Secure GenAI

Share this post

Secure GenAI
Secure GenAI
Apple Intelligence, Ticketmaster data breach, Snowflake, BBC pension, Banking trojans, Multifactor authentication
Copy link
Facebook
Email
Notes
More

Apple Intelligence, Ticketmaster data breach, Snowflake, BBC pension, Banking trojans, Multifactor authentication

From 6/2/2024 to 6/10/2024.

Emma
Jun 10, 2024

Share this post

Secure GenAI
Secure GenAI
Apple Intelligence, Ticketmaster data breach, Snowflake, BBC pension, Banking trojans, Multifactor authentication
Copy link
Facebook
Email
Notes
More
1
Share

Emma’s note: In the two few weeks, were’re gonna publish a book report for Q1 & Q2. If we’re looking for sponsors, if you are intereted, feel free to reach out.

This week, we kicked off with Apple WWDC event with better calculator, better emoij, better writing tools powered by chatGPT. Introduced private cloud compute with encryption power by Apple chips for a new standard of “Apple Intelligence”.

Last week, there was a bang, as news broke about the massive Ticketmaster data breach, potentially affecting over 560 million customers. This incident, possibly linked to attacks against cloud provider Snowflake, highlighted the ongoing vulnerabilities of cloud-based systems and the need for strong security measures. The same week, reports surfaced of a data breach impacting the BBC Pension Scheme, exposing details of over 25,000 current and former employees.

The Anatsa banking Trojan, disguised as legitimate apps on Google Play, continued to make headlines, with reports of its spread to over 5.5 million devices and targeting of over 650 financial institutions. The malware's sophistication and ability to evade detection underscore the ever-evolving nature of cyber threats.

While the Ticketmaster breach dominated the news, security experts warned that it might just be the tip of the iceberg, with concerns about a wider "blast radius" affecting other Snowflake customers. Snowflake itself acknowledged that it was investigating a surge in "cyber threat activity" targeting its customers' accounts, emphasizing the need for multi-factor authentication and other security measures.

Key Trends:

  • Cloud Security in Focus: The Ticketmaster and Snowflake incidents underscored the importance of securing cloud-based systems, highlighting the need for robust data protection strategies, including multi-factor authentication and regular security audits.

  • Sophisticated Malware Evolves: The Anatsa banking Trojan's success in evading detection, combined with the emergence of new malware like Decoy Dog, highlighted the constant evolution of cyber threats and the need for proactive security measures.

  • Security Breaches Impact Organizations of All Sizes: The breaches affecting Ticketmaster, the BBC Pension scheme, and even the US government demonstrated that no organization is immune to cyberattacks.

  • OT Security Gains Momentum: The rise of attacks targeting internet-exposed OT devices further underscored the need for comprehensive security protocols for industrial control systems, with a focus on reducing the attack surface, implementing zero-trust principles, and investing in robust security solutions.

Details

06/01: The Ticketmaster data breach, potentially linked to attacks against cloud provider Snowflake, may be just the beginning, with security experts fearing more breaches will soon be uncovered. Researchers claim that hackers may have accessed data from over 560 million Ticketmaster customers and are selling it online for $500,000. WIRED

06/01: Microsoft warns of a surge in cyberattacks targeting internet-exposed operational technology (OT) devices, citing several attacks since late 2023, including incidents targeting water and wastewater systems in the US. The Hacker News

06/01: The Anatsa banking Trojan, disguised as legitimate apps on Google Play, is stealing millions by tricking users into entering their banking credentials on fake login pages. This malware has infected over 5.5 million devices and targeted over 650 financial institutions. MakeUseOf

06/01: A joint statement from Snowflake, CrowdStrike, and Mandiant outlines preliminary findings in the Snowflake cybersecurity investigation, highlighting that the company has not identified any breaches in its own systems but that the attacks appear to be targeted campaigns leveraging credentials obtained through infostealing malware. Snowflake Community

06/01: The Ticketmaster data breach, potentially linked to attacks against cloud provider Snowflake, may be just the beginning, with security experts fearing more breaches will soon be uncovered. Researchers claim that hackers may have accessed data from over 560 million Ticketmaster customers and are selling it online for $500,000. WIRED

06/03: Y Combinator highlights the importance of supporting small tech startups in the face of AI's rapid development, advocating for open source AI models, forceful antitrust action, and an end to non-compete clauses. Y Combinator Blog

06/03: GitHub Copilot Business and Enterprise now have SOC 2 Type I reports, demonstrating that they have the controls in place necessary to protect the security of the service. GitHub Blog

