Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago - Enterprise-grade Cyber GRC Platform

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

New Rules to Shield U.S. Data

The U.S. Justice Department is proposing new rules to protect Americans’ bulk data from countries like China, Iran, Russia, Venezuela, Cuba and North Korea. This follows a recent report in the Wall Street Journal (WSJ) of a massive data breach of telecom giants to a Chinese-linked hacking group. It also falls in line with a much longer strategy, initiated by an executive order from President Biden aimed at preventing the misuse of American financial, genomic, and health data for cyberattacks, espionage, or blackmail.

So, how are they going to do it? The proposed rules specifically limit transactions involving sensitive data, including genomic information from over 100 people or personal health and financial data of more than 10,000 individuals. Geolocation data from over 1,000 U.S. devices is also restricted. Data brokers who knowingly send such information to "countries of concern" would face penalties, as would any transfer of U.S. government personnel data. Apps like TikTok, which could transfer U.S. user data to China, may violate the new rules, as Washington continues efforts to limit data sharing with foreign adversaries.

In related news, Intel’s China division is under scrutiny after a report from the Cybersecurity Association of China (CSAC) claimed that the company “constantly harmed” the country.

According to the CSAC, Intel “has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers.” That report led to an immediate drop in Intel’s share price, while also spurring the company to defend its activity.

Intesa Employee's Account Access Scandal

Prosecutors in Bari, Italy, are investigating an alleged data breach at Intesa Sanpaolo, where an employee reportedly accessed the accounts of around 3,500 customers, including Prime Minister Giorgia Meloni and former Prime Minister Mario Draghi. The employee, working in Intesa's agricultural business, had authorization to access account data but allegedly abused this privilege between February 2022 and April 2024.

Intesa clarified that there was no cybersecurity breach and no data was exported. After internal checks flagged the issue, the employee was suspended and later dismissed. Intesa has since issued a public apology and enhanced its security division.

Russia Targets Election with Disinformation

The election is less than two weeks away, and U.S. intelligence officials revealed  on Tuesday it believes that Russia is attempting to disrupt the proceedings through disinformation and efforts to incite violence. Recent examples include a fake video accusing Democratic vice-presidential nominee Tim Walz of abuse, which went viral on social media. Russia's operations, generally supportive of Trump, aim to fuel unrest, not necessarily to sway the election's outcome.

Their goal is to undermine trust in the election, spreading fear and amplifying tensions. Intelligence officials are particularly concerned about the period between Election Day, November 5th, and the January 20th inauguration.

Russian actors are reportedly pushing claims of voting fraud by immigrants (PDF) and could exploit any post-election uncertainties, much like the 2020 Capitol attack. Additionally, the U.S. State Department is offering rewards for information on Russian media operations like Rybar, which have used social media to promote discord and encourage violence in the U.S.

Sophos Acquires Secureworks: $859M Deal

Sophos is set to acquire Secureworks in a $859 million all-cash deal, as announced by the companies on Monday. The acquisition, expected to close in early 2025, will see Sophos integrating Secureworks’ capabilities to enhance its AI-driven security solutions for businesses of all sizes, aiming to bolster automated threat prevention, detection, and response.

Sophos CEO Joe Levy highlighted that Secureworks’ cybersecurity expertise aligns with Sophos' goal of safeguarding enterprises from digital threats. "This acquisition marks a pivotal step in our journey to deliver a safer digital environment," he said.

Founded in 1999, Secureworks, previously acquired by Dell, will continue operations independently post-deal closure. CEO Wendy Thomas expressed optimism about combining Secureworks' extended detection and response (XDR) with Sophos' comprehensive security portfolio, including endpoint and cloud solutions.

Sophos, acquired by Thoma Bravo in 2020, continues expanding aggressively, with previous acquisitions of Proofpoint and Darktrace signaling its growing influence in the cybersecurity sector.

Upgrade your subscription for exclusive access to member-only insights and services.

Upgrade to paid

Socket Secures $40M

Cybersecurity firm Socket has raised $40 million in a mid-stage funding round led by Abstract Ventures, with participation from investors like OpenAI Chairman Bret Taylor, Yahoo Co-Founder Jerry Yang, and Shopify CEO Tobias Lutke. Andreessen Horowitz also contributed to the round, which values the company at around $500 million, according to a source. Founded in 2021, Socket uses AI to detect and prevent threats in open source code and currently supports six programming languages. The company, which has raised $65 million to date, plans to expand its engineering, product, and design teams.

