The fintech company announced it suffered the attack on January 22nd, taking some of its systems offline. EquiLend said it’s investigating the incident with third-party experts. It cautioned customers fully restoring systems and providing more details could take days. EquiLend did not say if it lost any company or customer data as a result of the attack. This comes a few days after EquiLend announced the private equity firm Welsh, Carson, Anderson & Stowe planned to acquire it.
(Bleeping Computer)
The UK’s National Cyber Security Centre published an assessment maintaining it was “almost certain” new AI tools would cause an increase in ransomware attacks, with an uneven benefit to threat actors. The NCSC said it used academic material, open source tools, industry insight and classified intelligence for this finding. Right now the agency said AI tools assist with reconnaissance and social engineering, but likely will extend to malware development and vulnerability detection. The assessment believes only highly resourced threat actors will see the benefit of AI tools, and likely not see this impact ransomware attack volume until 2025.
(The Record)
Security researcher Bob Dyachenko discovered an exposed storage bucket holding a massive trove of user credentials. Dubbed “Mother of all Breaches,” this includes 12 terabytes of information, in what appears to be a compilation of past breaches impacting LinkedIn, X, Weibo, Tencent, and other platforms. It’s unclear how many unique records the dataset holds at present, and if it holds any previously undisclosed breaches. If nothing else, access to it could provide fodder for credential stuffing attacks.
(Cybernews)
File this under another reminder to turn on multi factor authentication. Earlier this month, GitLab warned about a zero-click account takeover flaw. This allowed an attacker to send password reset emails to an attacker-controlled account. The flaw doesn’t work against accounts with 2FA enabled. GitLab released various patches to resolve the flaw on its Community and Enterprise Editions on January 11th. However the threat monitoring service ShadowServer reports over 5,300 vulnerable instances still online. So far, no evidence of exploitation for the flaw.
(Bleeping Computer)
Amazon said it will no longer allow police or fire departments to obtain footage from its Ring doorbell cameras by request. Any footage release will now require a warrant. This comes after years of Amazon partnering with law enforcement to share Ring footage through its Request for Assistance tool. Amazon spokesperson Yassi Yarger confirmed that Amazon would still release footage to police without a warrant on “rare occasions” when there is imminent threat of death. Other smart camera devices, like Google’s Nest line, follow similar policies.
(The Messenger)
A new report from the International Energy Agency estimates that electricity usage by data centers could more than double by 2026. In 2022 the agency estimated data centers made up around 2% of global energy demand, with crypto mining accounting for 24% of data center consumption. That added electricity demand would be the equivalent of adding another highly developed country to the globe. This demand will likely vary by country. The IEA estimates the US will see data center energy usage climb from 4 to 6% of domestic demand by 2026. In Ireland it predicts a sharper increase, going from 17% to up to 33% in the same period. AI compute needs would largely account for the increase, expected to hit 10 times current consumption by 2026, while crypto mining could increase by 40%.
(The Verge)
The Berryville Institute of Machine Learning released a report detailing the nature of potential threats posed to businesses by new LLM-based tools, designed as a resource to CISOs and security practitioners. The report outlines 81 risk, with 23 directly related to black-box issues, where businesses lack visibility into how a model reaches a specific output. The report call son government regulation to focus on rules for these LLM black boxes, rather than focusing on users of those models.
(Dark Reading)
Last week, a user on an illicit forum attempted to sell a dataset containing account information on over 15 million Trello users. This contained mostly public information but did associate email addresses with real names. In a statement Trello said the user obtained the dataset by scraping publicly available data from an exposed API. Trello set up the API to allow developers to integrate its service into third-party apps, but the forum user found they could use it to pull account information with an available email address. Trello said it now requires authentication to access the API. Have I Been Pwned added the dataset to its leak site.
(Bleeping Computer)
You’ll be taken to beehiiv.com to fill out the rest.
Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We’re just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.
CISO Series: Delivering the most fun you’ll have in cybersecurity.
Contact us: info@cisoseries.com
© 2023 CISO Series
