach Resort has been investigated by police and publicly reported on for extensive and systemic serious human rights abuse. Victims reported being lured to O-Smach Resort with false employment opportunities, having their phones and passports confiscated upon arrival, and being forced to work scam operations. People who called for help reported being beaten, abused with electric shocks, made to pay a hefty ransom, or threatened with being sold to other online scam gangs."
XPOSURE, The Virtual CTEM Summit Hosted by Pentera on September 10th!Feeling a little too "xposed"? Gartner predicts implementing CTEM can make your organization 3x less likely to experience a breach. XPOSURE is your ticket to mastering the CTEM framework and ensuring you’re never caught with your defenses down. In just 3 hours, you'll learn how to continuously test your resilience, identify high-risk gaps, and apply best practices across your entire attack surface. Join us live on September 10th or tune in on-demand!
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Cambodian businessman and senator Ly Yong Phat for his alleged involvement in "serious human rights abuse related to the treatment of trafficked workers subjected to forced labor in online scam centers." OFAC alleges that Ly owns a resort that's used as a scam center, with human trafficking victims forced to carry out online scam operations.
Treasury states, "For more than two years, from 2022 to 2024, O-Smach Resort has been investigated by police and publicly reported on for extensive and systemic serious human rights abuse. Victims reported being lured to O-Smach Resort with false employment opportunities, having their phones and passports confiscated upon arrival, and being forced to work scam operations. People who called for help reported being beaten, abused with electric shocks, made to pay a hefty ransom, or threatened with being sold to other online scam gangs."
Feeling a little too "xposed"? Gartner predicts implementing CTEM can make your organization 3x less likely to experience a breach. XPOSURE is your ticket to mastering the CTEM framework and ensuring you’re never caught with your defenses down. In just 3 hours, you'll learn how to continuously test your resilience, identify high-risk gaps, and apply best practices across your entire attack surface. Join us live on September 10th or tune in on-demand!
Notes.
Today's issue includes events affecting Albania, Cambodia, Iran, Iraq, Israel, Jordan, Kuwait, Oman, Saudi Arabia, the United Arab Emirates, and the United States.
Sponsored Events2024 DataTribe Challenge (Virtual (for submissions), Sep 9 - 27, 2024) The DataTribe Challenge is a unique startup competition for pre-seed and seed stage cybersecurity and data science startups. It’s a platform for startups to connect with DataTribe, to tighten their pitch, to gain industry exposure, and to make connections with prospective investors and customers.Upcoming Cybersecurity Summits (Multiple locations, Sep 17 - 27, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 9/17 in Atlanta, 9/19 in Wall Street, 9/26 in Columbus and 9/27 in Philadelphia. Learn about the latest threats and solutions from The IRS, U.S. DHS/CISA, Visit Philadelphia & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)HITRUST Collaborate 2024 (Omni Star at The Dallas Cowboys World Headquarters, Oct 1 - 3, 2024) Cybersecurity risk management leaders will cover critical topics, like challenges posed by AI, business resilience in the face of ransomware, the future cybersecurity workforce, and access to cybersecurity insurance. Thought leaders will offer actionable insights to help you fortify your security posture.On-demand webinar - Watch now: Generative AI for Security (Virtual, On-demand, Oct 2 - Sep 30, 2024) How can generative artificial intelligence (AI) enhance your security operations? Watch this webinar from AWS and SANS to get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock. Experts will address key challenges and ethical considerations, then guide you through a hands-on Explore-Develop-Deploy framework while looking at real-world use cases and implementation. Watch now.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting Albania, Cambodia, Iran, Iraq, Israel, Jordan, Kuwait, Oman, Saudi Arabia, the United Arab Emirates, and the United States.
Attacks, Threats, and Vulnerabilities
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats and Phishing-as-a-Service (Trustwave) Chicago – September 10, 2024 – Trustwave today released a series of reports detailing the threats facing the financial services sector.
Chinese-made port cranes in US included 'backdoor' modems, House report says (The Record) The House's Select Committee on China and Homeland Security Committee released a 51-page report about technology installed on Chinese-made port cranes that creates "a significant backdoor security vulnerability."
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats and Phishing-as-a-Service (Trustwave) Chicago – September 10, 2024 – Trustwave today released a series of reports detailing the threats facing the financial services sector.
Chinese-made port cranes in US included 'backdoor' modems, House report says (The Record) The House's Select Committee on China and Homeland Security Committee released a 51-page report about technology installed on Chinese-made port cranes that creates "a significant backdoor security vulnerability."
