Welcome back to Cybersecurity Decrypted!🔓
Your weekly five-minute cybersecurity news recap from Expert Insights. This week we’re covering AI credentials exposed by LLMs, the latest phishing campaigns, and a mysterious attack on Poland’s space agency.
- Next week, I’ll be in Las Vegas attending HumanX, a global conference focusing on the intersection between AI and cybersecurity. Is AI having an impact on your cybersecurity workflows?
- We’d love to know your thoughts on the format of this newsletter. What’s interesting and what do you skip? Please email your feedback to [email protected]
- 🎧 You can now listen to this briefing on the Expert Insights Podcast! Subscribe here to get this newsletter in your feed each week.
📰 Headlines
- A dataset being used to train AI Models has been found to contain around 12,000 API and passwords allowing for live authentication, underlining the risks of hard-coded credentials. (THN)
- North Korean hackers suspected of stealing over $1 billion USD worth of cryptocurrency have begun the process of laundering the funds. $400 million USD has reportedly already been laundered. (TheRecord)
- Poland’s space agency (POLSA) has announced it has been hit with a cyberattack which disconnected the agency from the internet and took its website offline. (TheRecord)
- For the first time a LLM has achieved a near perfect score in a competency test of offensive hacking capabilities, according to new lab research. (Axios)
- A new report has found that that 89% of GenAI usage is invisible to organizations, with 20% of enterprise users having GenAI browser extensions to bypass traditional GenAI controls. (LayerX)
📡 Threat Tracking
- A new phishing email campaign is tricking victims into deploying the ‘Havok’ post-exploitation framework for remote access to compromised devices, targeting SharePoint domains. (Fortinet)
- ‘JavaGroup’ hackers are exploiting exposed credentials in AWS environments to gain access to victim’s Simple Email Service (SES) accounts and send out phishing emails that bypass email filters. (PaloAltoNetworks)
- A global botnet dubbed ‘Eleven11bot’ composed of nearly 11,000 compromised security cameras, network video recorders, and other IoT devices is attacking telecoms and online forums in the US & UK. (Cybernews)
- An ongoing phishing campaign by the ‘EncryptHub’ hacking group (active since June 2024) has compromised over 600 organizations globally. The phishing scam involves SMS, voice phishing, and spoofed Microsoft and Cisco login pages. (BleepingComputer)
- Over 1,110 companies have been hit by a phishing campaign using fake Captcha images shared via PDF documents hosted on Webflow’s CDN to deliver Lumma stealer malware. (TNH)
🚨 Industry News
- Jamf, an endpoint management provider for Apple products, intends to acquire Identity Automation, an identity and access management provider popular with education and healthcare organizations. (Jamf)
- Google has announced new AI-powered scam detection features for Android designed to prevent conversational scams by placing warnings on suspicious text chains. (Google)
- Mimic has announced a $50 million USD series A funding round led by Google Ventures and Menlo Ventures to support their ransomware detection and prevention platform. (SecurityWeek)
- Knostic Security has raised $11 million USD in a new funding round to build enterprise DLP capabilities into GenAI models. (SecurityWeek)
- SpectorOps has raised $75million USD in Series B funding to boost its Active Directory and Azure AD security platform. (SecurityWeek)
📟 Product Patches & Updates
- Google has released patches for 44 vulnerabilities, including two actively exploited threats. (THN)
- Broadcom is warning customers to patch three VMWare zero-day vulnerabilities, tagged as exploited in attacks. (BleepingComputer)
- Cisco informed customers that it has released patches for command injection and denial of service vulnerabilities in some Nexus switches. (SecurityWeek)
🏛️ Cybersecurity Legislation
- The US Treasury has sanctioned an Iranian national who ran a dark web marketplace for cybercriminals. (TheRecord)
- California’s privacy watchdog has announced a data broker must shut down for three years after failing to comply with the state’s Delete Act. (TheRecord)
- The US Cybersecurity and Infrastructure Security Agency has confirmed it will continue to defend against cyber-threats from Russia after conflicting media reports this week. (BleepingComputer)
- The Justice Department has charged Chinese state security officers for network breaches and cyberattacks on US federal and state agencies, foreign governments, and a religious organization. (BleepingComputer)
🎙️ Expert Insights: Latest From Us
Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.
- 🏆 We’ve announced our Q1 Awards For Top Cybersecurity Solutions!
- Rohit Dhamankar, VP at Fortra breaks down key cybersecurity trends to follow in 2025.
That’s all for this week! 👋
📅 Next week, I’ll be attending HumanX, a new AI and cybersecurity conference in Las Vegas. Next issue we’ll be breaking the biggest takeaways and insights from cybersecurity experts on the AI threat landscapes.
Expert Insights’ Cybersecurity Resources
- The Top RMM Solutions For MSPs
- The Top Mobile Device Management (MDM) Solutions
- The Top Email Security Solutions For Office 365
- The Top Email Security Gateways
- The Top Multi-Factor Authentication (MFA) Solutions For Business
- The Top Phishing Protection Solutions
- The Top Cyber Threat Intelligence Solutions
