Today on CISO Series…
In today’s cybersecurity news…
Microsoft warns of potential Windows 10 update failure
Microsoft has acknowledged an issue affecting the installation of the Windows 10 KB5068781 extended security update, which was rolled out on November 11 as part of Patch Tuesday. Users with corporate licenses have reported encountering error codes (0x800f0922) during the installation process. While the update appears to install correctly, it fails to apply after a restart, resulting in a rollback. The company is currently investigating this matter to provide a resolution.
(BleepingComputer)
China-backed hackers launch first large-scale autonomous AI cyberattack
In a notable development, a group of hackers believed to be backed by China has executed a large-scale cyberattack using Claude Code AI from Anthropic. This attack, which took place in September, marked a significant evolution in cyber warfare, as the AI was utilized not merely for guidance but as an autonomous operator. The campaign targeted 30 organizations across various sectors, including technology, finance, and government, achieving success in several instances.
(Security Affairs)
Feds fumbled Cisco patches requirements, says CISA
A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) reveals that U.S. government agencies are struggling to adequately patch critical vulnerabilities in Cisco devices. This comes in light of a widespread hacking campaign dubbed “Arcane Door,” which has posed significant risks to Cisco adaptive security appliances and firewalls. The report highlights that many organizations believed they had applied necessary updates when, in fact, they had not met the minimum software version requirements. The ongoing government shutdown has further complicated response efforts.
(GovInfoSecurity)
Five U.S. based individuals plead guilty to helping North Korean IT workers infiltrate 136 companies
The U.S. Department of Justice announced that five individuals have pleaded guilty to charges related to violations of international sanctions. These individuals facilitated North Korean IT workers in securing employment at American firms from September 2019 to November 2022. Their actions included hosting company-issued laptops and installing remote desktop software to create the illusion that these workers were operating from within the U.S., even assisting with employer vetting procedures.
(The Hacker News)
Cyberattack on Russian port operator aimed to disrupt coal, fertilizer shipments
Port Alliance, a Russian port operator, reported ongoing disruptions due to a cyberattack targeting its digital infrastructure. The attack, characterized as a DDoS assault, aimed to destabilize operations tied to coal and mineral fertilizer exports across various regions. The attackers employed a botnet of over 15,000 unique IP addresses, continuously adapting their tactics to evade security measures, though they ultimately did not succeed in their objectives.
(The Record)
DoorDash suffers new data breach
On October 25, DoorDash experienced a data breach that has raised concerns among its user base. The company informed customers that the stolen information may include personal details such as names, addresses, phone numbers, and email addresses. The breach was traced back to an employee falling victim to a social engineering scam. While the exact number of affected users remains unspecified, the incident impacts consumers, Dashers, and merchants across the U.S. and Canada, marking the third significant security breach for the company.
(BleepingComputer)
North Korean hackers turn JSON services into malware delivery channels
North Korean threat actors have adapted their strategies, now utilizing JSON storage services such as JSON Keeper and JSONsilo to host and deliver malware. By leveraging job offers as a lure, they approach potential victims through platforms like LinkedIn, instructing them to download demo projects hosted on GitHub or similar sites, thereby facilitating malware distribution.
(The Hacker News)
Jaguar Land Rover cyberattack cost the company over 0 million
Jaguar Land Rover has disclosed that a cyberattack in September resulted in a staggering financial impact of £196 million (0 million) during the third quarter. The attack forced the manufacturer to halt production at its major plants, leading to significant operational disruptions. Data was compromised during the incident, which is attributed to the Scattered Lapsus$ Hunters group.
(BleepingComputer)
Subscribe to Cyber Security Headlines podcast
Stay informed by subscribing to the Cyber Security Headlines podcast on Spotify, Apple Podcasts, YouTube, RSS link, Amazon Music, or add it as an Alexa Skill. You can also search for “Cyber Security Headlines” on your favorite podcast app.
