Welcome to this week’s edition of Nomios Weekly CyberWednesday, where we bring you the most important cybersecurity and networking updates worldwide. This week’s news covers significant incidents, new vulnerabilities, and evolving threats that could affect IT professionals and large enterprises across Europe.
1. Meta Fined €91 million for storing millions of Facebook and Instagram Passwords in plaintext
The Irish Data Protection Commission (DPC) has fined Meta a substantial €91 million for failing to comply with GDPR regarding user data security. The fine follows an investigation into a March 2019 incident where Facebook and Instagram user passwords were found stored in plaintext. The DPC found that Meta had breached several GDPR articles by failing to secure this data and by neglecting to notify regulators in a timely manner.
This incident underlines the risks of improperly handling sensitive data and the need for businesses to employ strong encryption practices to protect user credentials. Meta’s oversight allowed over 2,000 engineers to make millions of queries to access plaintext passwords between 2012 and 2019. While Meta states that no evidence shows misuse of these passwords, the lapse raises serious concerns about internal security practices. For organisations in Europe, this case is a reminder to ensure compliance with GDPR and implement robust data protection measures. Source: The Hacker News
2. Microsoft: Cloud environments of US organisations targeted in ransomware attacks
Microsoft has identified an alarming trend of hybrid cloud environments being increasingly targeted by the ransomware group Storm-0501. This group, known for financially motivated attacks, has been using a mix of commodity and open-source tools to breach various sectors, including government, law enforcement, and manufacturing. Storm-0501's primary method involves moving laterally between on-premises and cloud systems, exploiting weak credentials and vulnerabilities in tools like Citrix NetScaler, Zoho ManageEngine, and Adobe ColdFusion.
The attack pattern involves using compromised credentials to gain admin-level access and deploy remote management tools, which allow for further lateral movement. Microsoft warns that once inside a cloud environment, the attackers create persistent backdoor access, steal sensitive data, and deploy ransomware like Alphv/BlackCat and LockBit across victim networks. This news is particularly concerning for organisations that manage hybrid cloud infrastructures, as it highlights the importance of securing access points and regularly patching known vulnerabilities. Source: Securityweek.com
3. ChatGPT macOS flaw could've enabled long-term spyware via memory function
A newly discovered vulnerability in ChatGPT’s macOS app could have led to long-term spyware infections on users’ systems. The flaw, dubbed "SpAIware," allowed attackers to exploit the AI tool’s memory feature to capture sensitive information from users' past and future conversations. ChatGPT’s memory function was designed to remember certain user details across chats to enhance user experience, but this feature became a liability when attackers manipulated it to exfiltrate data over multiple sessions.
The risk was exacerbated by the fact that deleting individual chats did not clear the AI's memory, potentially leaving sensitive information accessible for extended periods. Attackers could trick users into visiting malicious websites or downloading compromised files, thereby embedding instructions into the AI’s memory. While OpenAI has patched this issue, it serves as a warning to organisations using AI tools that collect and process sensitive data—especially in enterprise settings where data security is critical. Source: The Hacker News
4. Millions of Kia cars vulnerable to remote hacking
A massive security flaw in Kia’s vehicle management system could have allowed attackers to take control of key vehicle functions, including unlocking doors, starting engines, and tracking vehicles remotely. Security researcher Sam Curry discovered that attackers could use a car's license plate to exploit these vulnerabilities and execute commands through Kia's backend API. The flaws extended across all Kia vehicles manufactured after 2013, affecting millions of cars globally.
The vulnerability arose from issues in Kia’s dealer and owner portals, which could execute internet-to-vehicle commands without proper validation. Attackers could harvest personal information, such as the owner’s email, phone number, and address, and add themselves as secondary users on the vehicle account—without notifying the original owner. Kia has since patched the vulnerabilities after being informed by the researchers in mid-2024, but this incident highlights the risks of connected IoT systems and the need for continuous security monitoring. Source: Securityweek.com
5. Five Eyes agencies release guidance on detecting Active Directory intrusions
In a coordinated effort, the cybersecurity agencies of the Five Eyes alliance have released joint guidelines on how organisations can detect and mitigate compromises in Microsoft Active Directory (AD). Active Directory is a crucial component in most enterprise IT infrastructures, used for authentication and access control. However, its complex configuration and default settings make it a prime target for attackers, who often exploit AD to gain full access to corporate networks.
