Daily Brief

The French government has offered €700 million for key technology assets from the struggling IT company, Atos. This proposal is focused on acquiring Atos’ Big Data & Security division, which includes Advanced Computing, Mission-Critical Systems, and Cybersecurity activities. These assets are critical as they support IT projects within the French military and other governmental sectors. Atos has recently accepted a bailout from its largest shareholder, Onepoint, aiding in restructuring its financial debts and ensuring stability. The discussion and potential agreement on the acquisition will be overseen by Conciliator Maître Hélène Bourbouloux, with no certain outcome guaranteed. Atos is also negotiating the sale of its Worldgrid business unit to Alten SA for €270 million, a transaction expected to conclude by the end of 2024. The company's shares saw significant shifts, with a recent increase of over 16% following the acquisition news, contrasting with a previous 20% drop earlier in the year.

Regulated industries such as finance, healthcare, and government face stringent regulatory standards requiring robust cybersecurity to avoid severe penalties and reputation damage. These sectors are experiencing a significant increase in cyber threats, prompting a shift from traditional security measures to military-grade cyber defenses. Military-grade cyber defenses incorporate advanced technologies such as real-time data analytics, machine learning, and Content Disarm and Reconstruction (CDR) to pre-emptively tackle threats. The collaboration between military and private sectors enhances access to cutting-edge technologies and best practices, significantly strengthening industry cyber defenses. Insider Risk Programs are pivotal within a comprehensive cybersecurity strategy to protect against internal threats and safeguard sensitive data from within the organization. Military-inspired cybersecurity strategies emphasize proactive threat prevention, rapid response, and layered security protocols, proven effective in defending critical national and corporate assets. The adoption of military cyber strategies, technology, and partnerships is crucial for regulated industries to enhance resilience against cyberattacks, meet compliance requirements, and protect critical infrastructure.

Security experts have discovered 24 critical vulnerabilities in ZKTeco's biometric access systems, posing significant cybersecurity risks. Flaws identified include six SQL injections, seven stack-based buffer overflows, five command injections, four arbitrary file writes, and two arbitrary file reads. These vulnerabilities could allow attackers to bypass authentication processes, steal biometric data, and remotely control the biometric devices. Stolen biometric data may be sold on the dark web, increasing the risk of identity theft and sophisticated cyber-attacks such as deepfake and social engineering. Attackers could potentially access restricted areas and implant backdoors in networks for espionage or disruptive purposes. The vulnerabilities were found through reverse engineering the device's firmware and communication protocols, with no current confirmation if these issues have been addressed. Recommended mitigation strategies include isolating biometric devices on separate network segments, using strong passwords, and regular system updates. The presence of these vulnerabilities undermines the security benefits of biometric authentication, making affected systems easy targets for unauthorized access.

North Korean hackers, identified as responsible for one-third of the phishing attacks in Brazil since 2020, particularly target the government and key sectors like aerospace, technology, and finance. These groups employ sophisticated phishing tactics, focusing especially on cryptocurrency and fintech, with actors like UNC4899 deploying trojanized applications to steal data. UNC4899 engages targets through social media, offering fake job opportunities to distribute malware via seemingly benign documents and trojanized GitHub projects. Other North Korean groups like PAEKTUSAN and PRONTO have conducted campaigns impersonating recruiters or focusing on diplomats with the aim of credential theft and espionage. Microsoft and Google have observed similar deceptive strategies, including the distribution of malware through fake npm packages, which poses a significant risk given the trust placed in open-source repositories. The expanding methods of attacks, including the use of LinkedIn and freelance platforms for spreading malware, highlight an evolving threat landscape.

Microsoft announced a delay in releasing their AI-powered Recall feature for Copilot+ PCs due to security and privacy concerns. The rollout will first undergo testing in the Windows Insider Program to gather feedback and ensure high standards for quality and security are met. Originally scheduled for June 18, 2024, the broad release has been postponed after receiving criticism for potential privacy threats and being a target for cybercriminals. The Recall function is designed to capture screenshots of user activity, creating a searchable database through an AI model on the device. Due to backlash, Microsoft transformed Recall into an opt-in feature and introduced additional security measures, including authentication requirements via Windows Hello for accessing content. Enhanced protection includes "just in time" decryption, allowing access to data only after authentication using biometrics or a PIN. Microsoft's cautious approach reflects wider industry concerns about the safe and responsible usage of AI technology amidst innovation pressures. The updates come shortly after Apple introduced a new AI processing method called Private Cloud_month Compute, emphasizing privacy in cloud-based computations.

