1. A FIFTH OF PASSWORDS USED BY FEDERAL AGENCY CRACKED IN SECURITY AUDIT BY DAN GOODIN

In a recent security audit of the US Department of the Interior, the department's inspector general found that more than a fifth of the passwords protecting its network accounts—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods. The audit also found the department's failure to consistently implement multi-factor authentication (MFA), which extended to 89% of its high-value assets. According to the final inspection report, “it is likely that if a well-resourced attacker were to capture Department AD password hashes, the attacker would have achieved a success rate similar to [the inspector general] in cracking the hashes.”

Read more

2. FCC PROPOSES STRONGER DATA BREACH RULES, FASTER NOTIFICATIONS FOR TELECOMS BY TONYA RILEY

The Federal Communications Commission on Friday launched a process to update its rules for how quickly telecommunication carriers notify consumers about breaches of sensitive information, which would require reporting breaches to law enforcement as soon as intrusions are discovered and immediately to consumers, as well, unless otherwise advised by authorities. Current FCC rules require that carriers that have more than 5,000 customers notify the FCC of a data breach within seven days of discovery, while breaches affecting fewer than 5,000 customers must be reported no later than 30 days. Learn more about the newly-proposed rule over at CyberScoop.

Read more

3. FAA OUTAGE THAT GROUNDED FLIGHTS BLAMED ON OLD TECH AND DAMAGED DATABASE FILE BY JON BRODKIN

The outage to the FAA's Notice to Air Missions (NOTAM) system, which caused the mass grounding of flights in the U.S. this past week, was reportedly caused by a damaged database file according to a recent FAA statement. The administration claims that there is still no evidence of a cyberattack. A CNN source close to the situation blamed the outage on old infrastructure, claiming that "because of budgetary concerns and flexibility of budget, [a] tech refresh has been pushed off." Read more about the NOTAM, its complexity, and why it took so long to return to normal operations.

Read more

4. ATTACKERS ARE ALREADY EXPLOITING CHATGPT TO WRITE MALICIOUS CODE BY JAI VIJAYAN

Researchers from Check Point Research (CPR) have reportedly spotted at least three instances where black hat hackers have demonstrated how they successfully leveraged ChatGPT’s capabilities for malicious purposes. In these instances, hackers were able to recreate the code for a known Python-based information stealer, generate a Python script that could be tweaked to create ransomware, and create an automated darkweb marketplace. Read more about experts' concerns over ChatGPT in the full story from Dark Reading.

Read more

5. 'COPYRIGHT INFRINGEMENT' LURE USED FOR FACEBOOK CREDENTIAL HARVESTING BY NATHAN EDDY

According to a recent report, hackers are leveraging Facebook copyright infringement notices to steal enterprise credentials. The social engineering attack reportedly sends users an email warning that because the page has uploaded a photo violating Facebook’s copyright infringement policy, the account will be permanently suspended unless they click on a link to appeal the decision. According to the report, the phishing emails are "fairly believable" outside of the sender's address, making the emails convincing enough to fool employees whose organizations rely heavily on Facebook advertising.

Read more