This week
International Criminal Court says attackers gained access to internal systems
- The International Criminal Court (ICC), headquartered in The Hague, Netherlands, says that its internal systems were compromised during a cyber-attack last week.
- In a statement on X (Twitter), the international war crimes tribunal thanked the host country, the Netherlands for cooperation and support in responding to the incident and did not speculate as to the origin of the “anomalous activity”.
- In potentially unrelated news, in March the ICC issued arrest warrants against Russia’s president, Vladimir Putin, and children’s commissioner, Maria Lvova-Belova for allegedly transporting children from occupied areas of Ukraine into Russia. A further eleven arrest warrants have also been issued concerning the ongoing conflict.
Cisco is acquiring Splunk for $28 billion
- Cisco is set to make its largest-ever acquisition, announcing this week that it intends to acquire data analysis company Splunk in a deal worth $28 billion.
- The ambition, according to Splunk CEO Gary Steele, is to “form a global security and observability leader that harnesses the power of data and AI”.
- The deal, expected to close in Q3 2024, is for $157 per share, representing a 31% premium on the closing share price for the logging giant a day prior.
- While the boards of both companies have approved the deal, the transaction will likely gain the attention of antitrust regulators at the Federal Trade Commission, which may delay the deal.
Interesting stats
Cyber insurance claims data from Coalition (PDF): 12% increase in ransomware claims frequency, 36% of claimants paid ransoms “when reasonable and necessary”, with negotiations reducing the payment to, on average, 44% of the ransom demand. 2.33x likelihood of funds transfer fraud (FTF) or business email compromise (BEC) when using Microsoft 365 or on-premise Exchange, compared with Google Workspace.
Not security-related, but interesting… Telling AI tools to “take a deep breath and work on this problem step by step” improves their accuracy: 34% accuracy against GSM8K, a set of grade-school math problems, increasing to 80% accuracy when the same problems were prefixed with the phrase above, using Google’s PaLM2 model.
Other newsy bits
-
The United Kingdom and United States have finalised an agreement allowing the free flow of data between the countries. The agreement is similar to that struck between the EU and the US in July (vol. 6, iss. 29). The US has made surveillance reforms to appease concerns that US law did not adequately protect citizens’ data.
-
Australia’s home affairs and cyber security minister Clare O’Neil has described six pillars, or “shields”, as the basis of the country’s cyber strategy: education; safe technology; threat-sharing (and blocking); critical infrastructure protection; sovereign capability; and coordinated global action. The strategy, expected before the end of the year, will initially run through 2025, with the ambition to “be a world-class cyber security nation” by 2030.
-
A trade group whose members include Meta, TikTok, Google, and Amazon is celebrating after US District Judge Beth Labson Freeman ordered a preliminary injunction to stop California’s Age-Appropriate Design Code Act (CAADCA) on First Amendment grounds. “We look forward to seeing the law permanently struck down and online speech and privacy fully protected”, said Chris Marchese, director of NetChoice’s litigation centre.
-
A Microsoft employee accidentally exposed 38TB on sensitive data after publishing content on Github that includes a URL to an internal Azure storage bucket. The URL included an “overly permissive” Shared Access Signature token, which allowed anyone with the link to view, alter and delete the content of the data in the Azure bucket. The bucket included backups of two other Microsoft employee laptops and over 30,000 internal Teams messages. Researchers at Wiz spotted the URL in June, and Microsoft has since revoked the token.
-
The Signal Foundation, designer of the protocol used to provide end-to-end encryption apps like Signal and WhatsApp, has released an updated design in preparation for quantum cryptography.
-
Privacy-focussed company Proton, famous for its encrypted email service, has released a ‘censorship resistant’ CAPTCHA tool.
-
Pizza Hut Australia has confirmed that an “unauthorised third party” gained access to the company’s data in September. The delivery addresses and order details of about 193,000 customers may have been affected in the breach.
-
Clorox, a US household cleaning products company, is relying on “manual ordering and processing procedures” that has led to a “reduced rate of operations” following a cyber security incident last month. In a filing with the SEC, Clorox says they believe malicious “activity is contained” but that an “elevated level of consumer product availability issues” (read: stock shortages) would hamper quarterly earnings. Clorox’s brands include Formula 409 and Burt’s Bees.
-
Attackers ‘briefly’ obtained access to employee and other ‘certain records’ at Air Canada, though customer data was not affected.
-
The National Student Clearinghouse has sent data breach notification letters to affected individuals at 890 schools that use its services. The breach stems from the compromise of Progress Software’s MOVEit platform in May 2023. The personal data, which varies by individual, can include name, date of birth, contact information, Social Security number, student ID number, and certain school-related records.
-
Ahmed Eltantawy, an opposition politician in Egypt, was recently targeted with Cytrox’s Predator spyware, according to an analysis by Citizen Lab and Google TAG.
-
TrendMicro researchers have discovered a new Linux backdoor that the firm is linking to a Chinese government group. The malware shares similarities with that of APT10/Stone Panda, RedLeaves and Winnti.
-
Meanwhile, TrendMicro has released a patch to address a critical severity in a module of its security software. Apex One, Apex One SaaS, Worry-Free Business Security and Worry-Free Business Security Services are affected and “customers are strongly encouraged to update to the latest versions as soon as possible.”
-
Telco providers in the Middle East are being targeted with new malware that allows threat actors to execute commands on infected devices remotely. According to Cisco Talos, HTTPSnoop listens for commands by intercepting inbound requests handled by Windows HTTP kernel drivers. A sibling malware called PipeSnoop performs similar functions against named pipes.
-
Apple has released emergency security updates to address three new ‘zero-day’ vulnerabilities being used against iOS and MacOS devices.
-
Two ‘medium’ severity vulnerabilities fixed by Juniper in August can be chained together and used to achieve a ‘critical’ unauthenticated remote code execution exploit against the firms SRX firewalls and EX switches. An estimated 12,000 devices are vulnerable and should be patched immediately. Further details are available from Juniper.
-
CrowdStrike has acquired Bionic.ai in a deal reported to cost $350 million, with Bionic’s cloud security posture management technology being merged into CrowdStrike’s Falcon product.
-
Legit Security has raised a $40 million Series B funding round to expand sales, marketing and R&D of its platform that integrates with CI/CD pipelines to identify code and cloud vulnerabilities.
And finally
- Donald Trump Jr.’s X (Twitter) account was compromised, according to a Trump spokesperson, having posted a series of tweets (X’s?) announcing the death of his father, that Trump Jr would be running for president, and that “North Korea is about to get smoked”. Hopefully, Trump Jr’s password is now something more secure than “maga2020!” (vol. 3, iss. 43).