The guidelines suggest adopting a tiered access model, such as Microsoft’s Enterprise Access Model, which helps prevent high-tier credentials from being exposed to lower-tier systems. The report also recommends using "canary objects" within AD, which act as early warning systems to detect Kerberoasting and DCSync attacks. By addressing these AD security risks, organisations can protect their networks from long-term compromises, ensuring that even sophisticated attackers face higher detection risks. Source: Securityweek.com
6. North Korean hackers linked to breach of German missile manufacturer
North Korean state-sponsored hacking group Kimsuky, also known as APT43, has been implicated in the breach of Diehl Defence, a German company specialising in missile production. The attackers gained access through a sophisticated spear-phishing campaign, where employees were sent job offers disguised as opportunities with American defence contractors. By using malicious PDFs and well-crafted social engineering, the attackers were able to infiltrate the company’s systems.
The attack is significant not only because Diehl Defence produces missiles for various countries, but also because it highlights the vulnerability of defence contractors to state-sponsored cyber espionage. Kimsuky has been known to target organisations globally in support of North Korea’s nuclear ambitions. European defence companies should remain on high alert as state actors increasingly target critical infrastructure in their cyber campaigns. Source: Securityweek.com
7. Shadow AI, data exposure plague workplace chatbot use
As more companies incorporate generational AI tools like ChatGPT and Grammarly into their workflows, many employees are unknowingly sharing sensitive data with these platforms. A survey from the National Cybersecurity Alliance (NCA) revealed that 38% of workers had shared proprietary information with AI tools without their employer's permission. These actions can lead to significant data exposure risks, as AI tools typically store the data inputted by users, making it retrievable later.
Some companies, such as Samsung, have already experienced high-profile incidents involving AI data exposure. As AI usage continues to grow, businesses must prioritise training employees on the risks of sharing sensitive information with AI platforms. Additionally, organisations should develop policies that restrict the types of data employees can input into these tools to prevent unintentional leaks of proprietary information. Source: Dark Reading
8. CrowdStrike apologises for global service disruption
In July 2024, CrowdStrike issued a faulty content configuration update that caused millions of Windows systems to crash globally. The update led to widespread service outages, impacting businesses, government agencies, and critical infrastructure. CrowdStrike senior vice president Adam Meyers recently testified before the U.S. House Committee on Homeland Security, where he described the incident as the result of a "perfect storm" of unforeseen technical issues.
The disruption prompted serious concerns about the company’s testing and validation processes, particularly as it serves a large number of high-profile clients in sensitive sectors. Since the incident, CrowdStrike has made several changes to its update process, including more rigorous testing, phased rollouts, and enhanced customer control over when updates are applied. This incident serves as a reminder to organisations relying on third-party security providers to ensure their business continuity plans are robust enough to handle similar outages. Source: Dark Reading
9. U.S. indicts Russian hackers behind Joker’s Stash and Cryptex
The U.S. government has sanctioned and indicted two top Russian hackers responsible for operating Joker’s Stash, one of the largest carding platforms on the dark web, and Cryptex, a cryptocurrency exchange used to launder stolen funds. Joker’s Stash sold millions of payment card details stolen from major retailers, while Cryptex facilitated large ransomware transactions, including a record $75 million ransom paid by a Fortune 50 company.
These indictments come as part of a broader effort by law enforcement to crack down on cybercriminal networks involved in carding and ransomware operations. The case serves as a stark reminder of the global nature of cybercrime and the importance of international cooperation in combatting these sophisticated criminal operations. European enterprises should remain vigilant, as the effects of these operations can ripple across the financial and retail sectors worldwide. Source: Krebs on Security
10. Microsoft’s Windows recall AI tool returns with enhanced encryption and security
After facing significant backlash over privacy concerns, Microsoft has re-released its Windows Recall AI tool with major security enhancements. The tool, which uses AI to create a searchable memory of users' activities on their Windows devices, now includes proof-of-presence encryption, anti-tampering checks, and data isolation within secure enclaves.
These new features are designed to prevent misuse of the tool, ensuring that sensitive user data remains protected. Windows Recall is now an opt-in service, allowing users to choose whether or not the tool is enabled. These changes highlight Microsoft’s ongoing efforts to balance AI-powered innovation with strong privacy and security safeguards, making the tool safer for enterprise use. Source: Securityweek.com
Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.
Get in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.