Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago - Enterprise-grade Cyber GRC Platform

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

CybersecurityHQ Update:

Exciting news! We're just days away from launching our AI Resume Builder, designed to help you stand out in your job search. Stay tuned for more updates—you won't want to miss it!

US water utility hit by cyberattack

Cybersecurity threats to utilities have been an ongoing concern through 2024, and now US water and sewage company American Water is reporting an incident on its webpage. In response, it has temporarily pulled its billing and customer service, along with several computers in its system.

The incident was initially noticed on October 3.

Luckily, the damage does not seem to be too extensive. The company said, “At this time, we currently believe that none of our water or wastewater facilities or operations have been negatively impacted by this incident. There will be no late charges or services shut off while [the online portal] MyWater remains unavailable.”

The New Jersey water company serves 14 million customers in 24 states.

This is another example of the cyber dimension to maintaining safe drinking water. Earlier this year, the US Environmental Protection Agency (EPA) even released an enforcement alert pushing for better protection against cyber attack for drinking water.

The EPA even released a fact sheet, with the help of CISA and the FBI, called Top Cyber Actions for Securing Water Systems. In it, a number of best practices were outlined, including reducing exposure to public-facing internet, changing default passwords immediately, backup OT/IT systems, and more.

That was in response to a growing wave of attacks on water supplies. Veolia North America and Southern Water in the UK were both targeted by ransomware attacks in late 2023 and early 2024. Around the same time, hackers linked to Iran (named Cyber Av3ngers) were accused of attacking the Municipal Water Authority of Aliquippa in Pennsylvania. And during this period, three water utilities in small towns in the Texas panhandle all suffered cyberattacks—one of which Mandiant linked to the Russian hacktivist group CyberArmyofRussia_Reborn.

Comcast data breach exposes SSNs

Social security numbers (SSNs) are among the most sensitive pieces of personal information that can be leaked, and apparently a breach exposed names, addresses, SSNs, and birthdates of more than 237,000 Comcast customers. It all traces back to a breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency Comcast used in the past.

The data is from 2021, but it was breached in February of this year. Altogether, 4.2 million people were affected—a number that continued to rise in the months after the initial disclosure in April.

But this is only the latest bad cybersecurity news for Comcast customers. In December 2023, the company disclosed a breach that impacted 35 million people—including names, contact information, partial SSNs, and birthdates.

For this latest data breach, Comcast is offering identity theft protection and credit monitoring.

Russia hit by hack, bans Discord

In Russia, a major hack and the shutting down of Discord are making waves in the cybersecurity world.

On October 7, the Russian state media company VGTRK suffered a major attack, which the Ukrainian government is taking credit for. In the attack, the company’s website, their station All-Russia State Television, their station Radio Broadcasting Company, and their station Rossiya-24 were down.

Ukraine claims their hackers did this to coincide with Russian President Vladimir Putin’s 72nd birthday.

And in other Russian news, the government has blocked Discord due to the company refusing to remove content that’s illegal in the country.

The rules in question are requirements the government says are intended to “prevent the use of the messenger for terrorist and extremist services, recruitment of citizens to commit them, for drug sales, and in connection with unlawful information posting.”

This was quickly followed up by a similar ban in Turkey in response to the platform hosting praise users shared of a 19-year-old who killed two young women.

In response, many users are now sharing VPN workarounds online.

Upgrade your subscription for exclusive access to member-only insights and services.

Upgrade to paid

Salt Typhoon hacks US telecom giants

Salt Typhoon, a hacking group believed to be tied to the Chinese government, are accused of hacking into major US broadband providers and potentially into government wiretap systems—all this according to reporting from The Wall Street Journal. Among the telecom companies affected are Verizon, AT&T, and Lumen Technologies.

It’s very possible that Salt Typhoon used their access to look at information gathered by these companies for the US government to fulfill wiretapping requests. Given the sensitivity of that information, the inclusion of this information would make for a major breach. On top of that, foreign intelligence surveillance may have also been included.

As more information comes in, we can determine if this is an unsettling hack or a major cybersecurity event.