Trends
CSA and Astrix Research: The State of Non-Human Identity Security - Astrix Security (Astrix Security) As NHI attacks Soar, CSA and Astrix reveal critical gaps in NHI protection. New data shows that one in five organizations have experienced a security incident related to non-human identities; and only 15% remain confident in their ability to secure them. Findings from the State of Non-Human Identity Security Survey Report, a survey of more […]
CSA and Astrix Research: The State of Non-Human Identity Security - Astrix Security (Astrix Security) As NHI attacks Soar, CSA and Astrix reveal critical gaps in NHI protection. New data shows that one in five organizations have experienced a security incident related to non-human identities; and only 15% remain confident in their ability to secure them. Findings from the State of Non-Human Identity Security Survey Report, a survey of more […]
Products, Services, and Solutions
Druva Announces Dru Investigate, a Gen AI Product Revolutionizing Data Investigations and Incident Response (BusinessWire) Expansion of Dru AI portfolio helps IT, security, legal, and privacy teams to investigate, understand, and address data risks in natural language
Druva Announces Dru Investigate, a Gen AI Product Revolutionizing Data Investigations and Incident Response (BusinessWire) Expansion of Dru AI portfolio helps IT, security, legal, and privacy teams to investigate, understand, and address data risks in natural language
Litigation, Investigation, and Law Enforcement
Treasury Sanctions Cambodian Tycoon and Businesses Linked to Human Trafficking and Forced Labor in Furtherance of Cyber and Virtual Currency Scams (U.S. Department of the Treasury) WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning Cambodian businessman Ly Yong Phat (Ly), his conglomerate L.Y.P. Group Co., LTD (L.Y.P. Group), and O‑Smach Resort for their role in serious human rights abuse related to the treatment of trafficked workers subjected to forced labor in online scam centers.
Domains seized for allegedly importing Chinese gun switches (The Register) Illegal goods allegedly shipped to the US labeled as toys or jewels
Industry EventsFor a complete running list of events, please visit the Event Tracker.
Treasury Sanctions Cambodian Tycoon and Businesses Linked to Human Trafficking and Forced Labor in Furtherance of Cyber and Virtual Currency Scams (U.S. Department of the Treasury) WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning Cambodian businessman Ly Yong Phat (Ly), his conglomerate L.Y.P. Group Co., LTD (L.Y.P. Group), and O‑Smach Resort for their role in serious human rights abuse related to the treatment of trafficked workers subjected to forced labor in online scam centers.
Domains seized for allegedly importing Chinese gun switches (The Register) Illegal goods allegedly shipped to the US labeled as toys or jewels
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
ISC2 Security Congress 2024 (Las Vegas and Virtual, Nevada, USA, Oct 14 - 16, 2024) Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape.
ISC2 Security Congress 2024 (Las Vegas and Virtual, Nevada, USA, Oct 14 - 16, 2024) Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape.
Events
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
2024 DataTribe Challenge Submission Deadline (Fulton and Virtual, Maryland, USA, Sep 27, 2024) As founders ourselves, we have never liked the feeling of being the entertainment that comes with participating in most pitch competitions. So, in creating the DataTribe Challenge, we have centered it on the North Star of creating a platform that is a valuable use of time for the founders participating. Submit your startup to potentially be selected to be part of a startup competition like no other. The DataTribe Challenge is a unique program to accelerate your cybersecurity startup. Workshop your messaging and meet potential investors and customers. We will pick five finalists to join the program, receive coaching from our team of startup veterans, present at the live event, and benefit from free promotion and press coverage. Finalists share $25,000 in prizes and all will receive the title of DataTribe Challenge Finalist.
Uniting Women in Cyber 2024 (Arlington, Virginia, USA, Oct 1, 2024) The premier networking event to advance diversity in cybersecurity! Join renowned cyber leaders and experts from all walks of life. Uniting Women in Cyber (UWIC) event convenes a powerful and diverse network of cyber leaders and experts to discuss emerging global trends, technological advancements, and workforce development. UWIC is the premier event for professionals, aspiring practitioners and all who are interested in cybersecurity, to meet and network with national leaders in the field. Come and be a part of a vibrant, diverse community to learn, share ideas, and expand your professional network!
HITRUST® Collaborate 2024 (Frisco, Texas, USA, Oct 1 - 3, 2024) HITRUST Collaborate is the most comprehensive information protection and risk management conference for privacy, security, and compliance. The 2.5-day conference includes keynotes, panel discussions, and educational sessions for industry professionals.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
2024 DataTribe Challenge Submission Deadline (Fulton and Virtual, Maryland, USA, Sep 27, 2024) As founders ourselves, we have never liked the feeling of being the entertainment that comes with participating in most pitch competitions. So, in creating the DataTribe Challenge, we have centered it on the North Star of creating a platform that is a valuable use of time for the founders participating. Submit your startup to potentially be selected to be part of a startup competition like no other. The DataTribe Challenge is a unique program to accelerate your cybersecurity startup. Workshop your messaging and meet potential investors and customers. We will pick five finalists to join the program, receive coaching from our team of startup veterans, present at the live event, and benefit from free promotion and press coverage. Finalists share $25,000 in prizes and all will receive the title of DataTribe Challenge Finalist.
Uniting Women in Cyber 2024 (Arlington, Virginia, USA, Oct 1, 2024) The premier networking event to advance diversity in cybersecurity! Join renowned cyber leaders and experts from all walks of life. Uniting Women in Cyber (UWIC) event convenes a powerful and diverse network of cyber leaders and experts to discuss emerging global trends, technological advancements, and workforce development. UWIC is the premier event for professionals, aspiring practitioners and all who are interested in cybersecurity, to meet and network with national leaders in the field. Come and be a part of a vibrant, diverse community to learn, share ideas, and expand your professional network!
HITRUST® Collaborate 2024 (Frisco, Texas, USA, Oct 1 - 3, 2024) HITRUST Collaborate is the most comprehensive information protection and risk management conference for privacy, security, and compliance. The 2.5-day conference includes keynotes, panel discussions, and educational sessions for industry professionals.
Comments
Post a Comment
Please leave a comment about our recent post.