Welcome reader to your CybersecurityHQ report.

Headlines

Stanford University confirmed a breach after the Akira ransomware gang threatened to publish 430GB of stolen data, labeling the institution as its latest victim. Akira, which prides itself on cyber extortion, taunted the university for its "entrepreneurial character," warning of impending data leaks. The university acknowledged the incident was linked to an earlier breach of the Stanford University Department of Public Safety's (SUDPS) systems, which house sensitive personnel and crime data. No other university sectors were reportedly affected.

Akira, emerging in March 2023, demands ransoms up to $4 million, and it claims to have at least 45 victims since launching operations. Avast developed a decryptor for the Akira ransomware in July of this year, but this is limited to the Windows version.

A sharp decline in the Mozi botnet's malicious activities in August 2023 has been attributed to a kill switch sent by an unidentified actor. The ESET cybersecurity team noted a significant decrease in Mozi infections, starting in India and moving to China, which reduced active hosts from 13,300 to 3,500. Although the botnet's capabilities were largely dismantled, it maintained a presence on infected devices.

Originating from the amalgamation of multiple malware families, Mozi's activity lessened following the deployment of the kill switch, which shared similarities with Mozi's original code. Researchers speculate the takedown could be the work of the botnet's creators or Chinese law enforcement. Mozi is a botnet targeting the Internet of Things (IoT) and was first spotted in 2019.

The SEC has filed fraud charges against IT management company SolarWinds and its former Chief Information Security Officer (CISO), Timothy G. Brown. The charges cover misleading statements and omissions related to the company's cybersecurity practices, as unveiled in the aftermath of the SUNBURST cyberattack. Despite public reassurances, internal documents from 2018 and 2020 reveal SolarWinds was aware of its vulnerabilities, including a particularly damning assessment from Brown himself. Following the breach's public disclosure, SolarWinds' stock value plummeted, and now the company opposes the SEC's charges as counterproductive.

The complaint, which spans from October 2018 to January 2021, accuses the company of deceiving investors and customers by concealing its inadequate cybersecurity measures, which became glaringly evident when hackers infiltrated SolarWinds' Orion software. The SEC's move comes amid heightened scrutiny on cybersecurity disclosures, particularly with the implementation of new regulations such as the four-day public company disclosure requirement.

Interesting Read

This article from Brian Contos in Forbes highlights how the new cybersecurity disclosure rules at the SEC are likely to shake out. Experts tend to agree that the sooner these breaches are reported, the better. Read on to see how this new regulatory pressure can improve cybersecurity as a whole.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team