Bizarre cybercrime tale uncovered

In a bizarre and shocking sequence of events, the parents of a 19-year-old Connecticut honors student, allegedly tied to a $243 million cryptocurrency heist, were carjacked just days after the heist occurred. While house-hunting in a brand-new Lamborghini, the couple was assaulted and briefly kidnapped by six Florida men in a failed ransom attempt.

Authorities report that the couple's son, Veer Chetal, is believed to be part of a sophisticated social engineering attack that led to the massive cryptocurrency theft from a Washington, D.C. victim. Despite not being charged, Chetal's alleged involvement surfaced through crypto investigator ZachXBT, who traced the heist back to Chetal and others through leaked Discord chats.

The suspects, aged 18 to 26, were apprehended after a high-speed chase and face charges including assault and kidnapping. The heist's proceeds, funneled into luxury goods, fueled the lavish lifestyles of the conspirators.

This incident underscores the growing convergence of cybercrime and real-world violence among elite cybercriminal groups.

Read the full story on KrebsOnSecurity

Zero-day exploits abound in a week of major updates

On Tuesday, Microsoft issued an urgent warning about a newly discovered zero-day vulnerability (CVE-2024-43572), this time affecting the Windows Management Console (MMC). Why the urgency? The company says the flaw is actively being exploited, giving attackers the ability to use malicious Microsoft Saved Console files to execute code on targeted systems.

This make’s Microsoft’s latest patch rollout especially important. It also makes for the tech giant’s 23rd zero-day exploit this year.

Along with fixing this issue, the updates address critical remote code execution flaws in Visual Studio Code’s Arduino extension, Remote Desktop Protocol Server, and Microsoft Configuration Manager. Another urgent issue, CVE-2024-43573, involves a vulnerability in the MSHTML platform used in Internet Explorer mode within Microsoft Edge.

In similar news, Monday saw Qualcomm release a security advisory for 20 vulnerabilities— including a potential zero-day (CVE-2024-43047), which may already be under limited exploitation, according to Google’s Threat Analysis Group (TAG) and Amnesty International.

The flaw, classified as a high-severity use-after-free issue in the DSP service, affects over 60 Qualcomm chipsets, including Snapdragon, FastConnect, and others.

It’s believed to have been exploited by a commercial spyware vendor, potentially targeting Android devices. While Qualcomm has created a patch, it may take time to reach end users, and many devices that are not regularly updated might never receive the fix.

Internet Archive breach exposes 31 million user emails amid DDoS attacks

On Wednesday, the Internet Archive confirmed a significant data breach, following an illicit JavaScript pop-up on its site. Security researcher Troy Hunt, founder of Have I Been Pwned (HIBP), verified the breach, revealing that 31 million unique email addresses, bcrypt password hashes, and other system data were stolen in September.

The breach was compounded by aggressive distributed denial-of-service (DDoS) attacks, intermittently disabling the Archive's services. Despite Hunt's efforts to encourage early disclosure, the organization delayed due to ongoing attacks.

Founder Brewster Kahle confirmed that security upgrades are underway. The hacktivist group BlackMeta claimed responsibility for the DDoS attacks, though the breach perpetrators remain unknown.

The Internet Archive faces a mounting series of challenges, including a major copyright lawsuit and multiple DDoS incidents. Hunt emphasized the importance of supporting the nonprofit, given its critical role in preserving digital history.

Interesting Read

Kill List by Carl Miller

Carl Miller’s latest LinkedIn post runs through a fascinating podcast that goes into the darkest depths of cybersecurity—"Kill List," a gripping investigative series that just released all eight episodes. Five years ago, a hacker discovered a vulnerability in a dark web hitman-for-hire site, exposing kill orders and payments in real time. Shocked by just how many there were (dozens going gup all the time), Miller and a secret team took immediate action, tracking down information and even warning targets when law enforcement didn't.

But a twist, as often happens in these situations, adds a bizarre bend to the story.

The site wasn’t actually sending hitmen. They were content to take money. But the real threat came from the clients who, once they couldn’t get the kills they wanted, looked to execute these orders themselves. 

The police effort quickly escalated to involve the FBI, Interpol, and multiple countries, leading to 175 life-saving threat orders. Despite constant danger and uncertainty, Miller and his team pressed on, often inventing strategies on the fly.

It’s a great story, well worth a binge.

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team