Meta’s New Facial ID Initiative

Meta, Facebook and Instagram's parent company, has introduced a new facial recognition initiative to enhance account security and combat fraud, especially celebrity impersonation scams. This method uses video selfies for quicker, more secure identity verification during account recovery. Users record short videos, moving their heads, which are compared to their profile pictures for authentication. Meta promises immediate deletion of facial data after verification and offers users the choice between automatic or manual review. The system also blocks fraudulent ads by matching faces in suspicious posts with official celebrity profiles.

Meta’s VP of content policy Monika Bickert said that “We immediately delete any facial data generated from ads for this one-time comparison regardless of whether our system finds a match, and we don’t use it for any other purpose.” But cybersecurity watch dogs are nevertheless on high alert.

While this technology boosts security, cybersecurity concerns arise around the use of facial recognition, such as data misuse, potential breaches, and privacy risks. This is especially true as Meta is currently aggressively training AI models with as much data as it can find.

Meanwhile, the tests won’t be run in the UK or EU, because those areas don’t allow biometrics to be used without explicit consent.

EU's AI Strategy Rapid Shift

Speaking of the EU’s AI policy, things might be changing quickly. Henna Virkkunen, nominated as the EU's head of tech sovereignty and security, aims to advance the use of AI and disruptive technologies, particularly for defense. In her responses to the European Parliament, she highlighted the EU's lag in AI and cloud adoption compared to China and the U.S., with only 8% of EU businesses using AI. To address this, she plans to propose an AI and Cloud Development Act focused on energy-efficient technology, large-scale investments, cybersecurity, and new Single Market standards.

New LLM Jailbreak Technique Uncovered

Cybersecurity researchers have uncovered a new technique called Deceptive Delight, which can be used to jailbreak large language models (LLMs) by sneaking harmful instructions between harmless ones during a conversation. Developed by Palo Alto Networks Unit 42, the method has a high attack success rate of 64.6% within just three conversational turns.

Unlike other jailbreak methods like Crescendo, Deceptive Delight gradually manipulates context to bypass safety guardrails. As the researchers said, “The concept behind Deceptive Delight is simple. LLMs have a limited “attention span,” which makes them vulnerable to distraction when processing texts with complex logic. Deceptive Delight exploits this limitation by embedding unsafe content alongside benign topics, tricking the model into inadvertently generating harmful content while focusing on the benign parts.”

Unit 42 tested eight AI models and found that violent topics had the highest success rate.

Researchers from Xidian University also explored a related technique, Context Fusion Attack, which conceals malicious intent by dynamically integrating harmful terms into contextual scenarios. 

MTAC Warns of Election Interference

With the U.S. presidential election just weeks away, Microsoft’s Threat Analysis Center (MTAC) issued a stark warning about evolving foreign influence operations from Russia, China, and Iran. In its fifth report, MTAC detailed efforts to exploit the high-stakes atmosphere by sowing doubts about election integrity.

Despite escalating tensions in the Middle East, Iran continues to target U.S. election activities, including attempts to stir anti-Israel sentiment and undermine the Trump campaign. Russian actors, meanwhile, have zeroed in on the Harris campaign, leveraging deepfakes and character attacks. China has shifted gears, targeting congressional Republicans and lawmakers like Senators Marsha Blackburn and Marco Rubio.

MTAC predicts a surge in AI-generated misinformation leading up to and immediately following Election Day, as bad actors aim to flood the digital landscape with divisive content. The report stresses vigilance, noting the potential for these efforts to shape public perception and destabilize confidence in the democratic process.

Interesting Read

Verizon: 2024 Data Breach Investigations Report

Verizon recently released their 2024 Data Breach Investigations Report. It draws insights from an enormous amount of activity that’s been going on in recent memory. After all, there were more than 10,000 major breaches last year—plenty to go on to find trends and hone in on the most salient issues of cyber security today.

While there is plenty to sort through in the full report, the major takeaway grabbing headlines is this: human error is responsible for 68% of successful cyber attacks.

Not poor policy. Not weak tools. Just good old fashioned human error—far and away the single biggest factor in the safety of data.

It’s easy to first see this as bad news. Eliminating human error is a pretty big ask of already strained cybersecurity teams.

And yet, there is also a lot of good news here. Because while you can’t eliminate human error, you can improve it.

Cybersecurity teams can spend more time filling in basic knowledge and awareness of staff at large. Policies can build in redundancies so that people end up actually changing their default password or using their work phone instead of their personal phone.

Of course, security awareness programs are not all made equal. But figuring out how to optimize these begins to address the internal security threats that make up the lion’s share of weaknesses organizations face.

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team