Microsoft has postponed the public preview of its AI-powered Windows Recall feature, originally set for June 18, 2024, to address privacy and security issues. The Windows Recall feature, which takes frequent screenshots for data retrieval, raised significant privacy concerns among advocates and cybersecurity experts. Following criticism, Microsoft plans to initially release the feature to Windows Insiders for feedback before a broader roll-out to all Copilot+ AI PCs. Concerns were heightened by a ProPublica report criticizing Microsoft for prioritizing revenue over security and a congressional discussion regarding Microsoft's security lapses. The feature will now be opt-in and will encrypt its database using Windows Hello authentication for accessing the app, as part of additional security measures. Cybersecurity expert Kevin Beaumont highlighted the vulnerability of the feature to malware, which could manipulate it to steal user data. Microsoft acknowledges the need for further testing and securing of the Windows Recall feature in response to backlash and potential risks.

Microsoft President Brad Smith testified before the US House Committee on Homeland Security regarding the company's security breaches and business operations in China. The hearing addressed findings from a Homeland Security Cyber Safety Review Board report, which highlighted Microsoft's missteps that allowed Chinese spies to access sensitive US government emails. Smith claimed responsibility for Microsoft's failures but suggested the detection of the intrusion by the US State Department, not Microsoft, indicated the system's efficacy, sparking criticism from lawmakers. Lawmakers questioned the adequacy of Microsoft's security measures, given its significant role in providing software and cloud services to the US government. Discussions also covered Microsoft’s compliance with Chinese national security laws, with Smith denying that the company conformed to such regulations despite operating in China. The hearing explored potential vulnerabilities in Microsoft's dealings in China, where national laws could potentially compel the company to surrender user data or software code. The Congressional hearing underscored ongoing concerns regarding the intertwining of national security, international cyberespionage, and the role of private tech companies in safeguarding sensitive information.

Truist Bank acknowledged a system breach after data appeared on a hacker forum. The breach happened in October 2023; stolen data includes 65,000 employee records. Data for sale includes sensitive bank transactions and internal bank source code. The breach was contained swiftly, with further security measures and client notifications following. Truist Bank seamlessly cooperated with law enforcement and cybersecurity experts to mitigate consequences. The bank has found no evidence of fraud associated with the breach thus far. The sale was facilitated by known hacker "Sp1d3r," also linked to data thefts from other major firms. Truist Bank clearly stated that the breach is not related to the "Snowflake attacks."

The US Space Force's request for $77 million to enhance GPS resilience through additional satellites has been declined by Congress. The proposed R-GPS project aimed to mitigate spoofing attacks by expanding the GPS constellation with about 20 small satellites. This funding request is part of a broader Department of Defense budget scrutiny for 2025 by the House Appropriations Committee. Critics in the committee question the efficacy of adding more satellites in combating the primary GPS jamming threats. Current concerns also focus on the M-code signals which are supposed to enhance resistance to jamming but have seen repeated delays in user equipment availability. The total projected cost for the R-GPS initiative could reach approximately $1 billion over five years. The appropriations report has tasked the Director of Cost Assessment and Program Evaluation to review and report on the viability of R-GPS as a solution for improved national security positioning and timing services within 180 days. This setback comes despite ongoing investments in anti-jamming technology, equipment upgrades, and cybersecurity enhancements for GPS systems.

