Reports are starting to come out that Cisco has been breached, again, but the company insists that the reports are false and the incident is, in fact, old news.
As Kate O'Flaherty reported in Forbes, "The reported Cisco breach came to light when ransomware outfit Kraken appeared to have published the leaked data on its dark web blog, according to the Cybersecurity News site. The adversaries also apparently left another threatening message on the site, indicating they had long-term access to Cisco’s network, according to the report.
However, Cisco has not actually been breached by the ransomware gang — the leak is the result of an old incident that took place in 2022.
“Cisco is aware of certain reports regarding a security incident,” a Cisco spokesperson told O'Flaherty over email. “The incident referenced in the reports occurred back in May 2022, and more details can be found in this
blog post that Cisco Talos, our threat intelligence organization, published back in August 2022,” the Cisco spokesperson said."
Now, here's today's MSSP update. Drop me a line at
[email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. Expel expands SIEM, integrations: MDR provider
Expel last week expanded security information and event management (SIEM) coverage, including a new low-cost data lake offering. Expel also extended integration coverage and support for several SIEM and extended detection and response (XDR) products, including Sumo Logic Cloud SIEM and CrowdStrike Falcon LogScale environments.
2. Lasso Security, Swish partner on GenAI security for public sector: Lasso Security, a GenAI and Large Language Model (LLM) cybersecurity provider, today announced a strategic partnership with technology and engineering solutions provider
Swish Data Corporation. Swish will deliver Lasso's autonomous GenAI security monitoring platform to public sector organizations, including Federal civilian agencies, the Department of Defense (DoD), as well as State, Local, and Education (SLED) organizations.
3. Commvault launches CIS-hardened images: Cyber resilience and data protection firm Commvault announced this week that the
Commvault Cloud Platform now uses CIS-hardened images, which makes it easier and more secure when deploying to major cloud providers, the company said. These CIS-hardened images are pre-configured with CIS-recommended settings and controls. They will be available on the Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and VMware marketplaces. CIS-hardened images are software files that are pre-configured to align with the
Center for Internet Security (CIS) Benchmarks. Hardening helps reduce configuration vulnerabilities, such as overly-permissive network policies, that can contribute to breaches.
4. Hugging Face models compromised: Machine learning and data science platform
Hugging Face has been covertly infiltrated with at least two AI models containing malicious code through the new nullifAI attack technique. The technique involves the exploitation of Pickle files leveraged for ML model data serialization and deserialization,
Cybernews reports. Both malicious packages resembled proof-of-concept models, and have already been deactivated by Hugging Face. They were not identified by Hugging Face's Picklescan security tool due to differences in compression format with PyTorch, as well as a security issue that prevented the proper scanning of Pickle files that could facilitate compromise, according to a report from ReversingLabs.
5. Stolen OpenAI credentials: Cybernews reports that Russian threat actors allegedly stole more than 20 million OpenAI account access codes and offered them for sale on BreachForums. The access codes could circumvent authentication systems, according to the threat actor, known as emirking. Further investigation into emirking's claims is still underway, but Malwarebytes researchers noted that confirmation of the leak's legitimacy would suggest emirking had access to
ChatGPT conversations and queries. If true, this poses an increased risk for social engineering attacks and API exploitation for premium subscription lures, and OpenAI users have been urged to not only replace their passwords and activate multi-factor authentication but also be vigilant of suspicious account activity and attempted phishing using information they have provided to ChatGPT.