06/05: OpenAI provides insight into the security architecture of its research supercomputers, emphasizing its commitment to securing these systems, particularly regarding the protection of sensitive model weights, to ensure that advanced AI benefits everyone. OpenAI

06/05: Learn AI skills with Google AI Essentials course offered free with enrollment in any Google Career Certificate. Grow with Google

06/07: Microsoft claims that a security vulnerability identified by Tenable in Azure Cloud is not a flaw, but rather a misconfiguration by Azure customers who are misunderstanding how to use service tags. GovInfoSecurity

06/07: A critical vulnerability (CVE-2024-27822) in macOS allows attackers to gain root access through a flaw in Installer.app and PackageKit.framework, with a proof-of-concept exploit code already released. Cybersecurity News

06/07: The BBC is investigating a data breach that exposed details of over 25,000 current and former employees. The incident is being taken “extremely seriously” by the BBC Pension scheme, although there is no evidence of a ransomware attack. The Guardian

06/07: A high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server allows authenticated attackers to execute arbitrary code remotely, threatening user data and system security. Atlassian has released patches to address the issue. Spiceworks

06/07: Hackers are exploiting a promotional Google Chrome plugin called Aggr to steal cookies from users, which they use to bypass password and two-factor authentication verification and log into the victim's Binance account. This scam has resulted in millions of dollars in losses for victims. Cointelegraph

06/07: Russian organizations, including power companies, IT firms, and government agencies, are being targeted with a Windows version of the Decoy Dog malware delivered by the HellHounds APT group. This malware has been active since at least 2021 and uses sophisticated techniques to remain undetected. The Hacker News

06/07: Exploit activity targeting a recent information disclosure flaw (CVE-2024-24919) in Check Point's VPN technology has soared in recent days. The vulnerability affects multiple versions of Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. Dark Reading

06/07: Security experts have disclosed advanced methods for bypassing Web Application Firewalls (WAFs) on a large scale, including a new Burp Suite plugin to facilitate this process. The methods focus on exploiting request size limits and leveraging other innovative techniques. Cybersecurity News

06/07: Hackers are using code from a Python clone of Microsoft's Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. The attack involves sending emails that appear to be from a medical center, prompting recipients to download a malicious .SCR file that installs the SuperOps RMM remote management software. Bleeping Computer

06/07: Live Nation took 11 days to confirm the massive Ticketmaster data breach after reports surfaced last week of data belonging to some 550 million Ticketmaster customers being put up for sale on a Dark Web forum by ""ShinyHunters,"" an entity believed associated with the BreachForums leak site. The Verge

06/07: The FBI has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. The Hacker News

06/07: The Ticketmaster data breach, and a similar breach at Santander Bank, highlight the importance of properly securing access to data stored in third-party cloud storage services. The incidents underscore the need for organizations to implement multifactor authentication and other security measures to protect sensitive data in the cloud. Dark Reading

06/07: SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution. The flaw could be exploited by unauthenticated attackers to access sensitive files on the host machine. Help Net Security

06/07: SolarWinds has released version 2024.2, including patches for three vulnerabilities, including two high-severity bugs. One of the bugs, a high-severity SWQL injection vulnerability (CVE-2024-28996), was reported by Nils Putnins, a penetration tester affiliated with NATO. Dark Reading

06/07: LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension, which put too much stress on their servers. Bleeping Computer

06/07: Snowflake's security problems are snowballing after a recent spate of customer data thefts, with LendingTree confirming its QuoteWizard subsidiary had data stolen from Snowflake. The incident highlights Snowflake's lack of transparency and enforcement of security measures like multi-factor authentication. TechCrunch

06/08: The US Department of State has been working with a range of security vendors beyond Microsoft since China-linked hackers stole tens of thousands of the department's emails by breaching the tech giant's network last year. Reuters

06/08: Microsoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. GovInfoSecurity

06/08: SonicWall discovered a high-severity remote code execution flaw (CVE-2024-21683) in the Atlassian Confluence Data Center and Server. Spiceworks

06/08: Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks. The Register

06/08: The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. The Hacker News

Secure GenAI is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Share this post

Secure GenAI
Secure GenAI
Apple Intelligence, Ticketmaster data breach, Snowflake, BBC pension, Banking trojans, Multifactor authentication
Copy link
Facebook
Email
Notes
More
1
Share

Discussion about this post

No posts

Ready for more?

© 2025 Emma
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More