Ascension, a major U.S. healthcare provider, experienced a significant ransomware attack in May 2024, initiated by an employee inadvertently downloading a malicious file. The attack severely disrupted the MyChart electronic health records system, phone services, and crucial systems for ordering tests, procedures, and medications. In response to the attack, Ascension was compelled to offline multiple systems to mitigate damage, resorting to manual documentation of medical services. A few non-urgent elective procedures, tests, and appointments were postponed, and certain emergency services were redirected to alternative healthcare facilities. While restoration efforts are ongoing, Ascension has confirmed the breach affected only seven of their approximately 25,000 network servers, mainly impacting non-clinical administrative data. Preliminary investigations revealed that the stolen data may include Protected Health Information (PHI) and Personally Identifiable Information (PII), but no evidence suggests that complete Electronic Health Record (EHR) systems were compromised. The breach has tentatively been linked to the Black Basta ransomware group by external sources; however, Ascension has not confirmed this association officially.

Oracle Advertising is closing due to a steep decline in revenue, down from $2 billion in 2022 to $300 million in 2024. This decision was announced in Oracle’s fiscal 2024 Q4 earnings call, highlighting a broader strategic shift away from advertising. The shutdown is a culmination of over a decade of acquisitions aimed at building Oracle's ad capabilities, now made obsolete by increasing privacy regulations and market changes. Key external pressures include enhanced privacy laws like GDPR, changes in tech company policies reducing data access, and a shift in market demands toward more privacy-focused approaches. The closure will likely result in layoffs, affecting between 1,001 and 5,000 employees listed under Oracle Advertising on LinkedIn. Despite the advertising business shutdown, Oracle recorded $53 billion in sales and a profit of $10 billion, reflecting overall business growth. Industry experts suggest this move reflects broader market trends where reliance on third-party data for advertising is becoming less viable and profitable. This closure marks an industry shift towards less invasive advertising practices and a potential increase in data privacy.

The New York Times experienced a data breach in January 2024 involving their GitHub repositories, affecting numerous freelancers. Sensitive personal information was accessed, including names, contact details, and additional personal and professional data. The compromised data involved about 273GB, and includes source code and internal documentation, which was leaked on 4chan. Affected data was primarily for freelance visual contributors; full-time staff was reportedly not impacted. The breach originated from exposed credentials that permitted unauthorized access to the GitHub repos. The Times has informed affected individuals and advised precautions to secure personal information and strengthen account security. This incident has raised concerns regarding the safeguarding of sensitive information within external development platforms like GitHub.

The Toronto District School Board (TDSB) experienced a ransomware attack on its technology testing environment, affecting Canada's largest school board. TDSB is investigating potential exposure of sensitive information following the unauthorized access by a third party. The attack was contained in the testing environment with no disruption to the board's operational systems or daily activities. TDSB, serving roughly 247,000 students and employing 40,000 staff, is working with law enforcement and cybersecurity experts to assess the breach's scope. All individuals potentially impacted by the data breach will be notified as the investigation progresses. No major ransomware groups have claimed responsibility for the incident so far. The incident has been reported to both the Toronto Police Service and the Information and Privacy Commissioner of Ontario.

Panera Bread experienced a ransomware attack in March, compromising employee sensitive data. The breach was detected by Panera, which then engaged external cybersecurity experts for investigation and containment. Notification letters were sent to affected employees, disclosing potential exposure of names, Social Security numbers, and other employment-related information. No evidence currently suggests that the stolen data has been publicly disclosed or misused. Impacted employees are offered a one-year subscription to identity and credit monitoring services. The attack caused significant disruptions to Panera’s operations, including a week-long IT systems outage affecting sales, employee scheduling, and customer rewards services. Details about the number of affected employees, the specific ransomware involved, and confirmation of a ransom payment remain undisclosed.

Google has issued patches for 50 security issues affecting its Pixel smartphones, including a high-severity zero-day being actively exploited. The exploited vulnerability, identified as CVE-2024-32896, allowed for elevation of privilege on Pixel firmware and was used in targeted attacks. GrapheneOS reported the vulnerability, originally tagged as CVE-2024-29748, was actively exploited by forensic companies to defeat security features like duress PIN/password systems. The flaw has been rectified in the June 2024 update for devices running Android 14, but older versions may not receive this critical fix unless upgraded to Android 15. Google emphasized the urgency of installing the latest update to prevent potential misuse of this and other critical vulnerabilities in their devices. To enhance security, Pixel users are advised to manually install the June security updates through their device settings. In related news, another significant vulnerability in Arm's GPU drivers, also exploited in the wild, has been identified and publicized earlier in the month.